On Wed, Jan 22, 2020 at 3:42 PM Brandon Sawyers <[email protected]> wrote: > > Hello everyone: > > A recent package upgrade in ubuntu 1604 (v3.4.10-4ubuntu1.6) and 1804 > (v3.5.18-1ubuntu1.2) has left us without SHA1 support. Since we are still in > the process of migrating our last services off of SHA1 with a target date of > April this has put us in a pickle. > > From reading the docs I expect I should be able to use priority and allow > SHA1 to function, however making this work has been rather frustrating. > > I've tried several different versions of the following command but I would > expect just having "NORMAL:+SIGN-RSA-SHA1:+SHA1" priority set should work. > > `gnutls-bin --x509cafile ./cachain-with-sha1-signed-cert.pem > --priority='NORMAL:+SIGN-RSA-SHA1:+SHA1' -p 636 internal.directory.org`
Have you tried appending %VERIFY_ALLOW_SIGN_WITH_SHA1? The available priority strings are documented in: https://gnutls.org/manual/html_node/Priority-Strings.html regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
