On 07/30/2017 05:57 PM, Baptiste Jonglez wrote: > From: Baptiste Jonglez <g...@bitsofnetworks.org> > > Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. > This breaks openvpn clients that try to connect to servers that > present a TLS certificate signed with SHA1, which is fairly common. > > Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. > > Fixes: FS#942 > > Signed-off-by: Baptiste Jonglez <g...@bitsofnetworks.org>
I agree to put this into LEDE 17.01 and the master branch for now. There are probably a lot of old certificates out there that are still in use and are SHA1. As the public CAs are not issuing any SHA1 certificates any more and creating a own certificate and not just modifying an existing is certificate is harder, I think there is no big security problem here. If nobody disagrees I would merge this in one week. Hauke _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev