Closed kofemann closed 2 months ago
Motivation: The out-of-box version of ProxyCSRGenerator#generate from CAnL uses SHA1 for proxy delegation, which is banned by modern OSes.
https://github.com/eu-emi/canl-java/issues/122
Modification: add a custom copy ProxyCSRGenerator#generate that uses sha256WithRSAEncryption
Result: RHEL9 clients works with proxy delegation without enabling SHA1
Acked-by: Dmitry Litvintsev Target: master, 10.0, 9.2 Require-book: no Require-notes: yes (cherry picked from commit 7648539bf054c51c8d3f5812500d456e488a0284)
Motivation: The out-of-box version of ProxyCSRGenerator#generate from CAnL uses SHA1 for proxy delegation, which is banned by modern OSes.
https://github.com/eu-emi/canl-java/issues/122
Modification: add a custom copy ProxyCSRGenerator#generate that uses sha256WithRSAEncryption
Result: RHEL9 clients works with proxy delegation without enabling SHA1
Acked-by: Dmitry Litvintsev Target: master, 10.0, 9.2 Require-book: no Require-notes: yes (cherry picked from commit 7648539bf054c51c8d3f5812500d456e488a0284)