On Wed, Jul 15, 2020 at 04:47:01PM +0100, Daniel P. Berrangé wrote: > The unit tests using the x509 crypto functionality have started > failing in Fedora 33 rawhide with a message like > > The certificate uses an insecure algorithm > > This is result of Fedora changes to support strong crypto [1]. RSA
It looks like the reference [1] is supposed to resolve to the following URL: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 Whoever is applying the patch might want to tweak the commit. FWIW: Reviewed-by: Kashyap Chamarthy <kcham...@redhat.com> > with 1024 bit key is viewed as legacy and thus insecure. Generate > a new private key which is 3072 bits long and reasonable future > proof. > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > --- > > Changed in v2: > > - ALso fix the I/O tests key > - Use RSA key again instead of EC, since it is needed > for the real TLS sessions in the I/O tests > > tests/crypto-tls-x509-helpers.c | 59 ++++++++++++++++++++++----------- > tests/qemu-iotests/common.tls | 57 +++++++++++++++++++++---------- > 2 files changed, 79 insertions(+), 37 deletions(-) > [...] -- /kashyap