Skip to content

Commit

Permalink
Update bin/katello-certs-check
Browse files Browse the repository at this point in the history 
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
  • Loading branch information
@ehelms @ekohl
ehelms and ekohl authored Dec 13, 2024
1 parent 5b7ede1 commit 3e3ae38
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion bin/katello-certs-check
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ function check-shortname () {

function check-ca-signing-algorithm () {
printf "Checking CA signing algorithm for sha1: "
CHECK=$(openssl crl2pkcs7 -nocrl -certfile $CA_BUNDLE_FILE | openssl pkcs7 -print | grep algorithm | grep -q 'sha1WithRSAEncryption')
CHECK=$(openssl crl2pkcs7 -nocrl -certfile "$CA_BUNDLE_FILE" | openssl pkcs7 -print | grep algorithm | grep -q 'sha1WithRSAEncryption')
if [[ $? == "0" ]]; then
error 4 "The file '$CA_BUNDLE_FILE' contains a certificate signed with sha1 and will break installation. Update the server CA certificate and its chain with one signed by sha256 or stronger."
else
Expand Down

0 comments on commit 3e3ae38

Please sign in to comment.