[openssh-commits] [openssh] branch V_10_3 updated: Re-enable SHA1 sigs in OpenSSL on Cygwin for tests.

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch V_10_3
in repository openssh.

The following commit(s) were added to refs/heads/V_10_3 by this push:
     new c5e256929 Re-enable SHA1 sigs in OpenSSL on Cygwin for tests.
c5e256929 is described below

commit c5e25692941037bc6f4016aed4c7f96586b8988f
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Mon Apr 27 20:51:17 2026 +1000

    Re-enable SHA1 sigs in OpenSSL on Cygwin for tests.
    
    Recently Cygwin imported changes from Fedora which disable SHA1
    signatures by default.  This breaks the unit tests (and a couple of
    regression tests), so set rh-allow-sha1-signatures=yes in the OpenSSL
    config to re-enable them.
---
 .github/setup_ci.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index e1b3dcf04..88f930660 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -30,6 +30,10 @@ case "$host" in
 	takeown /F regress
 	icacls regress
 	set +x
+	echo Enabling OpenSSL rh-allow-sha1-signatures for unit tests.
+	cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.bak
+	sed -i -e '/\[ default_modules \]/a alg_section = evp_properties\n[evp_properties]\nrh-allow-sha1-signatures = yes\n' /etc/pki/tls/openssl.cnf
+	diff -u /etc/pki/tls/openssl.cnf.bak /etc/pki/tls/openssl.cnf
 	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
 	PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel"
 	;;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.