Bug #26119: puppet-certs uses md5 internally to check for difference between expected and actual certs (might break in FIPS) - Installer - Foreman

Actions

Copy link

Bug #26119

closed

puppet-certs uses md5 internally to check for difference between expected and actual certs (might break in FIPS)

Added by Ivan Necas almost 6 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ivan Necas

Category:

Foreman modules

Target version:

Foreman - 1.22.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/puppet-certs/pull/246

Fixed in Releases:

Foreman - 1.21.1, Foreman - 1.22.0

Found in Releases:

Red Hat JIRA:

Description

There is 0 security implication of this issue and it doesn't break with puppet in FIPS either, as
by default, puppet is statically linked with their openssl distribution. We should however
not consciously use md5 and other non-FIPS compliant algorithms.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #26119

puppet-certs uses md5 internally to check for difference between expected and actual certs (might break in FIPS)

Updated by The Foreman Bot almost 6 years ago

Updated by Ewoud Kohl van Wijngaarden almost 6 years ago

Updated by Ewoud Kohl van Wijngaarden almost 6 years ago

Updated by Ewoud Kohl van Wijngaarden over 5 years ago