Foreman » Installer

I know why it blocks SHA1 but after some research I found out that the check is not covering all cases.
We use a custom CA Bundle which includes SHA1 Root CA and SHA 256 SUB CAs.

Foreman with Katello uses a Certificate which is created from one of the Sub CAs. Foreman is working correctly with this setup and after removing the SHA1 check
from the katello-certs-check I was able to update to Foreman 3.14 without a Problem.

I have tested, the in https://issues.redhat.com/browse/SAT-29322 mentioned test, `/opt/puppetlabs/puppet/bin/curl https://$(hostname -f)/rhsm/status --cacert /root/weak_ca/sha1/ca.crt` with our bundle which inludes SHA1 and SHA256 and did not get any error.
The used openssl lib seems to to check this correctly https://github.com/openssl/openssl/blob/3423c30db3aa044f46e1f0270e2ecd899415bf5f/crypto/x509/x509_vfy.c#L210

I think the SHA1 CA check must be reworked.