All
Thanks for productive meetings, and thank you Mr Hoffman for minute taking.
I've uploaded them into the datatracker earlier this week, and want to
include the Chair's actions we have taken away. We will prioritize these
later this week during our chairs call.
thanks
tim
---
# DNSOP IETF121
On 18. 11. 24 15:37, Paul Wouters wrote:
On Sun, 17 Nov 2024, Philip Homburg wrote:
[indeed a bit offtopic]
Correct, it is now compiled using --disable-sha1. I think it would be
better to enable this again, assuming unbound now has proper code to
detect if sha1 is failing or not during runtime.
On Sun, 17 Nov 2024, Philip Homburg wrote:
[indeed a bit offtopic]
Use OPENSSL_CONF environment to point to conf file containing:
.include = /etc/ssl/openssl.cnf
[evp_properties]
rh-allow-sha1-signatures = yes
That is all needed to get SHA1 verification in DNSSEC back, without
accepting SHA1
Yes, I know it does not help now. In fact what blocked me on enabling it
in the build were not passing unit tests and other tests after the
build. I solved them by using this recipe at Fedora [1]. I will try to
enable it in new minor RHEL versions, but already published releases
will probably s
