Blame SOURCES/libreswan-3.32-1861360-nodefault-rsa-pss.patch

e84ee2
diff -Naur libreswan-3.32-orig/lib/libipsecconf/confread.c libreswan-3.32/lib/libipsecconf/confread.c
e84ee2
--- libreswan-3.32-orig/lib/libipsecconf/confread.c	2020-07-28 20:25:54.618261606 -0400
e84ee2
+++ libreswan-3.32/lib/libipsecconf/confread.c	2020-07-28 20:28:03.952421236 -0400
e84ee2
@@ -1498,9 +1498,14 @@
e84ee2
 			} else if (streq(val, "rsasig") || streq(val, "rsa")) {
e84ee2
 				conn->policy |= POLICY_RSASIG;
e84ee2
 				conn->policy |= POLICY_RSASIG_v1_5;
e84ee2
+				/*
e84ee2
+				 * These cause failure with RSA 1024 bits because it uses RSA-PSS
e84ee2
+				 */
e84ee2
+#if 0
e84ee2
 				conn->sighash_policy |= POL_SIGHASH_SHA2_256;
e84ee2
 				conn->sighash_policy |= POL_SIGHASH_SHA2_384;
e84ee2
 				conn->sighash_policy |= POL_SIGHASH_SHA2_512;
e84ee2
+#endif
e84ee2
 			} else if (streq(val, "never")) {
e84ee2
 				conn->policy |= POLICY_AUTH_NEVER;
e84ee2
 			/* everything else is only supported for IKEv2 */