On 2020-07-27 20:40:39+0300, Tomi Ollila <tomi.ollila@iki.fi> wrote: > On Mon, Jul 27 2020, Đoàn Trần Công Danh wrote: > > > On some systems (notably, the one shipped with LibreSSL), > > default fingerprint digest algorithm is SHA256. > > > > On other systems, users can change default digest algorithm by changing > > default_md in /etc/ssl/default_md. > > > > Let's ask openssl to provide us specific algorithm to make the test > > more deterministic. > > > > Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com> > > --- > > test/T355-smime.sh | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/test/T355-smime.sh b/test/T355-smime.sh > > index f8cec62c..8b2b52be 100755 > > --- a/test/T355-smime.sh > > +++ b/test/T355-smime.sh > > @@ -6,7 +6,7 @@ test_description='S/MIME signature verification and decryption' > > test_require_external_prereq openssl > > test_require_external_prereq gpgsm > > > > -FINGERPRINT=$(openssl x509 -fingerprint -in "$NOTMUCH_SRCDIR/test/smime/key+cert.pem" -noout | sed -e 's/^.*=//' -e s/://g) > > +FINGERPRINT=$(openssl x509 -sha1 -fingerprint -in "$NOTMUCH_SRCDIR/test/smime/key+cert.pem" -noout | sed -e 's/^.*=//' -e s/://g) > > Looks good to me -- provided that this `-sha1` option is known by all > openssl(1) commmands we expect to be supported... If you meant commands as is version and clone, it should be good. Since -sha1 has been known to openssl as far as 9868232ae1 (Initial trust code: allow setting of trust checking functions in a table. Doesn't do too much yet., 1999-11-27), [1] And it's still available in OpenSSL 3.0.0 alpha 5. LibreSSL is forked from OpenSSL 1.0.1g and the current version also supported that option. So, I think we should be fine. [1]: https://github.com/openssl/openssl/commit/9868232ae1#diff-f48b02166abaa1faa6c10358046a8fb2R125 -- Danh _______________________________________________ notmuch mailing list -- notmuch@notmuchmail.org To unsubscribe send an email to notmuch-leave@notmuchmail.org