Check that we can verify a signature at initialisation time [v9_18]
requested to merge 3469-auto-disable-rsasha1-and-nsec3rsasha1-when-not-supported-by-the-os-v9_18 into v9_18
Fedora 33 doesn't support RSASHA1 in future mode. There is no easy check for this other than by attempting to perform a verification using known good signatures. We don't attempt to sign with RSASHA1 as that would not work in FIPS mode. RSASHA1 is verify only.
The test vectors were generated using OpenSSL 3.0 and util/gen-rsa-sha-vectors.c. Rerunning will generate a new set of test vectors as the private key is not preserved.
e.g.
cc util/gen-rsa-sha-vectors.c -I /opt/local/include
-L /opt/local/lib -lcrypto
(cherry picked from commit cd3f0087)
Closes #3469 (closed)
Edited by Mark Andrews