Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 in SendToHelix.proj #5809
Conversation
Instead of hardcoding this in the Helix image, see dotnet/dotnet-buildtools-prereqs-docker#1391
|
Test failure looks to have just been a test infrastructure blip and nothing to do with the tests themselves. While I have no problem with this being in our pipeline setup, I am slightly concerned about there being zero need for this in the dotnet/runtime side. I fully understand that we shouldn't choose to use SHA1 for hashing, but we absolutely should be having tests to make sure validation of things like xml dsig signatures correctly validate (which is the consumption side of SHA1, not the generation side). Sometimes specs outside of our control require support for SHA1 and we should validate those scenarios (which is why WCF has a need for this). Also SHA1 isn't considered broken when using in an HMAC, only when used as a raw hashing function so there are still some legitimate (although pre-emptively discouraged) uses for SHA1. |
|
Tests have been adjusted on dotnet/runtime in these environments, e.g. dotnet/runtime#70821. If it only affects a couple specific tests maybe something similar would work for WCF instead of the env variable? |
Instead of hardcoding this in the Helix image, see dotnet/dotnet-buildtools-prereqs-docker#1391