Fix tls-proxy on newer versions of openssl
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
diff --git a/lib/tls b/lib/tls
index b3cc0b4..5a7f5ae 100644
--- a/lib/tls
+++ b/lib/tls
@@ -169,7 +169,7 @@
[ req ]
default_bits = 1024
-default_md = sha1
+default_md = sha256
prompt = no
distinguished_name = req_distinguished_name
@@ -261,7 +261,7 @@
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request
$OPENSSL req \
- -sha1 \
+ -sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/$cert_name.key \
@@ -301,7 +301,7 @@
if [ ! -r "$ca_dir/cacert.pem" ]; then
# Create a signing certificate request
$OPENSSL req -config $ca_dir/ca.conf \
- -sha1 \
+ -sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/cacert.key \