Univention Bugzilla – Bug 55596
preup.sh and pre-update-checks-5.0-0 don't check ucs-sso cert for weak CA signature digest algorithm
Last modified: 2023-01-25 15:32:46 CET
During the update from UCS 4.4-9 to UCS 5.0-0 this error message causes problems during the update: ======= Try to download idp metadata (60/60) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed ^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: CA signature digest algorithm too weak More details here: https://curl.haxx.se/docs/sslcerts.html ======= I guess it's univention-saml trying to download the idp metadata file and curl detects Bug #53013 but for the "ucs-sso.$domainname". The pre-update check function update_check_sha1_signature_is_used only checks the certificate of the host (primary in this case), but not the cert for ucs-sso.