Support for SHA256/SHA512 checksumming

[Brantley West]

I'm running into an issue using Ansible and MD5 checksumming on a FIPS compliant CentOS KVM system (ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips).  Unfortunately FIPS-compliant systems/software typically disallow use of MD5 due to collision attack vulnerabilities.  Is it possible to add support for SHA256 or SHA512 checksumming, and possibly make it the default option?  I'm happy to write up a GitHub Issue if needed.

-bw

[Michael DeHaan]

Basically referring to the logic to decide if a file needs to be transferred or not?

A GitHub issue doesn't really do us a lot of good - Open Source is about itch scratching and the likelihood of someone else wanting to scratch your particular itch might be low - but a pull request would be interesting to see.

I'd probably expect to see something configurable in ansible.cfg

On Tue, Sep 9, 2014 at 10:44 AM, Brantley West <cbw...@gmail.com> wrote:

I'm running into an issue using Ansible and MD5 checksumming on a FIPS compliant CentOS KVM system (ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips).  Unfortunately FIPS-compliant systems/software typically disallow use of MD5 due to collision attack vulnerabilities.  Is it possible to add support for SHA256 or SHA512 checksumming, and possibly make it the default option?  I'm happy to write up a GitHub Issue if needed.

-bw

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/021297ae-5f6b-4a58-a820-96ac134503c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.