CloudFront silently fail to generate signature when SHA-1 not available

[DocLM]

Describe the bug

On recent RHEL/RockyLinux/Alma 9 the default system security policies disable SHA-1.

This cause CloudFrontClient to silently fail signature generation in getSignedUrl when using openssl_sign function and generate an URL with empty signature.

Expected Behavior

An exception or a log that mention the issue.

Current Behavior

Generate the URL but with empty signature

Reproduction Steps

Run getSignedUrl on RHEL/Alma/RockyLinux with default crypto policies or another system without SHA-1 available in OpenSSL.

Possible Solution

Throw an exception when feature not available
See #2590

Additional Information/Context

No response

SDK version used

3.252.1

Environment details (Version of PHP (php -v)? OS name and version, etc.)

PHP 8.1.8 (cli) (built: Jul 5 2022 21:55:55) (NTS gcc x86_64) - Rocky Linux release 9.1 (Blue Onyx)

[yenfryherrerafeliz]

Hi @DocLM, thanks for opening this issue. I feel that openssl should throw an error when a cipher is not available.
I reviewed your PR and it looks good for me, however, it also needs to be reviewed by the team.

I will get back to you as soon as possible.

Thanks!

[danielchristianschroeter]

I had the same issues from RHEL 8 to RHEL 9 upgrade with signed cookies for Cloudfront. No value for CloudFront-Signature will be returned. After re-enable SHA-1 with "update-crypto-policies --set DEFAULT:SHA1" now CloudFront-Signature value is returned.

When will you fix it?

[yenfryherrerafeliz]

Hi, I am closing this issue since it was fixed by the following PR.

Thank you!

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.