From 94622630bd6eea0cf367b39311cc24449279b69c Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Wed, 8 Jan 2025 21:14:09 +0100
Subject: [PATCH] Fedora 41 also doesn't allow SHA-1 apparently.

Ref: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
---
 .../targets/openssh_cert/tests/key_idempotency.yml        | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
index d66886a0d..71bef8543 100644
--- a/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
+++ b/tests/integration/targets/openssh_cert/tests/key_idempotency.yml
@@ -74,9 +74,11 @@
         assert:
           that:
             - second_signature_algorithm is changed
-      # RHEL9 disables SHA-1 algorithms by default making this test fail with a 'libcrypt' error. Other systems which
-      # impose a similar restriction may also need to skip this block in the future.
-      when: not (ansible_facts['distribution'] == "RedHat" and (ansible_facts['distribution_major_version'] | int) >= 9)
+      # RHEL9 and Fedora 41 disable the SHA-1 algorithms by default, making this test fail with a 'libcrypt' error.
+      # Other systems which impose a similar restriction may also need to skip this block in the future.
+      when:
+        - not (ansible_facts['distribution'] == "RedHat" and (ansible_facts['distribution_major_version'] | int) >= 9)
+        - not (ansible_facts['distribution'] == "Fedora" and (ansible_facts['distribution_major_version'] | int) >= 41)
 
     - name: Omit signature algorithm
       openssh_cert: