Workaround for "SSL_CTX_use_certificate:ca md too weak"
I'm upgrading a server application from using OpenSSL 1.0.2n to using OpenSSL 1.1.0g.
I noticed that after the upgrade, some SSL certs get rejected because they use an MD5 digest, with the error:
"SSL_CTX_use_certificate:ca md too weak"
While I could ask clients to get a better CA certificate, it takes some of them a long time to do so. I was wondering if there's a way I could compile/configure the OpenSSL on my server to accept those certificates after all. Does anyone know?