From 7322f3796bf678e58198e6a520bf6684dfe71aaa Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <daniel.wozniak@broadcom.com>
Date: Sat, 25 May 2024 21:32:45 -0700
Subject: [PATCH] Enforce valid publish_signing_algorithm config

---
 salt/config/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/salt/config/__init__.py b/salt/config/__init__.py
index 823e6ebaa7a..0af8c0c1f46 100644
--- a/salt/config/__init__.py
+++ b/salt/config/__init__.py
@@ -4129,6 +4129,12 @@ def apply_master_config(overrides=None, defaults=None):
     _update_ssl_config(opts)
     _update_discovery_config(opts)
 
+    if opts["publish_signing_algorithm"] not in salt.crypt.VALID_SIGNING_ALGORITHMS:
+        raise salt.exceptions.SaltConfigurationError(
+            f"The  publish signging algorithm '{opts['publish_signing_algorithm']}' is not valid. "
+            f"Please specify one of {','.join(salt.crypt.VALID_SIGNING_ALGORITHMS)}."
+        )
+
     return opts