]> Cypherpunks.ru repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: efbe17d) | patch
crypto/x509: only disable SHA-1 verification for certificates
authorRoland Shoemaker <roland@golang.org>
Mon, 21 Mar 2022 18:58:08 +0000 (11:58 -0700)
committerGopher Robot <gobot@golang.org>
Mon, 4 Apr 2022 16:49:52 +0000 (16:49 +0000)
commit35998c010947d3a5a26409fffcb4ed16c3595850
treee8b95ea4e389c6433e27cef4b29fee34a14505aftree
parentefbe17d6f1f016616453d43208200ebf4a45d87ccommit | diff
crypto/x509: only disable SHA-1 verification for certificates

Disable SHA-1 signature verification in Certificate.CheckSignatureFrom,
but not in Certificate.CheckSignature. This allows verification of OCSP
responses and CRLs, which still use SHA-1 signatures, but not on
certificates.

Updates #41682

Change-Id: Ia705eb5052e6fc2724fed59248b1c4ef8af6c3fe
Reviewed-on: https://go-review.googlesource.com/c/go/+/394294
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Jordan Liggitt <liggitt@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
src/crypto/x509/verify.go diff | blob | history
src/crypto/x509/x509.go diff | blob | history
src/crypto/x509/x509_test.go diff | blob | history
Go GOST TLS 1.3