]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c6ba470) | patch
[release-branch.go1.18] crypto/x509: only disable SHA-1 verification for certificates
authorRoland Shoemaker <roland@golang.org>
Mon, 21 Mar 2022 18:58:08 +0000 (11:58 -0700)
committerCherry Mui <cherryyz@google.com>
Tue, 5 Apr 2022 15:01:00 +0000 (15:01 +0000)
commitabb3f055246cfda3ca7d4cd2179c636ce207c265
tree1a063bef75a6be4a31e9952d9e194dfd0a0330ddtree
parentc6ba470316579d80f581ef44b3210b75b3436199commit | diff
[release-branch.go1.18] crypto/x509: only disable SHA-1 verification for certificates

Disable SHA-1 signature verification in Certificate.CheckSignatureFrom,
but not in Certificate.CheckSignature. This allows verification of OCSP
responses and CRLs, which still use SHA-1 signatures, but not on
certificates.

Updates #41682
Fixes #51852

Change-Id: Ia705eb5052e6fc2724fed59248b1c4ef8af6c3fe
Reviewed-on: https://go-review.googlesource.com/c/go/+/394294
Trust: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Jordan Liggitt <liggitt@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 35998c010947d3a5a26409fffcb4ed16c3595850)
Reviewed-on: https://go-review.googlesource.com/c/go/+/398074
Reviewed-by: Cherry Mui <cherryyz@google.com>
src/crypto/x509/verify.go diff | blob | history
src/crypto/x509/x509.go diff | blob | history
src/crypto/x509/x509_test.go diff | blob | history
Go GOST TLS 1.3