When using webhook the signature header validation fails on Almalinux 9.4 and php83 (via virtualmin) because it uses sha1, when i update the code to use sha2 the problem went away.
/src/Controllers/WebhookController.php
line 31 changed from $encodedSignature = $request->header('x-postal-signature');
to
$encodedSignature = $request->header('x-postal-signature-256');
and
line 39 changed from
$result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA1);
to
$result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA256);
When using webhook the signature header validation fails on Almalinux 9.4 and php83 (via virtualmin) because it uses sha1, when i update the code to use sha2 the problem went away.
/src/Controllers/WebhookController.php line 31 changed from
$encodedSignature = $request->header('x-postal-signature');
to$encodedSignature = $request->header('x-postal-signature-256');
and
line 39 changed from
$result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA1);
to$result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA256);