While playing around with cfssl a bit, I've noticed that its not always possible to decode .p12- or .pfx-files due to the following error:
unknown digest algorithm 2.16.840.1.101.3.4.2.1
While doing some research on this, I've found out, that the standard crypto/pkcs12-pkg is currently in a somewhat frozen state: https://github.com/golang/go/issues/62375
This PR suggests replacing the (currently) frozen crypto/pkcs12 with the drop-in-replacement https://github.com/SSLMate/go-pkcs12.
I also had to rework the caCertificate-Handling a bit by using DecodeChain instead of Decode, since its possible that the provided pfxData may also include the ca-certificate chain which would lead to an error when passed to a simple Decode.
While playing around with
cfssla bit, I've noticed that its not always possible to decode.p12- or.pfx-files due to the following error:While doing some research on this, I've found out, that the standard
crypto/pkcs12-pkg is currently in a somewhat frozen state:https://github.com/golang/go/issues/62375
This PR suggests replacing the (currently) frozen
crypto/pkcs12with the drop-in-replacementhttps://github.com/SSLMate/go-pkcs12.I also had to rework the caCertificate-Handling a bit by using
DecodeChaininstead ofDecode, since its possible that the provided pfxData may also include the ca-certificate chain which would lead to an error when passed to a simpleDecode.Let me know what you think.
Thanks!