While playing around with cfssl a bit, I've noticed that its not always possible to decode .p12- or .pfx-files due to the following error:
unknown digest algorithm 2.16.840.1.101.3.4.2.1
While doing some research on this, I've found out, that the standard crypto/pkcs12-pkg is currently in a somewhat frozen state: https://github.com/golang/go/issues/62375
This PR suggests replacing the (currently) frozen crypto/pkcs12 with the drop-in-replacement https://github.com/SSLMate/go-pkcs12.
I also had to rework the caCertificate-Handling a bit by using DecodeChain instead of Decode, since its possible that the provided pfxData may also include the ca-certificate chain which would lead to an error when passed to a simple Decode.
While playing around with
cfssl
a bit, I've noticed that its not always possible to decode.p12
- or.pfx
-files due to the following error:While doing some research on this, I've found out, that the standard
crypto/pkcs12
-pkg is currently in a somewhat frozen state:https://github.com/golang/go/issues/62375
This PR suggests replacing the (currently) frozen
crypto/pkcs12
with the drop-in-replacementhttps://github.com/SSLMate/go-pkcs12
.I also had to rework the caCertificate-Handling a bit by using
DecodeChain
instead ofDecode
, since its possible that the provided pfxData may also include the ca-certificate chain which would lead to an error when passed to a simpleDecode
.Let me know what you think.
Thanks!