Closed primalmotion closed 6 years ago
This patch is incomplete, the signature algorithm of the certificate is not always the same one that is used for the actual signature. We'll need to merge the hash algorithm with the encryption algorithm.
For example, I can sign a with an RSA key, my cert's signature is in SHA256, but the signer info may have a SHA1 digest. Always using the cert's algorithm will cause some usages to fail. I'm pretty sure this is why the tests are failing,
ok then I'm not sure how to do it :/
That's fine, I'm working on a fix now using some of the code from crypto/x509
to figure out which x509.SignatureAlgorithm
to use for the given pkix.AlgorithmIdentifier
.
This patch removes the hardcoded value of the signature verification ago. This fixes an error that starts to appear in go1.10