Closed joelthompson closed 6 years ago
Seems that #27 and #28 duplicate this, so closing this issue
I'm reopening this issue since #27 and #28 don't fix the problem generally, only the issue with AWS identity documents, these are failing in TestVerifyEC2
in Go 1.10. I'm working on a fix that doesn't also break TestSign
I'm pretty sure this is the culprit: https://github.com/fullsailor/pkcs7/blob/a009d8d7de53d9503c797cb8ec66fa3b21eed209/pkcs7.go#L257
The issue is that golang, starting with 1.10, now enforces that the algorithm passed in to
Certificate.CheckSignature
matches the algorithm in the the public key (see golang/go@083ad28622580195a97cbe83a877c7d49b1dadfa). This is causing hashicorp/vault#4014 as the PKCS7 identity document uses DSA signatures.