Open nunoOliveiraqwe opened 5 months ago
Have a look at https://github.com/micromdm/scep/pull/191#issuecomment-1835504965
tl;dr: SHA1 was supposed to be removed for certificate signing in Go 1.18 but they accidentally broke all SHA-1 operations. They fixed this in Go 1.18.2. I.e. this should not be an issue today.
@jessepeterson you are right. They rolled back the changes in go 1.18.1, I tested sha1 signatures in both, and as expected, it fails on 1.18 and passes 1.18.1. Leaving the link for the discussion here for documentation purposes, https://github.com/golang/go/issues/41682#issuecomment-1072695832
I still see same value in being able to set the digest algo. For example, when the target server forces a specific hash function to be used.
@nunoOliveiraqwe Yes, I can also see the value in that. But FYI we're likely to drop support of our internal SCEP library and migrate to https://github.com/smallstep/scep. So you're more likely to get traction supporting the changes over there first. Also - this PR has a bunch of dependency updates that should be different PRs if you want to see those changes merged. Cheers!
@jessepeterson I rolled back the dependency changes. Should be fine now.
Golang 1.18 removed for sha1 signed certificates and this makes it impossible to use pkc7+go 1.18, because pkc7 defaults SHA1 hash function. Go 1.18 Release Notes
This pr adds support for setting the digest algo for pkc7 to use defaulting to SHA256 if none is specified. Additionally go version is set to 1.18