for @psafont I added val signature_algorithm : t -> ([ `RSA | `ECDSA ] * Nocrypto.Hash.hash) option to the Certificate, Signing_request, and CRL modules. Does this suite you well?
The (chain) validation functions now receive an optional hash_whitelist argument, which the signature algorithm must match. The default is any SHA-2 algorithm (SHA256/SHA384/SHA512, not SHA224 - seems to be rarely used, I could not see a reason to include it). The default for valid_ca{,s} is any hash algorithm (following what others are doing).
/cc @emillon @paurkedal for a quick round of review -- this certainly changes the behaviour of x509 & tls -- in a good way forward (rejecting weak algorithms by default).
fixes #123
for @psafont I added
val signature_algorithm : t -> ([ `RSA | `ECDSA ] * Nocrypto.Hash.hash) option
to the Certificate, Signing_request, and CRL modules. Does this suite you well?The (chain) validation functions now receive an optional
hash_whitelist
argument, which the signature algorithm must match. The default is any SHA-2 algorithm (SHA256/SHA384/SHA512, not SHA224 - seems to be rarely used, I could not see a reason to include it). The default forvalid_ca{,s}
is any hash algorithm (following what others are doing)./cc @emillon @paurkedal for a quick round of review -- this certainly changes the behaviour of x509 & tls -- in a good way forward (rejecting weak algorithms by default).