Tests fail with Go 1.18 due to denial of SHA1 certificates

prometheus / common

Go libraries shared across Prometheus components and libraries.

Apache License 2.0

261 stars 320 forks source link

Tests fail with Go 1.18 due to denial of SHA1 certificates #361

Open jawn-smith opened 2 years ago

jawn-smith commented 2 years ago

Per the Go 1.18 release notes: "crypto/x509 will now reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015."

This is causing quite a few of the test cases to fail with Go 1.18.

kakkoyun commented 2 years ago

And easy solution would be to add GODEBUG=x509sha1=1 to tests, but it's just a stopgap until go1.19 The real solution is to regenerate the certs in the testdata

For more context: https://github.com/golang/go/blob/c379c3d58d5482f4c8fe97466a99ce70e630ad44/src/crypto/x509/x509.go#L733-L741

dswarbrick commented 2 years ago

The certificates were regenerated in v0.36.0 so this should no longer be an issue.