search

versatica / mediasoup

Cutting Edge WebRTC Video Conferencing
https://mediasoup.org
ISC License
6.27k stars 1.13k forks source link

Stop signing certificates with SHA1 #1447

Closed fippo closed 2 months ago

fippo commented 2 months ago

This uses SHA-1

ret = X509_sign(DtlsTransport::certificate, DtlsTransport::privateKey, EVP_sha1());

to sign the self-signed certificate. SHA-1 is on its way out but this is not the usage in SDP that we are tracking in Chromium

Be as cool as ~@lminiero~ @tgabi333, use EVP_SHA256

CosmosisT commented 2 months ago

There's maybe ECDSA that could be used.

ibc commented 2 months ago

Thanks. PR done here: https://github.com/versatica/mediasoup/pull/1450

@CosmosisT, I have no idea about how to use ECDSA to sign a certificate with OpenSSL and IMHO we don't strictly need it.