Right now, SHA1 is used for hashing the issuer name and key. SHA1 is not only considered insecure, its support is increasingly dropped by OCSP responders. For example, Microsoft dropped SHA1 support 2 years ago.
It would be nice to have the option of using different hash algorithms. In this pull request, I added the possibility to use SHA256 while keeping SHA1 as the default option. With this structure, you could also add support for additional algorithms.
I kept SHA1 as the default to prevent breaks. However, I would recommend switching to SHA256 in a future version for increased security.
Signed-off-by: Kai Hölscher 51371415+hoels@users.noreply.github.com
Right now, SHA1 is used for hashing the issuer name and key. SHA1 is not only considered insecure, its support is increasingly dropped by OCSP responders. For example, Microsoft dropped SHA1 support 2 years ago.
It would be nice to have the option of using different hash algorithms. In this pull request, I added the possibility to use SHA256 while keeping SHA1 as the default option. With this structure, you could also add support for additional algorithms.
I kept SHA1 as the default to prevent breaks. However, I would recommend switching to SHA256 in a future version for increased security.
Signed-off-by: Kai Hölscher 51371415+hoels@users.noreply.github.com