Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: does not implement other hash algorithms then SHA1WithRSA #988

Closed
gopherbot opened this issue Aug 1, 2010 · 6 comments
Closed

crypto/x509: does not implement other hash algorithms then SHA1WithRSA #988

gopherbot opened this issue Aug 1, 2010 · 6 comments
Labels
FrozenDueToAge

Comments

@gopherbot
Copy link

by jdnurmi:

crypto/x509 does not actually use any algorithms but SHA1WithRSA, and any attempt to
create or validate one will fail.

I've attached a patch that expands its capabilities to include RSA+MD5,SHA256,384 &
512.

It is a breaking patch, in that anyone using CreateCertificate without having specified
SignatureAlgorithm will get an error.

It's a rough patch that just implements that bare functionality (and test fixes).  I am
completely open to fixing this for style or functionality as needed, or you can just run
with it;  I have verified go can verify its own generated certs, and that openSSL can
parse them -- though I've not done extensive validation tests.

I'm also by no means a crypto expert, but the places I needed to patch seemed pretty
straight forward.

Attachments:

  1. x509-patch.1 (4480 bytes)
@gopherbot
Copy link
Author

Comment 1 by jdnurmi:

The bored might also want a DSA patch

@gopherbot
Copy link
Author

Comment 2 by jdnurmi:

One last note for you;  Utilizing:
grep -v --  '-----' /etc/ssl/certs/Equifax_Secure_CA.pem | base64 -d | dumpasn1 -
and 
dumpasn1 - < go-generated.der
I noticed some potential ASN.1 rendering errors relating to (I think) the boolean type. 
I don't know enough about ASN.1 to know what the error is, but I don't see anything
obvious since the rest of the object seems to dump fine.
I don't see similar ASN.1 errors in any other certs I tested in the standard
ca-certificates bundle, so my inclination is to say this should be examined more closely
and fixed.

@rsc
Copy link
Contributor

rsc commented Aug 6, 2010

Comment 3:

Thanks for the patch.  Could you please send it in using
the code review tools as described at
http://golang.org/doc/contribute.html ?
That makes it easier for us to comment and
eventually apply it.  In the change list description
you can end with the line
Fixes issue #988.
and when it is submitted it will close this issue.
Thanks very much.
Russ

Owner changed to r...@golang.org.

Status changed to Started.

@rsc
Copy link
Contributor

rsc commented Aug 12, 2010

Comment 4:

Status changed to WaitingForReply.

@rsc
Copy link
Contributor

rsc commented Sep 11, 2010

Comment 5:

jdnurmi:  Are you interested in sending this code via the code review process?
See http://golang.org/doc/contribute.html.  We need to do it that way for
our records and also to get your name in the commit log.
Thanks.

@rsc
Copy link
Contributor

rsc commented Dec 16, 2010

Comment 6:

Status changed to TimedOut.

@mikioh mikioh changed the title crypto/x509 does not implement other hash algorithms then SHA1WithRSA crypto/x509: does not implement other hash algorithms then SHA1WithRSA Jan 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
@rsc rsc removed their assignment Jun 22, 2022
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rsc @gopherbot