Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: more descriptive error message for unsupported algorithms such as MD5 with RSA #10431

Closed
mvanotti opened this issue Apr 12, 2015 · 3 comments
Milestone

Comments

@mvanotti
Copy link

@mvanotti mvanotti commented Apr 12, 2015

In http://golang.org/src/crypto/x509/x509.go?s=21072:21171#L611 that algorithm is not listed.

Should it be listed? Is it because it is considered insecure?

I've found a certificate issued with the MD5withRSA signature algorithm (used only for testing) but finding the error was really hard. It would be nice to have a better error description for this kind of failures.

@minux
Copy link
Member

@minux minux commented Apr 12, 2015

@mvanotti
Copy link
Author

@mvanotti mvanotti commented Apr 12, 2015

I see.

In that case, it would be better to have a more descriptive error than..

failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate "testCA")

"algorithm unimplemented".. The algorithm is implemented, it is not supported because it is considered insecure. Which algorithm? In which part of the chain? Which function failed?

Tracking the error took me a while..

@mikioh mikioh changed the title [crypto/x509] CheckSignature does not support MD5withRSA algorithm crypto/x509: CheckSignature does not support MD5withRSA algorithm Apr 14, 2015
@mikioh mikioh changed the title crypto/x509: CheckSignature does not support MD5withRSA algorithm crypto/x509: more descriptive error message for unsupported algorithms such as MD5 with RSA Apr 14, 2015
@ianlancetaylor ianlancetaylor added this to the Go1.6 milestone Jun 3, 2015
@gopherbot
Copy link

@gopherbot gopherbot commented Dec 3, 2015

CL https://golang.org/cl/17380 mentions this issue.

@rsc rsc closed this in 606d9a7 Dec 3, 2015
@golang golang locked and limited conversation to collaborators Dec 14, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.