-
Notifications
You must be signed in to change notification settings - Fork 17.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: reject SHA-1 signatures in Verify [1.18 backport] #51852
Labels
Milestone
Comments
gopherbot
added
the
CherryPickCandidate
Used during the release process for point releases
label
Mar 21, 2022
toothrot
added
the
CherryPickApproved
Used during the release process for point releases
label
Mar 23, 2022
Approved. This is a serious issue without a good workaround. |
gopherbot
removed
the
CherryPickCandidate
Used during the release process for point releases
label
Mar 23, 2022
This is approved and targeting Go 1.18.1, but doesn't have a CL attached to it. @FiloSottile would you like to make a CL, or do we want to delay it? Thanks. |
Change https://go.dev/cl/398074 mentions this issue: |
Closed by merging abb3f05 to release-branch.go1.18. |
gopherbot
pushed a commit
that referenced
this issue
Apr 5, 2022
…for certificates Disable SHA-1 signature verification in Certificate.CheckSignatureFrom, but not in Certificate.CheckSignature. This allows verification of OCSP responses and CRLs, which still use SHA-1 signatures, but not on certificates. Updates #41682 Fixes #51852 Change-Id: Ia705eb5052e6fc2724fed59248b1c4ef8af6c3fe Reviewed-on: https://go-review.googlesource.com/c/go/+/394294 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Jordan Liggitt <liggitt@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit 35998c0) Reviewed-on: https://go-review.googlesource.com/c/go/+/398074 Reviewed-by: Cherry Mui <cherryyz@google.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
@FiloSottile requested issue #41682 to be considered for backport to the next 1.18 minor release.
The text was updated successfully, but these errors were encountered: