Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: does not implement other hash algorithms then SHA1WithRSA #988
crypto/x509 does not actually use any algorithms but SHA1WithRSA, and any attempt to create or validate one will fail. I've attached a patch that expands its capabilities to include RSA+MD5,SHA256,384 & 512. It is a breaking patch, in that anyone using CreateCertificate without having specified SignatureAlgorithm will get an error. It's a rough patch that just implements that bare functionality (and test fixes). I am completely open to fixing this for style or functionality as needed, or you can just run with it; I have verified go can verify its own generated certs, and that openSSL can parse them -- though I've not done extensive validation tests. I'm also by no means a crypto expert, but the places I needed to patch seemed pretty straight forward.
One last note for you; Utilizing: grep -v -- '-----' /etc/ssl/certs/Equifax_Secure_CA.pem | base64 -d | dumpasn1 - and dumpasn1 - < go-generated.der I noticed some potential ASN.1 rendering errors relating to (I think) the boolean type. I don't know enough about ASN.1 to know what the error is, but I don't see anything obvious since the rest of the object seems to dump fine. I don't see similar ASN.1 errors in any other certs I tested in the standard ca-certificates bundle, so my inclination is to say this should be examined more closely and fixed.
Thanks for the patch. Could you please send it in using the code review tools as described at http://golang.org/doc/contribute.html ? That makes it easier for us to comment and eventually apply it. In the change list description you can end with the line Fixes issue #988. and when it is submitted it will close this issue. Thanks very much. Russ
Owner changed to r...@golang.org.
Status changed to Started.