Regression #14678
closed
CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
100%
Description
Noticed this when working on other OpenSSL changes, but some certificates are not being flagged by the renewal page as being weak. The "Would change" column says "No" when it should say "Yes". The most obvious example here is one with a digest listed as "RSA-SHA1". It's being converted to lowercase but the list it's being checked against is mixed case.
This can also affect the renewal process.
I'm fixing this along with other changes for #14672 and #14677
Files
Updated by Jim Pingle 9 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 3ad1e1cb0dd5fa9a486448bfd44c82c230741306.
Updated by aleksei prokofiev 9 months ago
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
Updated by Jim Pingle 9 months ago
- File clipboard-202308140817-ouwpr.png clipboard-202308140817-ouwpr.png added
- File clipboard-202308140818-jbf8s.png clipboard-202308140818-jbf8s.png added
aleksei prokofiev wrote in #note-2:
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
That's not the location this bug is talking about. This would be after clicking the renew action icon:
And then it would be this field at the bottom of the renewal page:
Updated by Jim Pingle 9 months ago
- Subject changed from CA/Cert renew page is not properly listing some SHA1 certificates as being weak to CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Updating subject for release notes.
Updated by aleksei prokofiev 9 months ago
I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0
Updated by aleksei prokofiev 9 months ago
Also can confirm on 23.09
23.09-DEVELOPMENT (amd64)
built on Fri Aug 18 17:49:48 UTC 2023
FreeBSD 14.0-ALPHA1