Regression #14678
closed
CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Added by Jim Pingle 9 months ago.
Updated 7 months ago.
Plus Target Version:
23.09
Description
Noticed this when working on other OpenSSL changes, but some certificates are not being flagged by the renewal page as being weak. The "Would change" column says "No" when it should say "Yes". The most obvious example here is one with a digest listed as "RSA-SHA1". It's being converted to lowercase but the list it's being checked against is mixed case.
This can also affect the renewal process.
I'm fixing this along with other changes for #14672 and #14677
Files
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
aleksei prokofiev wrote in #note-2:
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
That's not the location this bug is talking about. This would be after clicking the renew action icon:
And then it would be this field at the bottom of the renewal page:
- Subject changed from CA/Cert renew page is not properly listing some SHA1 certificates as being weak to CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Updating subject for release notes.
I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0
Also can confirm on 23.09
23.09-DEVELOPMENT (amd64)
built on Fri Aug 18 17:49:48 UTC 2023
FreeBSD 14.0-ALPHA1
- Status changed from Feedback to Resolved
- Target version changed from 2.8.0 to 2.7.1
Also available in: Atom
PDF
Updated by 
Updated by