Actions
Bug #7853
closed
Signed CSRs always use SHA1, which is weak
Start date:
09/11/2017
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4
Affected Architecture:
All
Description
When signing a CSR in the 2.4 GUI there is no choice to pick a digest algorithm for signing. Thus, when a CSR is signed, it is signed using the openssl default of SHA1.
We need a field to pick the digest and use it appropriately. Also, it would be nice to show the signature digest in the infoblock so it's easy to spot.
To me, I have a fix ready.
See also: https://forum.pfsense.org/index.php?topic=136471.0
Updated by Jim Pingle over 6 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset aec3a259271be5dae63b148a48b7778c0cd0660e.
Updated by Jim Pingle over 6 years ago
- Status changed from Feedback to Resolved
Works now, uses whatever the user chooses and defaults to SHA256
Actions