Project

General

Profile

Bug #7853

Signed CSRs always use SHA1, which is weak

Added by Jim Pingle about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Certificates
Target version:
Start date:
09/11/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4
Affected Architecture:
All

Description

When signing a CSR in the 2.4 GUI there is no choice to pick a digest algorithm for signing. Thus, when a CSR is signed, it is signed using the openssl default of SHA1.

We need a field to pick the digest and use it appropriately. Also, it would be nice to show the signature digest in the infoblock so it's easy to spot.

To me, I have a fix ready.

See also: https://forum.pfsense.org/index.php?topic=136471.0

Associated revisions

Revision aec3a259 (diff)
Added by Jim Pingle about 2 years ago

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

Revision 27127b4a (diff)
Added by Jim Pingle about 2 years ago

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

(cherry picked from commit aec3a259271be5dae63b148a48b7778c0cd0660e)

History

#1 Updated by Jim Pingle about 2 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

Works now, uses whatever the user chooses and defaults to SHA256

Also available in: Atom PDF