letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow SHA-1 for now

This commit is contained in:
Richard Barnes 2015-06-23 22:54:07 -07:00
parent 0b36fd1bd1
commit c27adaab17
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ca/certificate-authority.go
View File

@ -65,11 +65,13 @@ type PKCS11Config struct {
// are no longer considered sufficiently strong. // are no longer considered sufficiently strong.
// * No MD2, MD5, or SHA-1 // * No MD2, MD5, or SHA-1
// * No DSA // * No DSA
//
// SHA1WithRSA is allowed because there's still a fair bit of it
// out there, but we should try to remove it soon.
var badSignatureAlgorithms = map[x509.SignatureAlgorithm]bool{ var badSignatureAlgorithms = map[x509.SignatureAlgorithm]bool{
x509.UnknownSignatureAlgorithm: true, x509.UnknownSignatureAlgorithm: true,
x509.MD2WithRSA: true, x509.MD2WithRSA: true,
x509.MD5WithRSA: true, x509.MD5WithRSA: true,
x509.SHA1WithRSA: true,
x509.DSAWithSHA1: true, x509.DSAWithSHA1: true,
x509.DSAWithSHA256: true, x509.DSAWithSHA256: true,
x509.ECDSAWithSHA1: true, x509.ECDSAWithSHA1: true,