src/pkg/crypto/x509 · 46b4ed2cf065a9877257c6641e40a0e3cd1468fd · go / golang

crypto/x509: set default signature hash to SHA256 and allow override. · ca3ff925

Adam Langley authored Dec 18, 2013

Previously the hash used when signing an X.509 certificate was fixed
and, for RSA, it was fixed to SHA1. Since Microsoft have announced the
deprecation of SHA1 in X.509 certificates, this change switches the
default to SHA256.

It also allows the hash function to be controlled by the caller by
setting the SignatureAlgorithm field of the template.

[1] http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Fixes #5302.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/40720047

ca3ff925

Name	Last commit	Last update
..
pkix		Loading commit data...
cert_pool.go		Loading commit data...
pem_decrypt.go		Loading commit data...
pem_decrypt_test.go		Loading commit data...
pkcs1.go		Loading commit data...
pkcs8.go		Loading commit data...
pkcs8_test.go		Loading commit data...
root.go		Loading commit data...
root_cgo_darwin.go		Loading commit data...
root_darwin.go		Loading commit data...
root_darwin_test.go		Loading commit data...
root_nocgo_darwin.go		Loading commit data...
root_plan9.go		Loading commit data...
root_unix.go		Loading commit data...
root_windows.go		Loading commit data...
sec1.go		Loading commit data...
sec1_test.go		Loading commit data...
verify.go		Loading commit data...
verify_test.go		Loading commit data...
x509.go		Loading commit data...
x509_test.go		Loading commit data...