Google Git
Sign in
go / go / ca3ff9251dbe34edb539b661a30222d0f3d755bd
commitca3ff9251dbe34edb539b661a30222d0f3d755bd[log] [tgz]
authorAdam Langley <agl@golang.org>Wed Dec 18 10:57:56 2013 -0500
committerAdam Langley <agl@golang.org>Wed Dec 18 10:57:56 2013 -0500
treefbaa841e7d18bf9dc677ddc8fe2a8e6ad04427d1
parent4f234814831c48a3bbc2b9a2d00242fad890facf [diff]
crypto/x509: set default signature hash to SHA256 and allow override.

Previously the hash used when signing an X.509 certificate was fixed
and, for RSA, it was fixed to SHA1. Since Microsoft have announced the
deprecation of SHA1 in X.509 certificates, this change switches the
default to SHA256.

It also allows the hash function to be controlled by the caller by
setting the SignatureAlgorithm field of the template.

[1] http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Fixes #5302.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/40720047
2 files changed
tree: fbaa841e7d18bf9dc677ddc8fe2a8e6ad04427d1
  1. api/
  2. doc/
  3. include/
  4. lib/
  5. misc/
  6. src/
  7. test/
  8. .hgignore
  9. .hgtags
  10. AUTHORS
  11. CONTRIBUTORS
  12. favicon.ico
  13. LICENSE
  14. PATENTS
  15. README
  16. robots.txt