Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tests fail with Go 1.18 due to denial of SHA1 certificates #361

Open
jawn-smith opened this issue Mar 16, 2022 · 2 comments
Open

Tests fail with Go 1.18 due to denial of SHA1 certificates #361

jawn-smith opened this issue Mar 16, 2022 · 2 comments

Comments

@jawn-smith
Copy link

Per the Go 1.18 release notes: "crypto/x509 will now reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015."

This is causing quite a few of the test cases to fail with Go 1.18.

@kakkoyun
Copy link
Member

And easy solution would be to add GODEBUG=x509sha1=1 to tests, but it's just a stopgap until go1.19
The real solution is to regenerate the certs in the testdata

For more context: https://github.com/golang/go/blob/c379c3d58d5482f4c8fe97466a99ce70e630ad44/src/crypto/x509/x509.go#L733-L741

@dswarbrick
Copy link
Contributor

The certificates were regenerated in v0.36.0 so this should no longer be an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants