Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: document why SHA1 is the only supported hash algorithm for cert_id generation in OCSP response #4625

Merged
merged 10 commits into from
Jul 10, 2024
Merged

chore: document why SHA1 is the only supported hash algorithm for cert_id generation in OCSP response #4625

merged 10 commits into from
Jul 10, 2024

Conversation

jouho
Copy link
Contributor

@jouho jouho commented Jun 24, 2024
edited
Loading

Resolved issues:

Resolves #4595

Description of changes:

  • add comment explaining why SHA1 is the only supported hash algorithm when generating cert_id
  • add a note on OCSP API that SHA1 is the only supported hash algorithm for cert_id generation

Call-outs:

Testing:

No functional changes

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Jun 24, 2024
@jouho jouho changed the title Fix: better error for unsupported hash algorithm in OCSP response certificate ID chore: document why SHA1 is the only supported hash algorithm for cert_id generation in OCSP response Jul 1, 2024
@jouho jouho marked this pull request as ready for review July 1, 2024 21:24
@jouho jouho requested review from goatgoose and lrstewart July 1, 2024 21:25
goatgoose
goatgoose reviewed Jul 4, 2024
View reviewed changes
api/s2n.h Outdated Show resolved Hide resolved
api/s2n.h Outdated Show resolved Hide resolved
api/s2n.h Outdated Show resolved Hide resolved
tls/s2n_x509_validator.c Outdated Show resolved Hide resolved
tls/s2n_x509_validator.c Outdated Show resolved Hide resolved
tls/s2n_x509_validator.c Outdated Show resolved Hide resolved
tls/s2n_x509_validator.c Outdated Show resolved Hide resolved
@jouho jouho requested a review from goatgoose July 5, 2024 19:58
goatgoose
goatgoose approved these changes Jul 8, 2024
View reviewed changes
api/s2n.h Outdated Show resolved Hide resolved
tls/s2n_x509_validator.c Outdated Show resolved Hide resolved
@jouho jouho enabled auto-merge (squash) July 10, 2024 17:29
@jouho jouho merged commit 78efb6f into main Jul 10, 2024
37 checks passed
@jouho jouho deleted the ocsp-throw-better-error branch July 10, 2024 19:10
@BrewTestBot BrewTestBot mentioned this pull request Jul 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@goatgoose goatgoose goatgoose approved these changes

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OCSP feature only supports SHA1 hashes
3 participants
@jouho @goatgoose @lrstewart