I just changed “md5(…)” to “shall(…)” and added an object id to the table. Once I figured out I didn’t have to us RSA to *sign* the CSR, but had to have something other than md5, it was easy.
> On May 26, 2015, at 2:00 PM, lu...@proxima.alt.za wrote: > >> I now have reason to believe that they just removed MD5 from known >> signing algorithms, and that a SHA1 will work. Anyone know anything >> about this? > > There's an exploit for the MD5 version. It looks pretty serious and > deserves to be fixed by disabling the MD5 signing algorithm. > > www.phreedom.org/research/rogue-ca/ > > What exactly did you change in /sys/src/libsec/port/x509.c? I had a > quick look this morning, but I didn't have the opportunity to dig deep > enough. > > Lucio. > >
