SHA256 support
juresaht2 opened this issue · 3 comments
Hello,
This is a feature request. I would like to ask that SHA256 support be added to SSCEP, since SHA-1 is deprecated since 2017 and can no longer be used for web SSL certificates.
This page contains instructions how the source code can be modified to add support for SHA256 and SHA512:
https://www.dogtagpki.org/wiki/SCEP_in_Dogtag
For my project I had preformed these changes on the latest version and confirm that they work. I am contributing the modified source code in the form of a compatible fork:
juresaht2@19dfffe
I have not provided this in the form of a merge request, because while the modified code works, I do not believe it is suitable for merging, as signature verification which no longer works is simply disabled:
https://github.com/juresaht2/sscep/blob/master/pkcs7.c#L420
Hopefully the modified code is still useful.
LP,
Jure
T-2 d.o.o.
+1
Hello. I at least started: the changes to sscep.c were included in some ancient pull request, which got integrated in to the develop branch with 23e306f. The rest of the changes is still pending though. Contibutions (to the develop branch) are welcome.
The documentation is also fixed now. Feel free to open another specific issue if you are missing some additional feature.