mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-06-20 16:10:50 +00:00
https://github.com/go-fed/httpsig seems to be unmaintained. Switch to github.com/42wim/httpsig which has removed deprecated crypto and default sha256 signing for ssh rsa. No impact for those that use ed25519 ssh certificates. This is a breaking change for: - gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too - activitypub using deprecated crypto (is this actually used?) (cherry picked from commit 01dec7577a051d9bb30e91f6cf6653dc51a37d06) --- Conflict resolution: trivial Co-authored-by: Wim <wim@42.be> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5303 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
This commit is contained in:
Gusted
parent
387f590d9c
commit
b2a3a0411c
7 changed files with 10 additions and 10 deletions
|
|
@ -17,7 +17,7 @@ import (
|
|||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/go-fed/httpsig"
|
||||
"github.com/42wim/httpsig"
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
|
|
@ -205,7 +205,7 @@ func doVerify(verifier httpsig.Verifier, sshPublicKeys []ssh.PublicKey) error {
|
|||
case strings.HasPrefix(publicKey.Type(), "ssh-ed25519"):
|
||||
algos = []httpsig.Algorithm{httpsig.ED25519}
|
||||
case strings.HasPrefix(publicKey.Type(), "ssh-rsa"):
|
||||
algos = []httpsig.Algorithm{httpsig.RSA_SHA1, httpsig.RSA_SHA256, httpsig.RSA_SHA512}
|
||||
algos = []httpsig.Algorithm{httpsig.RSA_SHA256, httpsig.RSA_SHA512}
|
||||
}
|
||||
for _, algo := range algos {
|
||||
if err := verifier.Verify(cryptoPubkey, algo); err == nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue