Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2420

CRLs should be signed with SHA256 when available

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Platform Core
    • Story Points:
      1

      Description

      Certificate revocation lists are always signed with SHA1WithRSAEncryption, but when signing certificate signing requests and certificates, we default to SHA256WithRSAEncryption. If SHA256 is not available, we fall back to SHA1WithRSAEncryption.

      We should refactor the CRL code to use the CertificateSigner code so that we use more secure defaults.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  josh Josh Cooper
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: