Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expect SHA-256 instead of MD5 fingerprint flag value #160

Merged
merged 2 commits into from
Mar 22, 2021
Merged

Expect SHA-256 instead of MD5 fingerprint flag value #160

merged 2 commits into from
Mar 22, 2021

Conversation

omorsi
Copy link
Contributor

@omorsi omorsi commented Mar 22, 2021

This PR solves issue #156.

Copying the issue description here to save readers' time.

This is to complete pull request #144 which should have removed all weak hash functions usages.

scep/cmd/scepclient/scepclient.go

Line 271 in c892534

flCAFingerprint = flag.String("ca-fingerprint", "", "md5 fingerprint of CA certificate for NDES server.")

@jessepeterson jessepeterson linked an issue Mar 22, 2021 that may be closed by this pull request
Change ca-fingerprint flag to expect SHA-256 digest instead of MD5 #156
Closed
jessepeterson
jessepeterson approved these changes Mar 22, 2021
View reviewed changes
README.md Outdated
@@ -119,7 +119,7 @@ cat - > /tmp/scep.csr
$ ./scepclient-linux-amd64 -help
Usage of ./scepclient-linux-amd64:
-ca-fingerprint string
md5 fingerprint of CA certificate for NDES server.
(Note: Changed from MD5) SHA-256 digest of CA certificate for NDES server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: see note below

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, thanks for remember to update the docs! :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. thanks :)

cmd/scepclient/scepclient.go Outdated
@@ -268,7 +269,7 @@ func main() {

// in case of multiple certificate authorities, we need to figure out who the recipient of the encrypted
// data is.
flCAFingerprint = flag.String("ca-fingerprint", "", "md5 fingerprint of CA certificate for NDES server.")
flCAFingerprint = flag.String("ca-fingerprint", "", "(Note: Changed from MD5) SHA-256 digest of CA certificate for NDES server.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: place note behind new description

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@jessepeterson jessepeterson merged commit a4c6ff4 into micromdm:main Mar 22, 2021
@jessepeterson jessepeterson mentioned this pull request Mar 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessepeterson jessepeterson jessepeterson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change ca-fingerprint flag to expect SHA-256 digest instead of MD5
2 participants
@omorsi @jessepeterson