Contact Details
No response
Version
latest master
Description
wc_InitCert_ex defaults to SHA1 RSA if SHA1 is supported by the wolfSSL build (see asn.c line 29011). Defaulting to a legacy algorithm is much more dangerous than supporting a legacy algorithm. The default should be a setting that is still currently recommend by NIST etc unless no such settings are compiled in.
Reproduction steps
read asn.c line 29011.
Relevant log output
Contact Details
No response
Version
latest master
Description
wc_InitCert_ex defaults to SHA1 RSA if SHA1 is supported by the wolfSSL build (see asn.c line 29011). Defaulting to a legacy algorithm is much more dangerous than supporting a legacy algorithm. The default should be a setting that is still currently recommend by NIST etc unless no such settings are compiled in.
Reproduction steps
read asn.c line 29011.
Relevant log output