If it's just as simple, this might be the right place/time to use sha256 for this sort of thing. On Tue, May 26, 2015 at 12:35 PM, Brantley Coile wrote: > I just changed “md5(…)” to “shall(…)” and added an object id to the > table. Once I figured out I didn’t have to us RSA to *sign* the CSR, but > had to have something other than md5, it was easy. > > > On May 26, 2015, at 2:00 PM, lucio@proxima.alt.za wrote: > > > >> I now have reason to believe that they just removed MD5 from known > >> signing algorithms, and that a SHA1 will work. Anyone know anything > >> about this? > > > > There's an exploit for the MD5 version. It looks pretty serious and > > deserves to be fixed by disabling the MD5 signing algorithm. > > > > www.phreedom.org/research/rogue-ca/ > > > > What exactly did you change in /sys/src/libsec/port/x509.c? I had a > > quick look this morning, but I didn't have the opportunity to dig deep > > enough. > > > > Lucio. > > > > > > >