Generate certs with SHA256 signature instead of SHA1

Doesn't matter at all for BEP, but the same stuff is used by the web UI and modern browsers are starting to dislike SHA1 extra much.
2015-09-09 12:55:17 +02:00
parent f2db1c8ab2
commit 64354b51c9
2 changed files with 5 additions and 1 deletions
--- a/lib/tlsutil/tlsutil.go
+++ b/lib/tlsutil/tlsutil.go
@@ -47,6 +47,7 @@ func NewCertificate(certFile, keyFile, tlsDefaultCommonName string, tlsRSABits i
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 		BasicConstraintsValid: true,
+		SignatureAlgorithm:    x509.SHA256WithRSA,
 	}

 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)