Skip to content

remove SHA1 fallback from CertificateSigner#381

Draft
silug wants to merge 1 commit intoOpenVoxProject:mainfrom
silug:openvox-9/remove-sha1-signing
Draft

remove SHA1 fallback from CertificateSigner#381
silug wants to merge 1 commit intoOpenVoxProject:mainfrom
silug:openvox-9/remove-sha1-signing

Conversation

@silug
Copy link
Copy Markdown
Contributor

@silug silug commented Apr 7, 2026

Short description

SHA1 is no longer considered safe for use in X.509 signing and has been removed from modern OpenSSL builds. Drop it from the digest fallback chain in CertificateSigner so it is never selected, and update the corresponding spec to reflect the new SHA256 -> SHA512 -> SHA384 -> SHA224 precedence order.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • read and accepted the Developer Certificate of Origin document and added a Signed-off-by annotation to each of my commits
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@silug @claude
remove SHA1 fallback from CertificateSigner
3768ba2 
SHA1 is no longer considered safe for use in X.509 signing and has been
removed from modern OpenSSL builds. Drop it from the digest fallback
chain in CertificateSigner so it is never selected, and update the
corresponding spec to reflect the new SHA256 -> SHA512 -> SHA384 ->
SHA224 precedence order.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Steven Pritchard <steven.pritchard@gmail.com>
@silug
Copy link
Copy Markdown
Contributor Author

silug commented Apr 7, 2026

This is a breaking change that should be considered for OpenVox 9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@silug