From af4b772a0e5fd2807a77377f4f0be35e5d58b7fb Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Tue, 5 Sep 2023 18:44:52 -0400 Subject: [PATCH] Fix bug where TSA signing fails if cert hash != content hash. This was fixed upstream in https://github.com/digitorus/timestamp/pull/19. We should cut a patch release - the buggy behavior was introduced in v1.1.2. NOTE: This potentially breaks some users if they are relying on the new cert hash behavior introduced in v1.1.2 to support other hash types, but this fixes those who were broken by the v1.1.2 update. Support for other hash types can be added in another PR by moving to using [timestamp.CreateResponseWithOpts](https://pkg.go.dev/github.com/digitorus/timestamp#Timestamp.CreateResponseWithOpts) and passing in the appropriate hash (but I'm considering that out of scope for this PR). Signed-off-by: Billy Lynch --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ee22d2583..841b00056 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( cloud.google.com/go/security v1.15.1 github.com/beevik/ntp v1.3.0 github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 - github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c + github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 github.com/go-chi/chi v4.1.2+incompatible github.com/go-openapi/errors v0.20.4 github.com/go-openapi/loads v0.21.2 diff --git a/go.sum b/go.sum index dae3f2df8..6a3d4d632 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/digitorus/pkcs7 v0.0.0-20230713084857-e76b763bdc49/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQMIAH7uKg0lrtNSOdpYsRXlwk3QbaE= github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= -github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c h1:kgG83Hfj3YXkUbrihwBxDc0COzP1ZejiDSr4/fItT0E= -github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= +github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647 h1:WOk5Aclr/+sZ2/SX2YyxulNFwZOUhSrDJLw5KbHKmdE= +github.com/digitorus/timestamp v0.0.0-20230902153158-687734543647/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=