From 5c342a9da32c7b6be713e6642a776ef6b40d89f9 Mon Sep 17 00:00:00 2001 From: Simon Pelchat Date: Thu, 15 Feb 2018 17:50:35 -0800 Subject: [PATCH] Use signature algorithm from the wpr-go root cert. MintServerCert creates a template based on the origin's signature algorithm, but the public key is taken from wpr-go's root certificate. In some cases, these may be incompatible, which results in seeing the error: """ TLS handshake error from 127.0.0.1:43524: create cert failed: x509: requested SignatureAlgorithm does not match private key type. """ It's impossible to use a single root certificate that has a public key that works for any possible signature algorithm. Instead, we override the signature algorithm from the wpr-go root certificate. Bug: catapult:#4272 Change-Id: I1ca74d0ae2ecb230f9e03143d385830a2367398b Reviewed-on: https://chromium-review.googlesource.com/922891 Commit-Queue: Tom Bergan Reviewed-by: Tom Bergan --- web_page_replay_go/src/webpagereplay/certs.go | 1 + 1 file changed, 1 insertion(+) diff --git a/web_page_replay_go/src/webpagereplay/certs.go b/web_page_replay_go/src/webpagereplay/certs.go index 4b453a83634..a78995d20e4 100644 --- a/web_page_replay_go/src/webpagereplay/certs.go +++ b/web_page_replay_go/src/webpagereplay/certs.go @@ -94,6 +94,7 @@ func MintServerCert(serverName string, rootCert *x509.Certificate, rootKey crypt template.NotBefore = time.Now() // Certs cannot be valid for longer than 39 mths. template.NotAfter = template.NotBefore.Add(39 * 30 * 24 * time.Hour) + template.SignatureAlgorithm = rootCert.SignatureAlgorithm template.PublicKey = rootCert.PublicKey var buf [20]byte if _, err := io.ReadFull(rand.Reader, buf[:]); err != nil {