From 2dd66cbaac2ddfcdf2e514cc54603e264f4fffe7 Mon Sep 17 00:00:00 2001 From: "Urko." Date: Tue, 20 Aug 2024 12:02:23 +0200 Subject: [PATCH] fix: check common names --- go.mod | 2 +- pkg/email/email.go | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 9810f4b..efc5262 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module gitea.urkob.com/urko/emailsender -go 1.21.1 +go 1.22.3 require ( github.com/joho/godotenv v1.5.1 diff --git a/pkg/email/email.go b/pkg/email/email.go index 07ebb26..62dac05 100644 --- a/pkg/email/email.go +++ b/pkg/email/email.go @@ -52,7 +52,7 @@ func NewInsecure(config MailServiceConfig) *EmailService { } } -var validCommonNames = []string{"ISRG Root X1", "R3", "DST Root CA X3"} +var validCommonNames = []string{"ISRG Root X1", "R3", "E5", "DST Root CA X3"} func NewSecure(config MailServiceConfig) *EmailService { return &EmailService{ @@ -98,11 +98,7 @@ func NewSecure(config MailServiceConfig) *EmailService { if !slices.Contains(validCommonNames, cert.Issuer.CommonName) { return fmt.Errorf("certificate is not issued by a trusted CA") } - // log.Println("cert.ExtKeyUsage", cert.ExtKeyUsage) - // if cert.KeyUsage&x509.KeyUsageDigitalSignature == 0 || len(cert.ExtKeyUsage) == 0 || !slices.Contains(cert.ExtKeyUsage, x509.ExtKeyUsageServerAuth) { - // log.Printf("%+v", cert) - // return fmt.Errorf("certificate cannot be used for server authentication") - // } + if cert.PublicKeyAlgorithm != x509.RSA { return fmt.Errorf("unsupported public key algorithm") }