urko/emailsender
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: customVerify cert alg + update valid CNs

Browse Source
This commit is contained in:
urko 2025-10-20 18:57:29 +00:00
parent 34f9238cf0
commit 537fbeebd9
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/email/email.go
View File

@ -91,8 +91,10 @@ var validCommonNames = []string{
"ISRG Root X1", "ISRG Root X1",
"R3", "R3",
"R10", "R10",
"R13",
"R11", "R11",
"E5", "E5",
"E7",
"DST Root CA X3", "DST Root CA X3",
"DigiCert Global Root G2", "DigiCert Global Root G2",
"DigiCert Global G2 TLS RSA SHA256 2020 CA1", "DigiCert Global G2 TLS RSA SHA256 2020 CA1",
@ -138,10 +140,15 @@ func customVerify(host string) func(cs tls.ConnectionState) error {
return fmt.Errorf("untrusted certificate issuer: %s", cert.Issuer.CommonName) return fmt.Errorf("untrusted certificate issuer: %s", cert.Issuer.CommonName)
} }
// Check that the public key algorithm is RSA. // Check that the public key algorithms
if cert.PublicKeyAlgorithm != x509.RSA { switch cert.PublicKeyAlgorithm {
return fmt.Errorf("unsupported public key algorithm: %v", cert.PublicKeyAlgorithm) case x509.RSA, x509.ECDSA:
// OK
default:
return fmt.Errorf("unsupported public key algorithm: %v",
cert.PublicKeyAlgorithm)
} }
} }
return nil return nil