Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[azidentity] pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1 #22906

Closed
DariuszPorowski opened this issue May 16, 2024 · 2 comments
Closed

[azidentity] pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1 #22906

DariuszPorowski opened this issue May 16, 2024 · 2 comments
Assignees
@chlowell
Labels
Azure.Identity feature-request This issue requires a new behavior in the product in order be resolved.

Comments

@DariuszPorowski
Copy link

Bug Report

  • import path of package: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • SDK version: 1.5.2
  • output of go version go1.22.3 windows/amd64
  • What happened?

During the usage of cert, key, err := azidentity.ParseCertificates(certData, password) I got error like: pkcs12: unknown digest algorithm: 2.16.840.1.101.3.4.2.1

  • What did you expect or want to happen?

cert bytes are parsed

  • How can we reproduce it?

try to parse cert with sha256 hashing

  • Anything we should know about your environment.
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels May 16, 2024
@jhendrixMSFT jhendrixMSFT added Azure.Identity and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels May 16, 2024
@github-actions github-actions bot added the needs-team-attention This issue needs attention from Azure service team or SDK team label May 16, 2024
@chlowell
Copy link
Contributor

Thanks for opening this issue! You're seeing this error because ParseCertificates depends on x/crypto/pkcs12, which doesn't support sha256 for message authentication and I suppose never will because the package is frozen. We're pretty cautious around dependencies that aren't at least standard library adjacent but I'll discuss options with the team. In the meantime, you can use whatever package works for you. ParseCertificates is just an optional helper; credential constructors will take a []*x509.Certificate and a crypto.PrivateKey from any source.

@chlowell chlowell added feature-request This issue requires a new behavior in the product in order be resolved. and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team labels May 16, 2024
@chlowell
Copy link
Contributor

Thanks again for opening this issue. I discussed it with the rest of the team and we decided we don't want to add a new third-party dependency to get better PKCS12 support (we don't want to choose one on behalf of app developers) or maintain our own PKCS12 parser, so we'll leave ParseCertificates as it is, a best-effort helper limited by the standard library. I updated the docs in #22927 to call out the digest algorithm limitation and suggest working around it and other limitations by using another parser.

@chlowell chlowell closed this as not planned Won't fix, can't repro, duplicate, stale May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chlowell chlowell

Labels
Azure.Identity feature-request This issue requires a new behavior in the product in order be resolved.
Projects
Azure Identity SDK Improvements
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DariuszPorowski @jhendrixMSFT @chlowell