diff --git a/pgmoon/init.lua b/pgmoon/init.lua index e42d642..1caa194 100644 --- a/pgmoon/init.lua +++ b/pgmoon/init.lua @@ -401,14 +401,14 @@ do local server_cert = self.sock:getpeercertificate() pem, signature = server_cert:pem(), server_cert:getsignaturename() end - signature = signature:lower() - local _, with_sig - _, _, with_sig = signature:find("%-with%-(.*)") - if with_sig then - signature = with_sig - end - if signature:match("^md5") or signature:match("^sha1") or signature:match("sha1$") then + local sig_lower = signature:lower() + if sig_lower:match("^md5") or sig_lower:match("^sha1") or sig_lower:match("sha1$") or sig_lower:match("sha256$") then signature = "sha256" + else + local objects = require("resty.openssl.objects") + local sigid = assert(objects.txt2nid(signature)) + local digest_nid = assert(objects.find_sigid_algs(sigid)) + signature = assert(objects.nid2table(digest_nid).sn) end cbind_data = assert(x509_digest(pem, signature)) end diff --git a/pgmoon/init.moon b/pgmoon/init.moon index 7844393..20a27d0 100644 --- a/pgmoon/init.moon +++ b/pgmoon/init.moon @@ -404,16 +404,16 @@ class Postgres server_cert = @sock\getpeercertificate() server_cert\pem!, server_cert\getsignaturename! - signature = signature\lower! - - -- Handle the case when the signature is e.g. ECDSA-with-SHA384 - _, _, with_sig = signature\find("%-with%-(.*)") - if with_sig - signature = with_sig + sig_lower = signature\lower! -- upgrade the signature if necessary (also handle the case of s/RSA-SHA1/sha256) - if signature\match("^md5") or signature\match("^sha1") or signature\match("sha1$") + if sig_lower\match("^md5") or sig_lower\match("^sha1") or sig_lower\match("sha1$") or sig_lower\match("sha256$") signature = "sha256" + else + objects = require "resty.openssl.objects" + sigid = assert objects.txt2nid(signature) + digest_nid = assert objects.find_sigid_algs(sigid) + signature = assert objects.nid2table(digest_nid).sn assert x509_digest(pem, signature)