fix digest mapping for scram auth

leafo · Jun 29, 2023 · 0766862 · 0766862
1 parent 7b7ef2a
commit 0766862
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/pgmoon/init.lua b/pgmoon/init.lua
@@ -402,13 +402,13 @@ do
               pem, signature = server_cert:pem(), server_cert:getsignaturename()
             end
             signature = signature:lower()
-            local _, with_sig
-            _, _, with_sig = signature:find("%-with%-(.*)")
-            if with_sig then
-              signature = with_sig
-            end
             if signature:match("^md5") or signature:match("^sha1") or signature:match("sha1$") then
               signature = "sha256"
+            else
+              local objects = require("resty.openssl.objects")
+              local sigid = assert(objects.txt2nid(signature))
+              local digest_nid = assert(objects.find_sigid_algs(sigid))
+              signature = assert(objects.nid2table(digest_nid).sn)
             end
             cbind_data = assert(x509_digest(pem, signature))
           end

diff --git a/pgmoon/init.moon b/pgmoon/init.moon
@@ -406,14 +406,14 @@ class Postgres
 
           signature = signature\lower!
 
-          -- Handle the case when the signature is e.g. ECDSA-with-SHA384
-          _, _, with_sig = signature\find("%-with%-(.*)")
-          if with_sig
-            signature = with_sig
-
           -- upgrade the signature if necessary (also handle the case of s/RSA-SHA1/sha256)
           if signature\match("^md5") or signature\match("^sha1") or signature\match("sha1$")
             signature = "sha256"
+          else
+            objects = require "resty.openssl.objects"
+            sigid = assert objects.txt2nid(signature)
+            digest_nid = assert objects.find_sigid_algs(sigid)
+            signature = assert objects.nid2table(digest_nid).sn
 
           assert x509_digest(pem, signature)