Require signed digest when verifying signatures (#109)

This commit is contained in:
Nutomic 2024-05-02 10:58:56 +02:00 committed by GitHub
parent ddc455510b
commit be69efdee3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -189,8 +189,11 @@ fn verify_signature_inner(
uri: &Uri, uri: &Uri,
public_key: &str, public_key: &str,
) -> Result<(), Error> { ) -> Result<(), Error> {
static CONFIG: Lazy<http_signature_normalization::Config> = static CONFIG: Lazy<http_signature_normalization::Config> = Lazy::new(|| {
Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER)); http_signature_normalization::Config::new()
.set_expiration(EXPIRES_AFTER)
.require_digest()
});
let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or(""); let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");