beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

httpd: always use an opaque signing key

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-12 19:27:34 +01:00
parent 4cb6acefb2
commit 618723c457
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
internal/httpd/httpd.go
View file

@ -1309,11 +1309,14 @@ func stopCleanupTicker() {
} }
func getSigningKey(signingPassphrase string) []byte { func getSigningKey(signingPassphrase string) []byte {
var key []byte
if signingPassphrase != "" { if signingPassphrase != "" {
sk := sha256.Sum256([]byte(signingPassphrase)) key = []byte(signingPassphrase)
return sk[:] } else {
key = util.GenerateRandomBytes(32)
} }
return util.GenerateRandomBytes(32) sk := sha256.Sum256(key)
return sk[:]
} }
// SetInstallationCodeResolver sets a function to call to resolve the installation code // SetInstallationCodeResolver sets a function to call to resolve the installation code