From 32b3176905c928acafd58d3e5fb8e4ab795ce166 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 30 Apr 2024 00:14:48 +0200 Subject: [PATCH] Require signed digest when verifying signatures --- src/http_signatures.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/http_signatures.rs b/src/http_signatures.rs index 7e26e8d..1f4e15b 100644 --- a/src/http_signatures.rs +++ b/src/http_signatures.rs @@ -189,8 +189,11 @@ fn verify_signature_inner( uri: &Uri, public_key: &str, ) -> Result<(), Error> { - static CONFIG: Lazy = - Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER)); + static CONFIG: Lazy = Lazy::new(|| { + http_signature_normalization::Config::new() + .set_expiration(EXPIRES_AFTER) + .require_digest() + }); let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");