From be69efdee36652bcdead12f39ea0f1193085532f Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 2 May 2024 10:58:56 +0200 Subject: [PATCH] Require signed digest when verifying signatures (#109) --- src/http_signatures.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/http_signatures.rs b/src/http_signatures.rs index 7e26e8d..1f4e15b 100644 --- a/src/http_signatures.rs +++ b/src/http_signatures.rs @@ -189,8 +189,11 @@ fn verify_signature_inner( uri: &Uri, public_key: &str, ) -> Result<(), Error> { - static CONFIG: Lazy = - Lazy::new(|| http_signature_normalization::Config::new().set_expiration(EXPIRES_AFTER)); + static CONFIG: Lazy = Lazy::new(|| { + http_signature_normalization::Config::new() + .set_expiration(EXPIRES_AFTER) + .require_digest() + }); let path_and_query = uri.path_and_query().map(PathAndQuery::as_str).unwrap_or("");