mirror of
https://github.com/haproxy/haproxy.git
synced 2026-05-14 01:49:11 -04:00
c9e76e5bb1
New jws_b64_hmac_signature() duplicates the same functionality as jws_b64_signature(), but for the use case of HMAC signing. Intended to be used for ACME EAB. OpenSSL allows to use EVP_PKEY for HMAC functionality, so jws_b64_signature() could be reused, but the problem is that although isn't deprecated it was removed in BoringSSL, and was removed (due to BoringSSL roots) but then readded back in AWS-LC, because of "legacy clients" (citing them), for that reason alone I say that having a dedicated function for hmac is better, HMAC() macro seems to be widely supported unlike other ways of doing same thing. Another alternative would be to use EVP_MD API, but it was introduced in OpenSSL 3.0, so not as widely supported. |
||
|---|---|---|
| .. | ||
| haproxy | ||
| import | ||
| make | ||