Hi Andrew,

Unfortunately fully supporting PSS certificates is not merely a matter
of adding a value to SIG_OIDS_TO_HASH. This is tracked in
https://github.com/pyca/cryptography/issues/2850 and
https://github.com/pyca/cryptography/issues/4858.

However, if that PR works for you, then you can likely make do by
using `cert.signature_algorithm_oid` instead of
`cert.signature_algorithm` and mapping the OID to hash algorithm
yourself.

Alex

On Tue, Mar 8, 2022 at 7:29 AM Doran, Andrew
<andy.do...@sciencelogic.com> wrote:
>
> Hi,
>
> We are using the cryptography module with pyWinRM to run PowerShell scripts 
> on Windows servers from Linux. We have a situation where this fails because 
> of a certificate issue. If we edit oid.py to add:-
>
> SignatureAlgorithmOID.RSASSA_PSS: hashes.SHA256()
>
> to the dictionary _SIG_OIDS_TO_HASH, then everything works just fine.
>
> Are you planning to add this algorythm so that we can juts use an updated 
> module?
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev@python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev



-- 
All that is necessary for evil to succeed is for good people to do nothing.
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to