Hi Andrew, Unfortunately fully supporting PSS certificates is not merely a matter of adding a value to SIG_OIDS_TO_HASH. This is tracked in https://github.com/pyca/cryptography/issues/2850 and https://github.com/pyca/cryptography/issues/4858.
However, if that PR works for you, then you can likely make do by using `cert.signature_algorithm_oid` instead of `cert.signature_algorithm` and mapping the OID to hash algorithm yourself. Alex On Tue, Mar 8, 2022 at 7:29 AM Doran, Andrew <andy.do...@sciencelogic.com> wrote: > > Hi, > > We are using the cryptography module with pyWinRM to run PowerShell scripts > on Windows servers from Linux. We have a situation where this fails because > of a certificate issue. If we edit oid.py to add:- > > SignatureAlgorithmOID.RSASSA_PSS: hashes.SHA256() > > to the dictionary _SIG_OIDS_TO_HASH, then everything works just fine. > > Are you planning to add this algorythm so that we can juts use an updated > module? > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
