From 940a0c8b10bcd25b5968820bbb02b0c900f33ebb Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Thu, 19 May 2022 07:36:57 +0000
Subject: add a hidden config for the hs2019 http sig algo

---
 Zotlabs/Web/HTTPSig.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 4177477a1..cb41c2b7d 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -502,8 +502,11 @@ class HTTPSig {
 
 		$x = self::sign($head, $prvkey, $alg);
 
-		// TODO: should we default to hs2019?
-		// $headerval = 'keyId="' . $keyid . '",algorithm="' . (($algorithm === 'rsa-sha256') ? 'hs2019' : $algorithm) . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+		// TODO: should we default to hs2019? cavage-http-signatures-12 is not very wide spread yet
+
+		if (get_config('system', 'use_hs2019', false) && $algorithm === 'rsa-sha256') {
+			$algorithm = 'hs2019';
+		}
 
 		$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
 
-- 
cgit v1.2.3