diff --git a/go.mod b/go.mod index 728102bc..8442ff27 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/onsi/gomega v1.31.1 github.com/packer-community/winrmcp v0.0.0-20221126162354-6e900dd2c68f github.com/pkg/errors v0.9.1 - github.com/vmware/govmomi v0.36.0 + github.com/vmware/govmomi v0.36.1 golang.org/x/sys v0.18.0 ) diff --git a/go.sum b/go.sum index 8f98f6ea..7f4da95a 100644 --- a/go.sum +++ b/go.sum @@ -128,8 +128,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/transform v0.0.0-20201103190739-32f242e2dbde h1:AMNpJRc7P+GTwVbl8DkK2I9I8BBUzNiHuH/tlxrpan0= github.com/tidwall/transform v0.0.0-20201103190739-32f242e2dbde/go.mod h1:MvrEmduDUz4ST5pGZ7CABCnOU5f3ZiOAZzT6b1A6nX8= -github.com/vmware/govmomi v0.36.0 h1:h8+PfYnsIihvUpzD2Mb9kFnSWEz1u2dRWxrBLi79N9I= -github.com/vmware/govmomi v0.36.0/go.mod h1:mtGWtM+YhTADHlCgJBiskSRPOZRsN9MSjPzaZLte/oQ= +github.com/vmware/govmomi v0.36.1 h1:+E/nlfteQ8JvC0xhuKAfpnMsuIeGeGj7rJwqENUcWm8= +github.com/vmware/govmomi v0.36.1/go.mod h1:mtGWtM+YhTADHlCgJBiskSRPOZRsN9MSjPzaZLte/oQ= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= diff --git a/vendor/github.com/vmware/govmomi/govc/about/cert.go b/vendor/github.com/vmware/govmomi/govc/about/cert.go index 5a5af0f7..8ec65d0c 100644 --- a/vendor/github.com/vmware/govmomi/govc/about/cert.go +++ b/vendor/github.com/vmware/govmomi/govc/about/cert.go @@ -89,7 +89,7 @@ func (r *certResult) Write(w io.Writer) error { if r.cmd.thumbprint { u := r.cmd.Session.URL - _, err := fmt.Fprintf(w, "%s %s\n", u.Host, r.info.ThumbprintSHA1) + _, err := fmt.Fprintf(w, "%s %s\n", u.Host, r.info.ThumbprintSHA256) return err } diff --git a/vendor/github.com/vmware/govmomi/internal/version/version.go b/vendor/github.com/vmware/govmomi/internal/version/version.go index 5b108f6e..d6049114 100644 --- a/vendor/github.com/vmware/govmomi/internal/version/version.go +++ b/vendor/github.com/vmware/govmomi/internal/version/version.go @@ -21,5 +21,5 @@ const ( ClientName = "govmomi" // ClientVersion is the version of this SDK - ClientVersion = "0.36.0" + ClientVersion = "0.36.1" ) diff --git a/vendor/github.com/vmware/govmomi/object/host_certificate_info.go b/vendor/github.com/vmware/govmomi/object/host_certificate_info.go index fd9b370e..1a3a7fab 100644 --- a/vendor/github.com/vmware/govmomi/object/host_certificate_info.go +++ b/vendor/github.com/vmware/govmomi/object/host_certificate_info.go @@ -17,7 +17,6 @@ limitations under the License. package object import ( - "crypto/sha256" "crypto/tls" "crypto/x509" "crypto/x509/pkix" @@ -58,14 +57,7 @@ func (info *HostCertificateInfo) FromCertificate(cert *x509.Certificate) *HostCe info.Subject = info.fromName(info.subjectName) info.ThumbprintSHA1 = soap.ThumbprintSHA1(cert) - - // SHA-256 for info purposes only, API fields all use SHA-1 - sum := sha256.Sum256(cert.Raw) - hex := make([]string, len(sum)) - for i, b := range sum { - hex[i] = fmt.Sprintf("%02X", b) - } - info.ThumbprintSHA256 = strings.Join(hex, ":") + info.ThumbprintSHA256 = soap.ThumbprintSHA256(cert) if info.Status == "" { info.Status = string(types.HostCertificateManagerCertificateInfoCertificateStatusUnknown) diff --git a/vendor/github.com/vmware/govmomi/vim25/soap/client.go b/vendor/github.com/vmware/govmomi/vim25/soap/client.go index bbf3d92f..a253ab5b 100644 --- a/vendor/github.com/vmware/govmomi/vim25/soap/client.go +++ b/vendor/github.com/vmware/govmomi/vim25/soap/client.go @@ -21,6 +21,7 @@ import ( "bytes" "context" "crypto/sha1" + "crypto/sha256" "crypto/tls" "crypto/x509" "encoding/json" @@ -387,6 +388,20 @@ func ThumbprintSHA1(cert *x509.Certificate) string { return strings.Join(hex, ":") } +// ThumbprintSHA256 returns the sha256 thumbprint of the given cert. +func ThumbprintSHA256(cert *x509.Certificate) string { + sum := sha256.Sum256(cert.Raw) + hex := make([]string, len(sum)) + for i, b := range sum { + hex[i] = fmt.Sprintf("%02X", b) + } + return strings.Join(hex, ":") +} + +func thumbprintMatches(thumbprint string, cert *x509.Certificate) bool { + return thumbprint == ThumbprintSHA256(cert) || thumbprint == ThumbprintSHA1(cert) +} + func (c *Client) dialTLSContext( ctx context.Context, network, addr string) (net.Conn, error) { @@ -418,14 +433,13 @@ func (c *Client) dialTLSContext( } cert := conn.ConnectionState().PeerCertificates[0] - peer := ThumbprintSHA1(cert) - if thumbprint != peer { - _ = conn.Close() - - return nil, fmt.Errorf("host %q thumbprint does not match %q", addr, thumbprint) + if thumbprintMatches(thumbprint, cert) { + return conn, nil } - return conn, nil + _ = conn.Close() + + return nil, fmt.Errorf("host %q thumbprint does not match %q", addr, thumbprint) } // splitHostPort is similar to net.SplitHostPort, diff --git a/vendor/modules.txt b/vendor/modules.txt index dd4b5e21..ef24e15d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -201,7 +201,7 @@ github.com/pkg/errors # github.com/tidwall/transform v0.0.0-20201103190739-32f242e2dbde ## explicit github.com/tidwall/transform -# github.com/vmware/govmomi v0.36.0 +# github.com/vmware/govmomi v0.36.1 ## explicit; go 1.19 github.com/vmware/govmomi github.com/vmware/govmomi/cns