From 1ce7714cc96c022e673aa11d3c4d42eff8df147c Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Wed, 2 Nov 2022 17:11:18 +0800
Subject: [PATCH] rollback first #93

---
 smx509/verify_test.go | 3 ++-
 smx509/x509.go        | 9 ++++++---
 smx509/x509_test.go   | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/smx509/verify_test.go b/smx509/verify_test.go
index feb7615..0adc191 100644
--- a/smx509/verify_test.go
+++ b/smx509/verify_test.go
@@ -539,7 +539,8 @@ func testVerify(t *testing.T, test verifyTest, useSystemRoots bool) {
 func TestGoVerify(t *testing.T) {
 	// Temporarily enable SHA-1 verification since a number of test chains
 	// require it. TODO(filippo): regenerate test chains.
-	t.Setenv("GODEBUG", "x509sha1=1")
+	defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1)
+	debugAllowSHA1 = true
 
 	for _, test := range verifyTests {
 		t.Run(test.name, func(t *testing.T) {
diff --git a/smx509/x509.go b/smx509/x509.go
index 05b7fb2..6fd8d1f 100644
--- a/smx509/x509.go
+++ b/smx509/x509.go
@@ -248,7 +248,7 @@ var (
 	// 附录A（规范性附录）商用密码领域中的相关OID定义
 	//
 	// http://gmssl.org/docs/oid.html
-	oidSignatureSM2WithSM3    = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 501}
+	oidSignatureSM2WithSM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 501}
 	//oidSignatureSM2WithSHA1   = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 502}
 	//oidSignatureSM2WithSHA256 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 503}
 )
@@ -548,6 +548,9 @@ func oidFromExtKeyUsage(eku ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) {
 	return
 }
 
+// debugAllowSHA1 allows SHA-1 signatures. See issue 41682.
+var debugAllowSHA1 = godebug.Get("x509sha1") == "1"
+
 // A Certificate represents an X.509 certificate.
 type Certificate x509.Certificate
 
@@ -593,7 +596,7 @@ func (c *Certificate) CheckSignatureFrom(parent *Certificate) error {
 
 	// TODO(agl): don't ignore the path length constraint.
 
-	return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature, parent.PublicKey, false)
+	return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature, parent.PublicKey, debugAllowSHA1)
 }
 
 // CheckSignature verifies that signature is a valid signature over signed from
@@ -641,7 +644,7 @@ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey
 	case crypto.MD5:
 		return x509.InsecureAlgorithmError(algo)
 	case crypto.SHA1:
-		if !allowSHA1 && godebug.Get("x509sha1") != "1" {
+		if !allowSHA1 {
 			return x509.InsecureAlgorithmError(algo)
 		}
 		fallthrough
diff --git a/smx509/x509_test.go b/smx509/x509_test.go
index 86a6399..c4c2e71 100644
--- a/smx509/x509_test.go
+++ b/smx509/x509_test.go
@@ -1688,7 +1688,8 @@ func TestSHA1(t *testing.T) {
 		t.Fatalf("certificate verification returned %v (%T), wanted InsecureAlgorithmError", err, err)
 	}
 
-	t.Setenv("GODEBUG", "x509sha1=1")
+	defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1)
+	debugAllowSHA1 = true
 	if err = cert.CheckSignatureFrom(cert); err != nil {
 		t.Fatalf("SHA-1 certificate did not verify with GODEBUG=x509sha1=1: %v", err)
 	}
@@ -3034,7 +3035,8 @@ func TestParseUniqueID(t *testing.T) {
 }
 
 func TestDisableSHA1ForCertOnly(t *testing.T) {
-	t.Setenv("GODEBUG", "")
+	defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1)
+	debugAllowSHA1 = false
 
 	tmpl := &Certificate{
 		SerialNumber:          big.NewInt(1),