From c1bba9e03c59f38c71b3c0426c2c89b14fb975b7 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Tue, 16 Mar 2021 19:30:08 +0000
Subject: [PATCH] Generate hashCAFile with SHA256

In a FIPS environment, it's much easier to switch to SHA256 than it is
to verify and explain that any particular use of MD5 is actually safe
in-context.

Signed-off-by: Nick Thomas <nick@gitlab.com>
---
 config/http_config.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/http_config.go b/config/http_config.go
index af9e463b..07de306b 100644
--- a/config/http_config.go
+++ b/config/http_config.go
@@ -17,7 +17,7 @@ package config
 
 import (
 	"bytes"
-	"crypto/md5"
+	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
@@ -533,7 +533,7 @@ func (t *tlsRoundTripper) getCAWithHash() ([]byte, []byte, error) {
 	if err != nil {
 		return nil, nil, err
 	}
-	h := md5.Sum(b)
+	h := sha256.Sum256(b)
 	return b, h[:], nil
 
 }