From 07bea2f4fbb74371b8094f253006673a467ab8a5 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 19 Mar 2024 15:10:47 +0100
Subject: [PATCH] auth API cryptokeys: skip SHA1 and GOST DSes, closes #13950

---
 pdns/ws-auth.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 9c82d7dafa..460734c4dc 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -1287,7 +1287,7 @@ static void apiZoneCryptokeysExport(const DNSName& zonename, int64_t inquireKeyI
     if (value.second.keyType == DNSSECKeeper::KSK || value.second.keyType == DNSSECKeeper::CSK) {
       Json::array cdses;
       Json::array dses;
-      for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA1, DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_GOST, DNSSECKeeper::DIGEST_SHA384}) {
+      for (const uint8_t keyid : {DNSSECKeeper::DIGEST_SHA256, DNSSECKeeper::DIGEST_SHA384}) {
         try {
           string dsRecordContent = makeDSFromDNSKey(zonename, value.first.getDNSKEY(), keyid).getZoneRepresentation();
 
-- 
2.47.2