From bd0a0648a85c8aed266eeada48721fd85c124736 Mon Sep 17 00:00:00 2001
From: Hacksawfred3232 <frederick.simmonds@gmail.com>
Date: Fri, 19 Jan 2024 01:26:45 +0000
Subject: Added warning about SHA1 being used for response signing in ocsp.rst
 (#10204)

* Update ocsp.rst

Added warning about SHA1 being used for sign()

* Update ocsp.rst

Fixed spelling issues, at least according to en-GB dictionary.

* Update ocsp.rst

Spell checker didn't catch "algorithim" somehow.

* Update ocsp.rst

Attempting to rephrase the warning.

* Update ocsp.rst

Removing rouge space.
---
 docs/x509/ocsp.rst | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst
index 76bfc02..94605c2 100644
--- a/docs/x509/ocsp.rst
+++ b/docs/x509/ocsp.rst
@@ -340,7 +340,11 @@ Creating Responses
             :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`
             and an instance of a
             :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
-            otherwise.
+            otherwise. Please note that
+            :class:`~cryptography.hazmat.primitives.hashes.SHA1`
+            can not be used here, regardless of if it was used for
+            :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_response`
+            or not.
 
         :returns: A new :class:`~cryptography.x509.ocsp.OCSPResponse`.
 
-- 
cgit v1.1