diff --git a/src/Tasks/ManifestUtil/SecurityUtil.cs b/src/Tasks/ManifestUtil/SecurityUtil.cs index cf4b7cdebe7..d74182f6ec8 100644 --- a/src/Tasks/ManifestUtil/SecurityUtil.cs +++ b/src/Tasks/ManifestUtil/SecurityUtil.cs @@ -572,7 +572,11 @@ public static void SignFile(string certPath, SecureString certPassword, Uri time private static bool UseSha256Algorithm(X509Certificate2 cert) { Oid oid = cert.SignatureAlgorithm; - return string.Equals(oid.FriendlyName, "sha256RSA", StringComparison.OrdinalIgnoreCase); + // Issue 6732: Clickonce does not support sha384/sha512 file hash so we default to sha256 + // for certs with that signature algorithm. + return string.Equals(oid.FriendlyName, "sha256RSA", StringComparison.OrdinalIgnoreCase) || + string.Equals(oid.FriendlyName, "sha384RSA", StringComparison.OrdinalIgnoreCase) || + string.Equals(oid.FriendlyName, "sha512RSA", StringComparison.OrdinalIgnoreCase); } ///