certtool: when signing CRLs or CSRs use the specified in cmd hash algorithm

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-10 08:26:44 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-08-10 08:31:19 +0200
commit: f310cda689c3068d6da7798192977ccedc6cc8a3 (patch)
tree: aada3628e1f9b537332e2d9f4d6823f11b31e8bc
parent: 246213cf3886f7227b1a87d995ab130a152290ab (diff)
download: gnutls-f310cda689c3068d6da7798192977ccedc6cc8a3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/certtool.c b/src/certtool.c
index 832ca533d6..b8da15ea2a 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -943,7 +943,7 @@ generate_signed_crl (common_info_st * cinfo)
   crl = generate_crl (ca_crt, cinfo);
 
   fprintf (stderr, "\n");
-  result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, SIGN_HASH, 0);
+  result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, (default_dig != GNUTLS_DIG_UNKNOWN)?default_dig:SIGN_HASH, 0);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crl_privkey_sign: %s", gnutls_strerror (result));
 
@@ -1919,7 +1919,7 @@ generate_request (common_info_st * cinfo)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (ret));
 
-  ret = gnutls_x509_crq_privkey_sign (crq, pkey, SIGN_HASH, 0);
+  ret = gnutls_x509_crq_privkey_sign (crq, pkey, (default_dig != GNUTLS_DIG_UNKNOWN)?default_dig:SIGN_HASH, 0);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "sign: %s", gnutls_strerror (ret));
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-10 08:26:44 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-08-10 08:31:19 +0200
commit	f310cda689c3068d6da7798192977ccedc6cc8a3 (patch)
tree	aada3628e1f9b537332e2d9f4d6823f11b31e8bc
parent	246213cf3886f7227b1a87d995ab130a152290ab (diff)
download	gnutls-f310cda689c3068d6da7798192977ccedc6cc8a3.tar.gz