From 30cc17e13ea61f1866d76487057f380f14a23961 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 1 Dec 2016 16:32:04 +0100
Subject: doc: no longer list SHA1 as a safe choice in X.509 signing

---
 lib/x509/crl_write.c  | 4 ++--
 lib/x509/x509_write.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c
index ce0beb5dbc..2cc1a75694 100644
--- a/lib/x509/crl_write.c
+++ b/lib/x509/crl_write.c
@@ -77,7 +77,7 @@ gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version)
  * @crl: should contain a gnutls_x509_crl_t type
  * @issuer: is the certificate of the certificate issuer
  * @issuer_key: holds the issuer's private key
- * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
+ * @dig: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing.
  * @flags: must be 0
  *
  * This function will sign the CRL with the issuer's private key, and
@@ -446,7 +446,7 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
  * @crl: should contain a gnutls_x509_crl_t type
  * @issuer: is the certificate of the certificate issuer
  * @issuer_key: holds the issuer's private key
- * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
+ * @dig: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing.
  * @flags: must be 0
  *
  * This function will sign the CRL with the issuer's private key, and
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index bc6eb2eb81..c2293dac93 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1057,7 +1057,7 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt,
  * @crt: a certificate of type #gnutls_x509_crt_t
  * @issuer: is the certificate of the certificate issuer
  * @issuer_key: holds the issuer's private key
- * @dig: The message digest to use, %GNUTLS_DIG_SHA1 is a safe choice
+ * @dig: The message digest to use, %GNUTLS_DIG_SHA256 is a safe choice
  * @flags: must be 0
  *
  * This function will sign the certificate with the issuer's private key, and
@@ -1705,7 +1705,7 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
  * @crt: a certificate of type #gnutls_x509_crt_t
  * @issuer: is the certificate of the certificate issuer
  * @issuer_key: holds the issuer's private key
- * @dig: The message digest to use, %GNUTLS_DIG_SHA1 is a safe choice
+ * @dig: The message digest to use, %GNUTLS_DIG_SHA256 is a safe choice
  * @flags: must be 0
  *
  * This function will sign the certificate with the issuer's private key, and
-- 
cgit v1.2.1