diff options
| author | Nils Larsch <nils@openssl.org> | 2005-04-02 09:29:15 +0000 |
|---|---|---|
| committer | Nils Larsch <nils@openssl.org> | 2005-04-02 09:29:15 +0000 |
| commit | 12bdb643756d829569bb903e5b806613ff975ccb (patch) | |
| tree | 8b3186d726311147bb078922ff64bece40dedd01 | |
| parent | 7bdf8eed69e190ce8f2869a8421aa710d6d07504 (diff) | |
| download | openssl-new-12bdb643756d829569bb903e5b806613ff975ccb.tar.gz | |
use SHA-1 as the default digest for the apps/openssl commands
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | apps/crl.c | 2 | ||||
| -rw-r--r-- | apps/openssl.cnf | 2 | ||||
| -rw-r--r-- | apps/req.c | 2 | ||||
| -rw-r--r-- | apps/x509.c | 2 | ||||
| -rw-r--r-- | doc/apps/x509.pod | 4 |
6 files changed, 11 insertions, 7 deletions
@@ -2,7 +2,11 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7e and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7f and 0.9.8 [xx XXX xxxx] + + *) Use SHA-1 instead of MD5 as the default digest algorithm for + the apps/openssl applications. + [Nils Larsch] *) Compile clean with "-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Werror". Currently diff --git a/apps/crl.c b/apps/crl.c index 878f65468e..3eb676e16b 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -115,7 +115,7 @@ int MAIN(int argc, char **argv) X509_OBJECT xobj; EVP_PKEY *pkey; int do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); apps_startup(); diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 6d731cbe8b..04710f87d5 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -67,7 +67,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = sha1 # which md to use. preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look diff --git a/apps/req.c b/apps/req.c index d634268653..f43c477f75 100644 --- a/apps/req.c +++ b/apps/req.c @@ -187,7 +187,7 @@ int MAIN(int argc, char **argv) char *p; char *subj = NULL; int multirdn = 0; - const EVP_MD *md_alg=NULL,*digest=EVP_md5(); + const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH char *to_free; diff --git a/apps/x509.c b/apps/x509.c index 1dad6363de..9dc99dfa0f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -184,7 +184,7 @@ int MAIN(int argc, char **argv) X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - const EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_sha1(); CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 21bdfccb9a..2b3cf28610 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -98,8 +98,8 @@ default. the digest to use. This affects any signing or display option that uses a message digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not -specified then MD5 is used. If the key being used to sign with is a DSA key then -this option has no effect: SHA1 is always used with DSA keys. +specified then SHA1 is used. If the key being used to sign with is a DSA key +then this option has no effect: SHA1 is always used with DSA keys. =item B<-engine id> |