use SHA-1 as the default digest for the apps/openssl commands

12bdb643 · Nils Larsch · 7bdf8eed · 12bdb643 · 12bdb643 · 12bdb643
Showing with 11 addition and 7 deletion

CHANGES CHANGES +5 -1

apps/crl.c apps/crl.c +1 -1

apps/openssl.cnf apps/openssl.cnf +1 -1

apps/req.c apps/req.c +1 -1

apps/x509.c apps/x509.c +1 -1

doc/apps/x509.pod doc/apps/x509.pod +2 -2

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,11 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7e and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7f and 0.9.8  [xx XXX xxxx]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]

  *) Compile clean with "-Wall -Wmissing-prototypes
     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently

--- a/apps/crl.c
+++ b/apps/crl.c
@@ -115,7 +115,7 @@ int MAIN(int argc, char **argv)
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_sha1();

 	apps_startup();


--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -67,7 +67,7 @@ cert_opt 	= ca_default		# Certificate field options

 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
+default_md	= sha1			# which md to use.
 preserve	= no			# keep passed DN ordering

 # A few difference way of specifying how similar the request should look

--- a/apps/req.c
+++ b/apps/req.c
@@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
 	char *p;
 	char *subj = NULL;
 	int multirdn = 0;
-	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -184,7 +184,7 @@ int MAIN(int argc, char **argv)
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_sha1();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;

--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -98,8 +98,8 @@ default.

 the digest to use. This affects any signing or display option that uses a message
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
-specified then MD5 is used. If the key being used to sign with is a DSA key then
-this option has no effect: SHA1 is always used with DSA keys.
+specified then SHA1 is used. If the key being used to sign with is a DSA key
+then this option has no effect: SHA1 is always used with DSA keys.

 =item B<-engine id>