zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed the default value of the "ess_cert_id_alg" option

Browse Source 
This is used to calculate the TSA's public key certificate identifier.

The default algorithm is changed from sha1 to sha256.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21794)
This commit is contained in:
olszomal 2023-08-21 09:29:28 +02:00 committed by Tomas Mraz
parent 975f372a6f
commit 10536b7f5b
5 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/openssl-vms.cnf
View File

@ -330,8 +330,8 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha256)
[insta] # CMP using Insta Demo CA
# Message transfer

4
apps/openssl.cnf
View File

@ -330,8 +330,8 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha256)
[insta] # CMP using Insta Demo CA
# Message transfer

2
crypto/ts/ts_conf.c
View File

@ -481,7 +481,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
if (md == NULL)
md = "sha1";
md = "sha256";
cert_md = EVP_get_digestbyname(md);
if (cert_md == NULL) {

2
doc/man1/openssl-ts.pod.in
View File

@ -490,7 +490,7 @@ Default is no. (Optional)
=item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's
public key certificate identifier. Default is sha1. (Optional)
public key certificate identifier. Default is sha256. (Optional)
=back

2
test/CAtsa.cnf
View File

@ -144,7 +144,7 @@ tsa_name = yes # Must the TSA name be included in the reply?
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1)
# identifier (optional, default: sha256)
[ tsa_config2 ]