zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed the default value of the "ess_cert_id_alg" option

Browse Source 
This is used to calculate the TSA's public key certificate identifier.

The default algorithm is changed from sha1 to sha256.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21794)
This commit is contained in:
olszomal 2023-08-21 09:29:28 +02:00 committed by Tomas Mraz
parent 975f372a6f
commit 10536b7f5b
5 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/openssl-vms.cnf
View File

@ -330,8 +330,8 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no) # (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included? ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no) # (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1) # identifier (optional, default: sha256)
[insta] # CMP using Insta Demo CA [insta] # CMP using Insta Demo CA
# Message transfer # Message transfer

4
apps/openssl.cnf
View File

@ -330,8 +330,8 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no) # (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included? ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no) # (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1) # identifier (optional, default: sha256)
[insta] # CMP using Insta Demo CA [insta] # CMP using Insta Demo CA
# Message transfer # Message transfer

2
crypto/ts/ts_conf.c
View File

@ -481,7 +481,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
if (md == NULL) if (md == NULL)
md = "sha1"; md = "sha256";
cert_md = EVP_get_digestbyname(md); cert_md = EVP_get_digestbyname(md);
if (cert_md == NULL) { if (cert_md == NULL) {

2
doc/man1/openssl-ts.pod.in
View File

@ -490,7 +490,7 @@ Default is no. (Optional)
=item B<ess_cert_id_alg> =item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's This option specifies the hash function to be used to calculate the TSA's
public key certificate identifier. Default is sha1. (Optional) public key certificate identifier. Default is sha256. (Optional)
=back =back

2
test/CAtsa.cnf
View File

@ -144,7 +144,7 @@ tsa_name = yes # Must the TSA name be included in the reply?
ess_cert_id_chain = yes # Must the ESS cert id chain be included? ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no) # (optional, default: no)
ess_cert_id_alg = sha256 # algorithm to compute certificate ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1) # identifier (optional, default: sha256)
[ tsa_config2 ] [ tsa_config2 ]