forked from rpms/openssl
a99ab8f40a
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssl.git#3413ff9700373616a74dcf14fe75868d046e22e2
71 lines
3.1 KiB
Diff
71 lines
3.1 KiB
Diff
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
|
|
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100
|
|
+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100
|
|
@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i
|
|
# (optional, default: no)
|
|
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
|
# (optional, default: no)
|
|
-ess_cert_id_alg = sha1 # algorithm to compute certificate
|
|
+ess_cert_id_alg = sha256 # algorithm to compute certificate
|
|
# identifier (optional, default: sha1)
|
|
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
|
|
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
|
|
+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100
|
|
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
|
|
ASN1_OBJECT *policy_obj = NULL;
|
|
ASN1_INTEGER *nonce_asn1 = NULL;
|
|
|
|
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
|
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
|
|
goto err;
|
|
if ((ts_req = TS_REQ_new()) == NULL)
|
|
goto err;
|
|
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
|
|
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100
|
|
+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100
|
|
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
|
|
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
|
|
|
|
if (md == NULL)
|
|
- md = "sha1";
|
|
+ md = "sha256";
|
|
|
|
cert_md = EVP_get_digestbyname(md);
|
|
if (cert_md == NULL) {
|
|
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
|
|
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
|
|
+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100
|
|
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
|
|
=item B<ess_cert_id_alg>
|
|
|
|
This option specifies the hash function to be used to calculate the TSA's
|
|
-public key certificate identifier. Default is sha1. (Optional)
|
|
+public key certificate identifier. Default is sha256. (Optional)
|
|
|
|
=back
|
|
|
|
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
|
|
|
|
=head2 Time Stamp Request
|
|
|
|
-To create a timestamp request for design1.txt with SHA-1
|
|
+To create a timestamp request for design1.txt with SHA-256
|
|
without nonce and policy and no certificate is required in the response:
|
|
|
|
openssl ts -query -data design1.txt -no_nonce \
|
|
@@ -546,12 +546,12 @@ To print the content of the previous req
|
|
|
|
openssl ts -query -in design1.tsq -text
|
|
|
|
-To create a timestamp request which includes the MD-5 digest
|
|
+To create a timestamp request which includes the SHA-512 digest
|
|
of design2.txt, requests the signer certificate and nonce,
|
|
specifies a policy id (assuming the tsa_policy1 name is defined in the
|
|
OID section of the config file):
|
|
|
|
- openssl ts -query -data design2.txt -md5 \
|
|
+ openssl ts -query -data design2.txt -sha512 \
|
|
-tspolicy tsa_policy1 -cert -out design2.tsq
|
|
|
|
=head2 Time Stamp Response
|