3505ea6700
Four patches are not being applied due to failures in the build and/or applying them: - openssl-1.1.1-fips.patch - openssl-1.1.1-fips-post-rand.patch - openssl-1.1.1-evp-kdf.patch - openssl-1.1.1-ssh-kdf.patch Mind that fips related patches were not applied in the previously version either. Resolves: rhbz#1740772 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
51 lines
1.8 KiB
Diff
51 lines
1.8 KiB
Diff
diff --git a/apps/ts.c b/apps/ts.c
|
|
index 63c5210183..4ef8a72eef 100644
|
|
--- a/apps/ts.c
|
|
+++ b/apps/ts.c
|
|
@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
|
|
ASN1_OBJECT *policy_obj = NULL;
|
|
ASN1_INTEGER *nonce_asn1 = NULL;
|
|
|
|
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
|
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
|
|
goto err;
|
|
if ((ts_req = TS_REQ_new()) == NULL)
|
|
goto err;
|
|
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
|
|
index 078905a845..83b8fe4350 100644
|
|
--- a/doc/man1/ts.pod
|
|
+++ b/doc/man1/ts.pod
|
|
@@ -517,7 +517,7 @@ included. Default is no. (Optional)
|
|
=item B<ess_cert_id_alg>
|
|
|
|
This option specifies the hash function to be used to calculate the TSA's
|
|
-public key certificate identifier. Default is sha1. (Optional)
|
|
+public key certificate identifier. Default is sha256. (Optional)
|
|
|
|
=back
|
|
|
|
@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do.
|
|
|
|
=head2 Time Stamp Request
|
|
|
|
-To create a time stamp request for design1.txt with SHA-1
|
|
+To create a time stamp request for design1.txt with SHA-256
|
|
without nonce and policy and no certificate is required in the response:
|
|
|
|
openssl ts -query -data design1.txt -no_nonce \
|
|
@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format:
|
|
|
|
openssl ts -query -in design1.tsq -text
|
|
|
|
-To create a time stamp request which includes the MD-5 digest
|
|
+To create a time stamp request which includes the SHA-512 digest
|
|
of design2.txt, requests the signer certificate and nonce,
|
|
specifies a policy id (assuming the tsa_policy1 name is defined in the
|
|
OID section of the config file):
|
|
|
|
- openssl ts -query -data design2.txt -md5 \
|
|
+ openssl ts -query -data design2.txt -sha512 \
|
|
-tspolicy tsa_policy1 -cert -out design2.tsq
|
|
|
|
=head2 Time Stamp Response
|