diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-03-16 18:25:22 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-03-23 17:22:31 +0100 |
| commit | ae0604f58334c72f9969fdc1a6425adb948da0e9 (patch) | |
| tree | 13a634c61a531391a93e8de6d4aca385ba0899a1 /src/pki/commands/self.c | |
| parent | 7fa03b308cb73c68ea7e944fcbc19073d3a3f5fa (diff) | |
| download | strongswan-ae0604f58334c72f9969fdc1a6425adb948da0e9.tar.bz2 strongswan-ae0604f58334c72f9969fdc1a6425adb948da0e9.tar.xz | |
pki: Use SHA-256 as default for signatures
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
Diffstat (limited to 'src/pki/commands/self.c')
| -rw-r--r-- | src/pki/commands/self.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 8dcb046de..13374e2de 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -50,7 +50,7 @@ static int self() { cred_encoding_type_t form = CERT_ASN1_DER; key_type_t type = KEY_RSA; - hash_algorithm_t digest = HASH_SHA1; + hash_algorithm_t digest = HASH_SHA256; certificate_t *cert = NULL; private_key_t *private = NULL; public_key_t *public = NULL; @@ -263,14 +263,6 @@ static int self() break; } - if (type == KEY_BLISS) - { - /* the default hash function is SHA512. SHA1 is not supported */ - if (digest == HASH_SHA1) - { - digest = HASH_SHA512; - } - } if (!dn) { error = "--dn is required"; @@ -455,7 +447,7 @@ static void __attribute__ ((constructor))reg() {"policy-any", 'A', 1, "inhibitAnyPolicy constraint"}, {"flag", 'e', 1, "include extendedKeyUsage flag"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, - {"digest", 'g', 1, "digest for signature creation, default: sha1"}, + {"digest", 'g', 1, "digest for signature creation, default: sha256"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, } }); |