isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.1.1-ts-sha256-default.patch

e4b8d1
diff --git a/apps/ts.c b/apps/ts.c
e4b8d1
index 63c5210183..4ef8a72eef 100644
e4b8d1
--- a/apps/ts.c
e4b8d1
+++ b/apps/ts.c
e4b8d1
@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
e4b8d1
     ASN1_OBJECT *policy_obj = NULL;
e4b8d1
     ASN1_INTEGER *nonce_asn1 = NULL;
e4b8d1
 
e4b8d1
-    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
e4b8d1
+    if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
e4b8d1
         goto err;
e4b8d1
     if ((ts_req = TS_REQ_new()) == NULL)
e4b8d1
         goto err;
e4b8d1
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
e4b8d1
index 078905a845..83b8fe4350 100644
e4b8d1
--- a/doc/man1/ts.pod
e4b8d1
+++ b/doc/man1/ts.pod
e4b8d1
@@ -517,7 +517,7 @@ included. Default is no. (Optional)
e4b8d1
 =item B<ess_cert_id_alg>
e4b8d1
 
e4b8d1
 This option specifies the hash function to be used to calculate the TSA's
e4b8d1
-public key certificate identifier. Default is sha1. (Optional)
e4b8d1
+public key certificate identifier. Default is sha256. (Optional)
e4b8d1
 
e4b8d1
 =back
e4b8d1
 
e4b8d1
@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do.
e4b8d1
 
e4b8d1
 =head2 Time Stamp Request
e4b8d1
 
e4b8d1
-To create a time stamp request for design1.txt with SHA-1
e4b8d1
+To create a time stamp request for design1.txt with SHA-256
e4b8d1
 without nonce and policy and no certificate is required in the response:
e4b8d1
 
e4b8d1
   openssl ts -query -data design1.txt -no_nonce \
e4b8d1
@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format:
e4b8d1
 
e4b8d1
   openssl ts -query -in design1.tsq -text
e4b8d1
 
e4b8d1
-To create a time stamp request which includes the MD-5 digest
e4b8d1
+To create a time stamp request which includes the SHA-512 digest
e4b8d1
 of design2.txt, requests the signer certificate and nonce,
e4b8d1
 specifies a policy id (assuming the tsa_policy1 name is defined in the
e4b8d1
 OID section of the config file):
e4b8d1
 
e4b8d1
-  openssl ts -query -data design2.txt -md5 \
e4b8d1
+  openssl ts -query -data design2.txt -sha512 \
e4b8d1
         -tspolicy tsa_policy1 -cert -out design2.tsq
e4b8d1
 
e4b8d1
 =head2 Time Stamp Response