|
 |
af9dc8 |
From 17f6391bf8bc5e0e74ea981c795455a18826ed35 Mon Sep 17 00:00:00 2001
|
|
|
af9dc8 |
From: Remi Collet <remi@php.net>
|
|
|
af9dc8 |
Date: Fri, 14 Mar 2014 09:50:15 +0100
|
|
|
af9dc8 |
Subject: [PATCH] Fixed Bug #66833 Default digest algo is still MD5
|
|
|
af9dc8 |
|
|
|
af9dc8 |
Switch to SHA1, which match internal openssl hardcoded algo.
|
|
|
af9dc8 |
|
|
|
af9dc8 |
In most case, won't even be noticed
|
|
|
af9dc8 |
- priority on user input (default_md)
|
|
|
af9dc8 |
- fallback on system config
|
|
|
af9dc8 |
- fallback on this default value
|
|
|
af9dc8 |
|
|
|
af9dc8 |
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
|
|
|
af9dc8 |
|
|
|
af9dc8 |
While SHA1 is better than MD5, SHA256 is recommenced,
|
|
|
af9dc8 |
and defined as default algo in provided configuration on
|
|
|
af9dc8 |
recent system (Fedora 21, RHEL-7, ...). But the idea is to
|
|
|
af9dc8 |
keep in sync with openssl internal value for PHP internal value.
|
|
|
af9dc8 |
---
|
|
|
af9dc8 |
ext/openssl/openssl.c | 2 +-
|
|
|
af9dc8 |
ext/openssl/tests/openssl.cnf | 1 -
|
|
|
af9dc8 |
2 files changed, 1 insertion(+), 2 deletions(-)
|
|
|
af9dc8 |
|
|
|
af9dc8 |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
|
|
|
af9dc8 |
index b2ac712..88ad2ef 100755
|
|
|
af9dc8 |
--- a/ext/openssl/openssl.c
|
|
|
af9dc8 |
+++ b/ext/openssl/openssl.c
|
|
|
af9dc8 |
@@ -855,7 +855,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
|
|
|
af9dc8 |
req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
if (req->md_alg == NULL) {
|
|
|
af9dc8 |
- req->md_alg = req->digest = EVP_md5();
|
|
|
af9dc8 |
+ req->md_alg = req->digest = EVP_sha1();
|
|
|
af9dc8 |
}
|
|
|
af9dc8 |
|
|
|
af9dc8 |
PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section);
|
|
|
af9dc8 |
|
|
|
af9dc8 |
--
|
|
|
af9dc8 |
2.1.4
|
|
|
af9dc8 |
|