|
 |
8d87dc |
From 17f6391bf8bc5e0e74ea981c795455a18826ed35 Mon Sep 17 00:00:00 2001
|
|
|
8d87dc |
From: Remi Collet <remi@php.net>
|
|
|
8d87dc |
Date: Fri, 14 Mar 2014 09:50:15 +0100
|
|
|
8d87dc |
Subject: [PATCH] Fixed Bug #66833 Default digest algo is still MD5
|
|
|
8d87dc |
|
|
|
8d87dc |
Switch to SHA1, which match internal openssl hardcoded algo.
|
|
|
8d87dc |
|
|
|
8d87dc |
In most case, won't even be noticed
|
|
|
8d87dc |
- priority on user input (default_md)
|
|
|
8d87dc |
- fallback on system config
|
|
|
8d87dc |
- fallback on this default value
|
|
|
8d87dc |
|
|
|
8d87dc |
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
|
|
|
8d87dc |
|
|
|
8d87dc |
While SHA1 is better than MD5, SHA256 is recommenced,
|
|
|
8d87dc |
and defined as default algo in provided configuration on
|
|
|
8d87dc |
recent system (Fedora 21, RHEL-7, ...). But the idea is to
|
|
|
8d87dc |
keep in sync with openssl internal value for PHP internal value.
|
|
|
8d87dc |
---
|
|
|
8d87dc |
ext/openssl/openssl.c | 2 +-
|
|
|
8d87dc |
ext/openssl/tests/openssl.cnf | 1 -
|
|
|
8d87dc |
2 files changed, 1 insertion(+), 2 deletions(-)
|
|
|
8d87dc |
|
|
|
8d87dc |
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
|
|
|
8d87dc |
index b2ac712..88ad2ef 100755
|
|
|
8d87dc |
--- a/ext/openssl/openssl.c
|
|
|
8d87dc |
+++ b/ext/openssl/openssl.c
|
|
|
8d87dc |
@@ -855,7 +855,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
|
|
|
8d87dc |
req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
|
|
|
8d87dc |
}
|
|
|
8d87dc |
if (req->md_alg == NULL) {
|
|
|
8d87dc |
- req->md_alg = req->digest = EVP_md5();
|
|
|
8d87dc |
+ req->md_alg = req->digest = EVP_sha1();
|
|
|
8d87dc |
}
|
|
|
8d87dc |
|
|
|
8d87dc |
PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section);
|
|
|
8d87dc |
|
|
|
8d87dc |
--
|
|
|
8d87dc |
2.1.4
|
|
|
8d87dc |
|