sorry, if this mail reaches the list twice but I cannot see the first mail on the list.
I tried to set sha1 for "openssl ca -gencrl" but it doesn't work. I checked the source code (0.9.8 and 0.9.7) and found that the req section in apps/ca.c contains the following lines:
lines 1012-1017:
if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
goto err;
}but the crl area ignores default_md, checks for DSA and EC keys and if it is an RSA key then it is a MD5. Only -md is checked. Does there be a special reason why default_md is ignored or is it possible to replace the following lines:
line 1427:
dgst=EVP_md5();
A solution could be:
if ((md=NCONF_get_string(conf,section,ENV_DEFAULT_MD)) == NULL)
{
dgst=EVP_md5();
} else {
if ((dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest
type\n",md);
goto err;
}
}I never touched this area before so perhaps it is necessary to introduce ENV_DEFAULT_CRL_MD or do CRLs with sha1 be generally not allowed? Any comments please?
Best regards
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
