[crypto-utils] keyutil: use SHA1 as default hash in created certs (#921117)
jorton
jorton at fedoraproject.org
Wed Jan 22 14:32:41 UTC 2014
commit 900400f9a8e2cb8aad10b8a66aac65d2c0af0f60
Author: Joe Orton <jorton at redhat.com>
Date: Wed Jan 22 14:32:59 2014 +0000
keyutil: use SHA1 as default hash in created certs (#921117)
- genkey: default to 2048 bit keysize (#986788)
Resolves: rhbz#986788
Resolves: rhbz#921117
crypto-utils.spec | 6 +++++-
genkey.pl | 6 +++---
keyutil.c | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/crypto-utils.spec b/crypto-utils.spec
index 500c960..0cf2874 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.4.1
-Release: 44%{?dist}
+Release: 45%{?dist}
Group: Applications/System
# certwatch.c is GPLv2
# pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,10 @@ chmod -R u+w $RPM_BUILD_ROOT
%{perl_vendorarch}/auto/Crypt
%changelog
+* Wed Jan 22 2014 Joe Orton <jorton at redhat.com> - 2.4.1-45
+- keyutil: use SHA1 as default hash in created certs (#921117)
+- genkey: default to 2048 bit keysize (#986788)
+
* Fri Aug 9 2013 Joe Orton <jorton at redhat.com> - 2.4.1-44
- fix License, fix debuginfo generation (#915705)
diff --git a/genkey.pl b/genkey.pl
index 195c096..909f5d1 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -526,8 +526,8 @@ EOT
my $listbox = Newt::Listbox(5, 0);
my $text = Newt::Textbox(70, 6, 0, $title);
my @listitems = ("512 (insecure)",
- "1024 (medium-grade, fast speed) [RECOMMENDED]",
- "2048 (high-security, medium speed)",
+ "1024 (medium-grade, fast speed)",
+ "2048 (high-security, medium speed) [RECOMMENDED]",
"4096 (paranoid-security, tortoise speed)",
"Choose your own");
@@ -537,7 +537,7 @@ EOT
$panel->Add(0, 1, $listbox, 0, 0, 1);
$panel->Add(0, 2, NextBackCancelButton());
- Newt::newtListboxSetCurrent($listbox->{co}, 1);
+ Newt::newtListboxSetCurrent($listbox->{co}, 2);
$panel->Draw();
diff --git a/keyutil.c b/keyutil.c
index 1f50d40..e996c51 100644
--- a/keyutil.c
+++ b/keyutil.c
@@ -1522,7 +1522,7 @@ static int keyutil_main(
keyutil_extns[ext_policyConstr] = PR_FALSE;
keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE;
- hashAlgTag = SEC_OID_MD5;
+ hashAlgTag = SEC_OID_SHA1;
/* Make a cert request */
rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,
More information about the scm-commits
mailing list