[crypto-utils] keyutil: use SHA1 as default hash in created certs (#921117)

jorton jorton at fedoraproject.org
Wed Jan 22 14:32:41 UTC 2014 

commit 900400f9a8e2cb8aad10b8a66aac65d2c0af0f60
Author: Joe Orton <jorton at redhat.com>
Date:   Wed Jan 22 14:32:59 2014 +0000

    keyutil: use SHA1 as default hash in created certs (#921117)
    
    - genkey: default to 2048 bit keysize (#986788)
    Resolves: rhbz#986788
    Resolves: rhbz#921117

 crypto-utils.spec |    6 +++++-
 genkey.pl         |    6 +++---
 keyutil.c         |    2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/crypto-utils.spec b/crypto-utils.spec
index 500c960..0cf2874 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 44%{?dist}
+Release: 45%{?dist}
 Group: Applications/System
 # certwatch.c is GPLv2
 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,10 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt
 
 %changelog
+* Wed Jan 22 2014 Joe Orton <jorton at redhat.com> - 2.4.1-45
+- keyutil: use SHA1 as default hash in created certs (#921117)
+- genkey: default to 2048 bit keysize (#986788)
+
 * Fri Aug  9 2013 Joe Orton <jorton at redhat.com> - 2.4.1-44
 - fix License, fix debuginfo generation (#915705)
 
diff --git a/genkey.pl b/genkey.pl
index 195c096..909f5d1 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -526,8 +526,8 @@ EOT
     my $listbox = Newt::Listbox(5, 0);
     my $text = Newt::Textbox(70, 6, 0, $title);
     my @listitems = ("512 (insecure)",
-		     "1024 (medium-grade, fast speed) [RECOMMENDED]",
-		     "2048 (high-security, medium speed)",
+		     "1024 (medium-grade, fast speed)",
+		     "2048 (high-security, medium speed) [RECOMMENDED]",
 		     "4096 (paranoid-security, tortoise speed)",
 		     "Choose your own");
 
@@ -537,7 +537,7 @@ EOT
     $panel->Add(0, 1, $listbox, 0, 0, 1);
     $panel->Add(0, 2, NextBackCancelButton());
     
-    Newt::newtListboxSetCurrent($listbox->{co}, 1);
+    Newt::newtListboxSetCurrent($listbox->{co}, 2);
 
     $panel->Draw();
 
diff --git a/keyutil.c b/keyutil.c
index 1f50d40..e996c51 100644
--- a/keyutil.c
+++ b/keyutil.c
@@ -1522,7 +1522,7 @@ static int keyutil_main(
     keyutil_extns[ext_policyConstr] = PR_FALSE;
     keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE;
 
-    hashAlgTag = SEC_OID_MD5;
+    hashAlgTag = SEC_OID_SHA1;
 
     /*  Make a cert request */
     rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,

More information about the scm-commits mailing list