diff options
author | Davanum Srinivas <davanum@gmail.com> | 2015-02-05 13:57:04 -0500 |
---|---|---|
committer | Artom Lifshitz <alifshit@redhat.com> | 2015-02-24 17:27:54 -0500 |
commit | e27596102087984d2b8c9b74ef0e340c372d0b77 (patch) | |
tree | 33fa9ecf16d0953890a54524e04f6cf9d265ce5d | |
parent | c58d6441d9ed287917d711823a309c5df1659758 (diff) | |
download | nova-e27596102087984d2b8c9b74ef0e340c372d0b77.tar.gz |
Make tests use sha256 as openssl default digest algorithm
The tests previously used md5, which is considered broken,
and distros are starting to disable this in their openssl
builds.
Make the tests use sha256 as the default as a long term
sane alternative that should work on all distros.
This will fix Centos 7, and future proof the tests.
Closes-Bug: #1399498
Change-Id: Ic6cc92e47a318d789db3c3c98c67948eefb51fc2
(cherry picked from commit f4495de5a04b03bbd6773b6b059ea0341a2d0aea)
-rw-r--r-- | nova/CA/openssl.cnf.tmpl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nova/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl index f87d9f3b21..838a9cdba3 100644 --- a/nova/CA/openssl.cnf.tmpl +++ b/nova/CA/openssl.cnf.tmpl @@ -34,7 +34,7 @@ private_key = $dir/private/cakey.pem unique_subject = no default_crl_days = 365 default_days = 365 -default_md = md5 +default_md = sha256 preserve = no email_in_dn = no nameopt = default_ca @@ -57,7 +57,7 @@ emailAddress = optional [ req ] default_bits = 1024 # Size of keys default_keyfile = key.pem # name of generated keys -default_md = md5 # message digest algorithm +default_md = sha256 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name |