diff options
author | Remi Collet <remi@php.net> | 2014-03-14 09:50:15 +0100 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2014-03-14 09:50:15 +0100 |
commit | 17f6391bf8bc5e0e74ea981c795455a18826ed35 (patch) | |
tree | 13fd52798041cd0c34272895af332c6b6c014b67 | |
parent | 737c187013624122584ed6d18a39a34599717458 (diff) | |
download | php-git-17f6391bf8bc5e0e74ea981c795455a18826ed35.tar.gz |
Fixed Bug #66833 Default digest algo is still MD5
Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
-rwxr-xr-x | ext/openssl/openssl.c | 2 | ||||
-rw-r--r-- | ext/openssl/tests/openssl.cnf | 1 |
2 files changed, 1 insertions, 2 deletions
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index b2ac712bcc..88ad2ef129 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -858,7 +858,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name); } if (req->md_alg == NULL) { - req->md_alg = req->digest = EVP_md5(); + req->md_alg = req->digest = EVP_sha1(); } PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section); diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf index 6ba37cb953..4ed40fdc8a 100644 --- a/ext/openssl/tests/openssl.cnf +++ b/ext/openssl/tests/openssl.cnf @@ -3,7 +3,6 @@ default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -default_md = sha1 x509_extensions = v3_ca # The extensions to add to the self signed cert string_mask = MASK:4294967295 |