Fixed Bug #66833 Default digest algo is still MD5

Switch to SHA1, which match internal openssl hardcoded algo.

In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value

Recent system reject MD5 digest, noticed in bug36732.phpt failure.

While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index b2ac712bccb672e805f83d293750e7dd496d804f..88ad2ef129373225493399684c349b298efaf600 100755 (executable)
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -858,7 +858,7 @@ static int php_openssl_parse_config(struct php_x509_request * req, zval * option
                req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
        }
        if (req->md_alg == NULL) {
-               req->md_alg = req->digest = EVP_md5();
+               req->md_alg = req->digest = EVP_sha1();
        }
 
        PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section);

diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf
index 6ba37cb953c02e028ba334abdfffac6bc88c5a6a..4ed40fdc8aa0b677e157e320ccdafb3678e60501 100644 (file)
--- a/ext/openssl/tests/openssl.cnf
+++ b/ext/openssl/tests/openssl.cnf
@@ -3,7 +3,6 @@ default_bits            = 1024
 default_keyfile        = privkey.pem
 distinguished_name     = req_distinguished_name
 attributes             = req_attributes
-default_md             = sha1
 x509_extensions        = v3_ca # The extensions to add to the self signed cert
 string_mask = MASK:4294967295