Switch to SHA1, which match internal openssl hardcoded algo.
In most case, won't even be noticed
- priority on user input (default_md)
- fallback on system config
- fallback on this default value
Recent system reject MD5 digest, noticed in bug36732.phpt failure.
While SHA1 is better than MD5, SHA256 is recommenced,
and defined as default algo in provided configuration on
recent system (Fedora 21, RHEL-7, ...). But the idea is to
keep in sync with openssl internal value for PHP internal value.
req->digest = req->md_alg = EVP_get_digestbyname(req->digest_name);
}
if (req->md_alg == NULL) {
- req->md_alg = req->digest = EVP_md5();
+ req->md_alg = req->digest = EVP_sha1();
}
PHP_SSL_CONFIG_SYNTAX_CHECK(extensions_section);
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
-default_md = sha1
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = MASK:4294967295