[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Generate our x509 certificates using sha256, not sha1.
commit 70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Sun Sep 11 17:54:12 2016 -0400
Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.
Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
---
src/common/tortls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 0315398..eb24411 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -523,7 +523,8 @@ MOCK_IMPL(STATIC X509 *,
goto error;
if (!X509_set_pubkey(x509, pkey))
goto error;
- if (!X509_sign(x509, sign_pkey, EVP_sha1()))
+
+ if (!X509_sign(x509, sign_pkey, EVP_sha256()))
goto error;
goto done;
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits