Commit fd81c892 authored by Stefan Fritsch's avatar Stefan Fritsch

Switch to SHA2 for newly generated certificates

parent eb95c07a
ssl-cert (1.0.34) UNRELEASED; urgency=medium
* Switch to SHA2 for newly generated certificates. Closes: #733255
-- Stefan Fritsch <sf@debian.org> Sat, 28 Dec 2013 10:41:14 +0100
ssl-cert (1.0.33) unstable; urgency=low
* Update Japanese translation, thanks to victory <victory deb gmail com>
......
......@@ -100,7 +100,7 @@ create_temporary_cnf
# create the certificate.
if [ "$1" != "generate-default-snakeoil" ]; then
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
-out $output -keyout $output > $TMPOUT 2>&1
then
echo Could not create certificate. Openssl output was: >&2
......@@ -112,7 +112,7 @@ if [ "$1" != "generate-default-snakeoil" ]; then
cd $(dirname $output)
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
else
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1
then
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment