Commit fd81c892 authored by Stefan Fritsch's avatar Stefan Fritsch

Switch to SHA2 for newly generated certificates

parent eb95c07a
ssl-cert (1.0.34) UNRELEASED; urgency=medium
* Switch to SHA2 for newly generated certificates. Closes: #733255
-- Stefan Fritsch <sf@debian.org> Sat, 28 Dec 2013 10:41:14 +0100
ssl-cert (1.0.33) unstable; urgency=low ssl-cert (1.0.33) unstable; urgency=low
* Update Japanese translation, thanks to victory <victory deb gmail com> * Update Japanese translation, thanks to victory <victory deb gmail com>
......
...@@ -100,7 +100,7 @@ create_temporary_cnf ...@@ -100,7 +100,7 @@ create_temporary_cnf
# create the certificate. # create the certificate.
if [ "$1" != "generate-default-snakeoil" ]; then if [ "$1" != "generate-default-snakeoil" ]; then
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \ if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
-out $output -keyout $output > $TMPOUT 2>&1 -out $output -keyout $output > $TMPOUT 2>&1
then then
echo Could not create certificate. Openssl output was: >&2 echo Could not create certificate. Openssl output was: >&2
...@@ -112,7 +112,7 @@ if [ "$1" != "generate-default-snakeoil" ]; then ...@@ -112,7 +112,7 @@ if [ "$1" != "generate-default-snakeoil" ]; then
cd $(dirname $output) cd $(dirname $output)
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output)) ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output))
else else
if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \ if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \ -out /etc/ssl/certs/ssl-cert-snakeoil.pem \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1 -keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1
then then
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment