[openssl-dev] [openssl.org #4302] Documentation error in apps/x509.html: -[digest] option
Richard.Koenning@ts.fujitsu.com via RT
rt at openssl.org
Fri Feb 12 16:41:02 UTC 2016
https://www.openssl.org/docs/manmaster/apps/x509.html says:
> -[digest]
>
> the digest to use. This affects any signing or display option that uses a message digest, such as the -fingerprint,
> -signkey and -CA options. Any digest supported by the OpenSSL dgst
command can be used. If not specified then SHA1 is used.
That SHA1 is used when the digest is not specified is true for the
-fingerprint option, but it is at least not true for the -CA option.
In the latter case (and very probably also for the -signkey option) the
default digest method is selected via rsa_pkey_ctrl() in
crypto/rsa/rsa_ameth.c with op = ASN1_PKEY_CTRL_DEFAULT_MD_NID and here
is NID_sha256 returned since OpenSSL 1.0.2 instead NID_sha1 in older
OpenSSL versions.
Best regards,
Richard Könning
--
Dr. Richard W. Könning
Fujitsu Technology Solutions GmbH
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4302
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list