[tor-commits] [tor/master] Generate our x509 certificates using sha256, not sha1.
nickm at torproject.org
nickm at torproject.org
Thu Nov 3 13:18:59 UTC 2016
commit 70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Sep 11 17:54:12 2016 -0400
Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.
Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
---
src/common/tortls.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 0315398..eb24411 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -523,7 +523,8 @@ MOCK_IMPL(STATIC X509 *,
goto error;
if (!X509_set_pubkey(x509, pkey))
goto error;
- if (!X509_sign(x509, sign_pkey, EVP_sha1()))
+
+ if (!X509_sign(x509, sign_pkey, EVP_sha256()))
goto error;
goto done;
More information about the tor-commits
mailing list