Change default digest_algorithm value to sha256

In I9236cc85f4e9881ac1aa35d69bc6761a59c1b6c8 it was promised that the default for digest_algorithm would change from sha1 to sha256. The sole purpose of this commit is to upgrade the default to sha256 as promised. DocImpact SecurityImpact Change-Id: I12be91db7b86e335a84c9ebed86dac3ba09051cb
2015-06-30 18:32:13 -05:00 · 2015-06-30 18:32:13 -05:00 · 6ca3951454
commit 6ca3951454
parent 921e3f7534
2 changed files with 7 additions and 12 deletions
--- a/etc/glance-api.conf
+++ b/etc/glance-api.conf
@ -145,13 +145,11 @@ backlog = 4096
 #metadata_encryption_key = <16, 24 or 32 char registry metadata key>


-# Digest algorithm which will be used for digital signature, the default is
-# sha1 in Kilo for a smooth upgrade process, and it will be updated with
-# sha256 in next release(L). Use command
+# Digest algorithm which will be used for digital signature. Use the command
 # "openssl list-message-digest-algorithms" to get the available algorithms
 # supported by the version of OpenSSL on the platform. Examples are 'sha1',
 # 'sha256', 'sha512', etc.
-#digest_algorithm = sha1
+#digest_algorithm = sha256

 # ============ Registry Options ===============================

--- a/glance/common/config.py
+++ b/glance/common/config.py
@ -167,15 +167,12 @@ common_opts = [
                      'This includes, if used, Swift or S3 credentials. '
                      'Should be set to a random string of length 16, 24 or '
                      '32 bytes')),
-    cfg.StrOpt('digest_algorithm', default='sha1',
+    cfg.StrOpt('digest_algorithm', default='sha256',
               help=_('Digest algorithm which will be used for digital '
-                      'signature; the default is sha1 the default in Kilo '
-                      'for a smooth upgrade process, and it will be updated '
-                      'with sha256 in next release(L). Use the command '
-                      '"openssl list-message-digest-algorithms" to get the '
-                      'available algorithms supported by the version of '
-                      'OpenSSL on the platform. Examples are "sha1", '
-                      '"sha256", "sha512", etc.')),
+                      'signature. Use the command "openssl list-message-'
+                      'digest-algorithms" to get the available algorithms'
+                      'supported by the version of OpenSSL on the platform.'
+                      ' Examples are "sha1", "sha256", "sha512", etc.')),
 ]

 CONF = cfg.CONF