openstack/glance
Code Issues Proposed changes

Change default digest_algorithm value to sha256

Browse Source 
In I9236cc85f4e9881ac1aa35d69bc6761a59c1b6c8 it was promised that the
default for digest_algorithm would change from sha1 to sha256. The sole
purpose of this commit is to upgrade the default to sha256 as promised.

DocImpact
SecurityImpact
Change-Id: I12be91db7b86e335a84c9ebed86dac3ba09051cb
This commit is contained in:
Ian Cordasco 2015-06-30 18:32:13 -05:00
parent 921e3f7534
commit 6ca3951454
2 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
etc/glance-api.conf
View File

@ -145,13 +145,11 @@ backlog = 4096
#metadata_encryption_key = <16, 24 or 32 char registry metadata key> #metadata_encryption_key = <16, 24 or 32 char registry metadata key>
# Digest algorithm which will be used for digital signature, the default is # Digest algorithm which will be used for digital signature. Use the command
# sha1 in Kilo for a smooth upgrade process, and it will be updated with
# sha256 in next release(L). Use command
# "openssl list-message-digest-algorithms" to get the available algorithms # "openssl list-message-digest-algorithms" to get the available algorithms
# supported by the version of OpenSSL on the platform. Examples are 'sha1', # supported by the version of OpenSSL on the platform. Examples are 'sha1',
# 'sha256', 'sha512', etc. # 'sha256', 'sha512', etc.
#digest_algorithm = sha1 #digest_algorithm = sha256
# ============ Registry Options =============================== # ============ Registry Options ===============================

13
glance/common/config.py
View File

@ -167,15 +167,12 @@ common_opts = [
'This includes, if used, Swift or S3 credentials. ' 'This includes, if used, Swift or S3 credentials. '
'Should be set to a random string of length 16, 24 or ' 'Should be set to a random string of length 16, 24 or '
'32 bytes')), '32 bytes')),
cfg.StrOpt('digest_algorithm', default='sha1', cfg.StrOpt('digest_algorithm', default='sha256',
help=_('Digest algorithm which will be used for digital ' help=_('Digest algorithm which will be used for digital '
'signature; the default is sha1 the default in Kilo ' 'signature. Use the command "openssl list-message-'
'for a smooth upgrade process, and it will be updated ' 'digest-algorithms" to get the available algorithms'
'with sha256 in next release(L). Use the command ' 'supported by the version of OpenSSL on the platform.'
'"openssl list-message-digest-algorithms" to get the ' ' Examples are "sha1", "sha256", "sha512", etc.')),
'available algorithms supported by the version of '
'OpenSSL on the platform. Examples are "sha1", '
'"sha256", "sha512", etc.')),
] ]
CONF = cfg.CONF CONF = cfg.CONF