Make tests use sha256 as openssl default digest algorithm

The tests previously used md5, which is considered broken, and distros are starting to disable this in their openssl builds. Make the tests use sha256 as the default as a long term sane alternative that should work on all distros. This will fix Centos 7, and future proof the tests. Closes-Bug: #1399498 Change-Id: Ic6cc92e47a318d789db3c3c98c67948eefb51fc2
2015-02-05 13:57:04 -05:00 · 2015-02-05 13:57:04 -05:00 · f4495de5a0
parent 512b3c6486
commit f4495de5a0
1 changed files with 2 additions and 2 deletions
--- a/nova/CA/openssl.cnf.tmpl
+++ b/nova/CA/openssl.cnf.tmpl
@ -34,7 +34,7 @@ private_key		= $dir/private/cakey.pem
 unique_subject		= no
 default_crl_days	= 365
 default_days		= 365
-default_md		= md5
+default_md		= sha256
 preserve		= no
 email_in_dn		= no
 nameopt			= default_ca
@ -57,7 +57,7 @@ emailAddress		= optional
 [ req ]
 default_bits		= 1024			# Size of keys
 default_keyfile		= key.pem		# name of generated keys
-default_md		= md5			# message digest algorithm
+default_md		= sha256		# message digest algorithm
 string_mask		= nombstr		# permitted characters
 distinguished_name	= req_distinguished_name