From f4495de5a04b03bbd6773b6b059ea0341a2d0aea Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Thu, 5 Feb 2015 13:57:04 -0500
Subject: [PATCH] Make tests use sha256 as openssl default digest algorithm

The tests previously used md5, which is considered broken,
and distros are starting to disable this in their openssl
builds.

Make the tests use sha256 as the default as a long term
sane alternative that should work on all distros.

This will fix Centos 7, and future proof the tests.

Closes-Bug: #1399498
Change-Id: Ic6cc92e47a318d789db3c3c98c67948eefb51fc2
---
 nova/CA/openssl.cnf.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nova/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl
index f87d9f3b21a3..838a9cdba3f9 100644
--- a/nova/CA/openssl.cnf.tmpl
+++ b/nova/CA/openssl.cnf.tmpl
@@ -34,7 +34,7 @@ private_key		= $dir/private/cakey.pem
 unique_subject		= no
 default_crl_days	= 365
 default_days		= 365
-default_md		= md5
+default_md		= sha256
 preserve		= no
 email_in_dn		= no
 nameopt			= default_ca
@@ -57,7 +57,7 @@ emailAddress		= optional
 [ req ]
 default_bits		= 1024			# Size of keys
 default_keyfile		= key.pem		# name of generated keys
-default_md		= md5			# message digest algorithm
+default_md		= sha256		# message digest algorithm
 string_mask		= nombstr		# permitted characters
 distinguished_name	= req_distinguished_name