diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-09-11 17:54:12 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:40:10 -0400 |
| commit | 70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d (patch) | |
| tree | 2961ec2efbc94f636e10343961bf4acc19235ad5 /src/common/tortls.c | |
| parent | 805e97a4336f07e366937f7ce4da0733fa4884c1 (diff) | |
| download | tor-70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d.tar.gz tor-70e7d28b3edebd1e288e68ba7c7c17acd4d91b2d.zip | |
Generate our x509 certificates using sha256, not sha1.
All supported Tors (0.2.4+) require versions of openssl that can
handle this.
Now that our link certificates are RSA2048, this might actually help
vs fingerprinting a little.
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 0315398946..eb24411a78 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -523,7 +523,8 @@ MOCK_IMPL(STATIC X509 *, goto error; if (!X509_set_pubkey(x509, pkey)) goto error; - if (!X509_sign(x509, sign_pkey, EVP_sha1())) + + if (!X509_sign(x509, sign_pkey, EVP_sha256())) goto error; goto done; |