Skip to content

Commit

Permalink
Use SHA256 if digest for Openssl::OCSP::BasicResponse#sign is nil.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jackorp
jackorp committed Apr 12, 2022
1 parent d844f2a commit 1a224e3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion ext/openssl/ossl_ocsp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1033,7 +1033,7 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
if (!NIL_P(flags))
flg = NUM2INT(flags);
if (NIL_P(digest))
md = EVP_sha1();
md = EVP_sha256();
else
md = ossl_evp_get_digestbyname(digest);
if (NIL_P(certs))
Expand Down
2 changes: 1 addition & 1 deletion test/openssl/test_ocsp.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ def test_request_der
request.sign(@cert, @cert_key, [@ca_cert], 0)
asn1 = OpenSSL::ASN1.decode(request.to_der)
assert_equal cid.to_der, asn1.value[0].value.find { |a| a.tag_class == :UNIVERSAL }.value[0].value[0].to_der
assert_equal OpenSSL::ASN1.ObjectId("sha1WithRSAEncryption").to_der, asn1.value[1].value[0].value[0].value[0].to_der
assert_equal OpenSSL::ASN1.ObjectId("sha256WithRSAEncryption").to_der, asn1.value[1].value[0].value[0].value[0].to_der
assert_equal @cert.to_der, asn1.value[1].value[0].value[2].value[0].value[0].to_der
assert_equal @ca_cert.to_der, asn1.value[1].value[0].value[2].value[0].value[1].to_der
assert_equal asn1.to_der, OpenSSL::OCSP::Request.new(asn1.to_der).to_der
Expand Down

0 comments on commit 1a224e3

Please sign in to comment.