Due to recent problems with MD5 and SHA-1 message digests, we have been experimenting with X.509 certificates that are signed using SHA-2 digests. This generally works fine with existing SSL protocols and connections. However for OpenSSL support an additional initialisation call is required. If OpenSSL_add_all_digests() or OpenSSL_add_all_algorithms() would be called upon initialisation, then everything will work just fine. Unfortunately the curl command-line application calls SSLeay_add_ssl_algorithms() instead, which in the latest stable OpenSSL release does not yet include SHA-2 signature support. If would be nice if this were added in future curl releases.