From: Tim R. <ti...@mu...> - 2010-09-05 22:22:31
Attachments:
undo-2008-Aug-08-sha256.patch
|
# # undo-2008-Aug-08-sha256.patch # # Undo 2008-Aug-08: # * Changed the default digest algorithm to sha256 (instead of sha1) # # src/common/etc/openssl/openssl.cnf.in # src/common/etc/openssl/openssl/RA_Operator.conf.in # src/common/etc/openssl/openssl/PRQP_Server.conf.in # src/common/etc/openssl/openssl/Domain_Controller.conf.in # src/common/etc/openssl/openssl/Mail_Server.conf.in # src/common/etc/openssl/openssl/Web_Server.conf.in # src/common/etc/openssl/openssl/VPN_User.conf.in # src/common/etc/openssl/openssl/User.conf.in # src/common/etc/openssl/openssl/VPN_Server.conf.in # src/common/etc/openssl/openssl/OCSP_Server.conf.in # src/common/etc/openssl/openssl/CA_Operator.conf.in # src/common/etc/openssl/openssl/Sub-CA.conf.in # src/common/etc/openssl/openssl/Cross_CA.conf.in # src/common/etc/openssl/sample-openssl.conf.in # src/modules/openca-openssl/OpenSSL.pm # src/modules/openca-openssl/test/openssl_test.pl # src/common/lib/locale/de_DE/openca.po # src/common/lib/locale/el_GR/openca.po # src/common/lib/locale/en_GB/openca.po # src/common/lib/locale/es_ES/openca.po # src/common/lib/locale/fr_FR/openca.po # src/common/lib/locale/it_IT/openca.po # src/common/lib/locale/ja_JP/openca.po # src/common/lib/locale/openca-xgettext.pot # src/common/lib/locale/openca.pot # src/common/lib/locale/pl_PL/openca.po # src/common/lib/locale/pot/modules.pot # src/common/lib/locale/pt_PT/openca.po # src/common/lib/locale/ru_RU/openca.po # src/common/lib/locale/sl_SI/openca.po # some currenty shipping systems use openssl-0.9.7 which doesn't # understand sha256. # make default_md sha1 so things work with older openssl. # --- openca-base-1.1.0/src/common/etc/openssl/openssl.cnf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl.cnf.in 2010-08-15 12:59:52.149999002 -0700 @@ -68,7 +68,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -102,7 +102,7 @@ [ req ] default_bits = 1024 default_keyfile = privkey.pem -default_md = sha256 +default_md = sha1 distinguished_name = req_distinguished_name attributes = req_attributes # x509_extensions = v3_ca # The extentions to --- openca-base-1.1.0/src/common/etc/openssl/openssl/RA_Operator.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/RA_Operator.conf.in 2010-08-15 16:30:22.245919036 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/PRQP_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/PRQP_Server.conf.in 2010-08-15 16:30:22.245919044 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Domain_Controller.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Domain_Controller.conf.in 2010-08-15 16:30:22.245919052 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Mail_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Mail_Server.conf.in 2010-08-15 16:30:22.255919003 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Web_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Web_Server.conf.in 2010-08-15 16:30:22.255919011 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_User.conf.in.old 2010-02-22 17:35:31.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_User.conf.in 2010-08-15 16:30:22.255919019 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/User.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/User.conf.in 2010-08-15 16:30:22.255919027 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/VPN_Server.conf.in 2010-08-15 16:30:22.275919003 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/OCSP_Server.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/OCSP_Server.conf.in 2010-08-15 16:30:22.275919011 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/CA_Operator.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/CA_Operator.conf.in 2010-08-15 16:30:22.275919019 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Sub-CA.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Sub-CA.conf.in 2010-08-15 16:30:22.275919027 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/openssl/Cross_CA.conf.in.old 2010-01-27 10:48:58.000000000 -0800 +++ openca-base-1.1.0/src/common/etc/openssl/openssl/Cross_CA.conf.in 2010-08-15 16:30:22.275919035 -0700 @@ -63,7 +63,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/common/etc/openssl/sample-openssl.conf.in.old 2008-08-08 16:44:05.000000000 -0700 +++ openca-base-1.1.0/src/common/etc/openssl/sample-openssl.conf.in 2010-08-15 16:30:22.275919043 -0700 @@ -58,7 +58,7 @@ default_days = 365 # how long to certify for default_crl_days= 31 # how long before next CRL -default_md = sha256 # which md to use. +default_md = sha1 # which md to use. preserve = yes # keep passed DN ordering # A few difference way of specifying how similar the request should look --- openca-base-1.1.0/src/modules/openca-openssl/OpenSSL.pm.old 2010-02-22 19:29:55.000000000 -0800 +++ openca-base-1.1.0/src/modules/openca-openssl/OpenSSL.pm 2010-08-15 16:30:22.285919018 -0700 @@ -1629,7 +1629,7 @@ my ( $command, $ret ); - $alg = "sha256" if( not $alg ); + $alg = "sha1" if( not $alg ); if (not $data) { $self->setError (7751011, --- openca-base-1.1.0/src/modules/openca-openssl/test/openssl_test.pl.old 2008-08-08 16:44:06.000000000 -0700 +++ openca-base-1.1.0/src/modules/openca-openssl/test/openssl_test.pl 2010-08-17 16:25:27.946298000 -0700 @@ -49,7 +49,7 @@ print " * MD5 : "; print $openssl->getDigest( DATA=>$crl, ALGORITHM=>md5 ) . "\n"; print " * SHA1 : "; -print $openssl->getDigest( DATA=>$crl, ALGORITHM=>sha256 ) . "\n"; +print $openssl->getDigest( DATA=>$crl, ALGORITHM=>sha1 ) . "\n"; print $openssl->verify( SIGNATURE_FILE=>"sig", CA_CERT=>"cert.pem", VERBOSE=>"1" ); --- openca-base-1.1.0/src/common/lib/locale/de_DE/openca.po.old 2008-10-17 15:39:19.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/de_DE/openca.po 2010-08-17 16:25:32.926298495 -0700 @@ -11865,7 +11865,7 @@ msgstr "Die Datei __FILENAME__ konnte nicht zum Schreiben geöffnet werden." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/el_GR/openca.po.old 2008-10-17 15:39:20.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/el_GR/openca.po 2010-08-17 16:25:39.006298430 -0700 @@ -11666,7 +11666,7 @@ "OpenCA::CRL->new: Îεν είναι Î´Ï Î½Î±Ïή η ανάγνÏÏη ÏÎ¿Ï Î±ÏÏÎµÎ¯Î¿Ï __FILENAME__ ." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/en_GB/openca.po.old 2008-10-17 15:39:21.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/en_GB/openca.po 2010-08-17 16:25:44.126298342 -0700 @@ -11203,7 +11203,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/es_ES/openca.po.old 2008-10-17 15:39:21.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/es_ES/openca.po 2010-08-17 16:25:48.616298397 -0700 @@ -12000,7 +12000,7 @@ msgstr "No se pudo abrir el fichero __FILE__ de OpenSSL para escritura." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/fr_FR/openca.po.old 2008-10-17 15:39:22.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/fr_FR/openca.po 2010-08-17 16:25:52.846298308 -0700 @@ -11963,7 +11963,7 @@ "écrire." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/it_IT/openca.po.old 2008-10-17 15:39:23.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/it_IT/openca.po 2010-08-17 16:25:57.296298478 -0700 @@ -11744,7 +11744,7 @@ "Impossibile aprire in scrittura il file __FILE__ del Database di OpenSSL." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/ja_JP/openca.po.old 2008-10-17 15:39:24.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/ja_JP/openca.po 2010-08-17 16:26:01.826298295 -0700 @@ -11554,7 +11554,7 @@ "OpenCA::OpenSSL->SPKAC: ä¸æãã¡ã¤ã« __FILENAME__ ããªã¼ãã³ã§ãã¾ããã§ãã." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/openca-xgettext.pot.old 2008-10-17 15:39:17.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/openca-xgettext.pot 2010-08-17 16:26:06.086298018 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/openca.pot.old 2008-10-17 15:39:18.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/openca.pot 2010-08-17 16:26:10.326298357 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pl_PL/openca.po.old 2008-10-17 15:39:26.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pl_PL/openca.po 2010-08-17 16:26:14.606298463 -0700 @@ -11719,7 +11719,7 @@ "__FILENAME__ do zapisu" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pot/modules.pot.old 2008-10-17 15:39:27.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pot/modules.pot 2010-08-17 16:26:19.006298038 -0700 @@ -1120,7 +1120,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/pt_PT/openca.po.old 2008-10-17 15:39:27.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/pt_PT/openca.po 2010-08-17 16:26:23.506298138 -0700 @@ -11103,7 +11103,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/ru_RU/openca.po.old 2008-10-17 15:39:28.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/ru_RU/openca.po 2010-08-17 16:26:28.086298288 -0700 @@ -11665,7 +11665,7 @@ "Ñайл __FILENAME__." #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 --- openca-base-1.1.0/src/common/lib/locale/sl_SI/openca.po.old 2008-10-17 15:39:29.000000000 -0700 +++ openca-base-1.1.0/src/common/lib/locale/sl_SI/openca.po 2010-08-17 16:26:32.266298056 -0700 @@ -11451,7 +11451,7 @@ msgstr "" #: modules/openca-openssl/OpenSSL.pm:1588 -msgid "sha256" +msgid "sha1" msgstr "" #: modules/openca-openssl/OpenSSL.pm:1592 -- Tim Rice Multitalents (707) 887-1469 ti...@mu... |