SSSD / sssd

Clone

ad9dd13 p11_child: make OCSP digest configurable

4 files Authored by sbose 4 years ago, Committed by jhrozek 4 years ago,
raw patch tree parent
4 files changed. 91 lines added. 1 lines removed.
src/man/sssd.conf.5.xml
file modified
+20 -0
src/p11_child/p11_child.h
file modified
+8 -0
src/p11_child/p11_child_common_utils.c
file modified
+29 -0
src/p11_child/p11_child_openssl.c
file modified
+34 -1 
    p11_child: make OCSP digest configurable
    
    Currently sha1 is used to create the certid for an OCSP request. Since
    sha1 is not recommend for new applications anymore and not FIPS
    compliant this patch changes the default to sha256 and makes the digest
    function configurable as well.
    
    Related to https://pagure.io/SSSD/sssd/issue/4032
    
    Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+20 -0
file modified
+8 -0
file modified
+29 -0
file modified
+34 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.