I'd say there is no reason in the context of this use. The world is moving
away from sha1 and isn't quite ready for sha3. So, the only thing left is
sha256 which works in all contexts. So, there seems nothing to configure
here.
On Mon, 17 Apr 2023, Guilherme Amadio wrote:
> @amadio commented on this pull request.
>
>
>
>> @@ -455,7 +455,7 @@ int XrdCryptosslX509CreateProxy(const char *fnc, const char *fnk,
> }
> //
> // Sign the request
> - if (!(X509_REQ_sign(preq, ekPX, EVP_sha1()))) {
> + if (!(X509_REQ_sign(preq, ekPX, EVP_sha256()))) {
>
> I wonder if this could/should be made configurable by the user.
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/1999#pullrequestreview-1387809406
> You are receiving this because you are subscribed to this thread.
>
> Message ID: ***@***.***>
--
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1999#issuecomment-1511546178
You are receiving this because you are subscribed to this thread.
Message ID: <[log in to unmask]>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
