@amadio commented on this pull request. > @@ -1423,3 +1423,16 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) { // Done return 0; } + +//____________________________________________________________________________ +const EVP_MD *XrdCryptosslSHAFun() { + // + // SHA function + // Default SHA-256, controlled by var XrdCryptoGSISHA + static const EVP_MD *sslSHAFun = 0; + if (!sslSHAFun) { + const char *_md = getenv("XrdCryptoGSISHA") ? getenv("XrdCryptoGSISHA") : "sha256"; + sslSHAFun = EVP_get_digestbyname(_md); If the user passes a bad name, this will assign `nullptr` to `sslSHAFun`, which will probably cause trouble. We need to check that we get a non-null pointer from `EVP_get_digestbyname` and fallback to the default otherwise. I was also thinking that if the only place where this is needed is in `xrdgsiproxy`, we could add an option on the command line, like `-sig sha256` which would use a different signature than the default, but that can be done later. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1999#pullrequestreview-1388339069 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1