@amadio commented on this pull request.
> @@ -1423,3 +1423,16 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
// Done
return 0;
}
+
+//____________________________________________________________________________
+const EVP_MD *XrdCryptosslSHAFun() {
+ //
+ // SHA function
+ // Default SHA-256, controlled by var XrdCryptoGSISHA
+ static const EVP_MD *sslSHAFun = 0;
+ if (!sslSHAFun) {
+ const char *_md = getenv("XrdCryptoGSISHA") ? getenv("XrdCryptoGSISHA") : "sha256";
+ sslSHAFun = EVP_get_digestbyname(_md);
If the user passes a bad name, this will assign `nullptr` to `sslSHAFun`, which will probably cause trouble. We need to check that we get a non-null pointer from `EVP_get_digestbyname` and fallback to the default otherwise.
I was also thinking that if the only place where this is needed is in `xrdgsiproxy`, we could add an option on the command line, like `-sig sha256` which would use a different signature than the default, but that can be done later.
--
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1999#pullrequestreview-1388339069
You are receiving this because you are subscribed to this thread.
Message ID: <[log in to unmask]>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
