@amadio commented on this pull request.
In src/XrdCrypto/XrdCryptosslgsiAux.cc:
> @@ -1423,3 +1423,16 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) { // Done return 0; } + +//____________________________________________________________________________ +const EVP_MD *XrdCryptosslSHAFun() { + // + // SHA function + // Default SHA-256, controlled by var XrdCryptoGSISHA + static const EVP_MD *sslSHAFun = 0; + if (!sslSHAFun) { + const char *_md = getenv("XrdCryptoGSISHA") ? getenv("XrdCryptoGSISHA") : "sha256"; + sslSHAFun = EVP_get_digestbyname(_md);
If the user passes a bad name, this will assign nullptr
to sslSHAFun
, which will probably cause trouble. We need to check that we get a non-null pointer from EVP_get_digestbyname
and fallback to the default otherwise.
I was also thinking that if the only place where this is needed is in xrdgsiproxy
, we could add an option on the command line, like -sig sha256
which would use a different signature than the default, but that can be done later.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1