Feature #11552: ext/openssl: choose the OpenSSL::Digest class for OpenSSL::OCSP::Request.sign and OpenSSL::OCSP::BasicResponse.sign - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Feature #11552

closed

ext/openssl: choose the OpenSSL::Digest class for OpenSSL::OCSP::Request.sign and OpenSSL::OCSP::BasicResponse.sign

Added by tshirley (Tim Shirley) about 9 years ago. Updated over 8 years ago.

Status:

Closed

Assignee:

Target version:

[ruby-core:<unknown>]

Description

ossl_ocsp.c is currently hard-coded to use SHA1 signatures when signing OCSP requests and basic responses, but SHA1 is being phased out for this purpose by web clients. The attached patch provides an optional parameter to the two sign methods to allow other digest algorithms to be specified. It is a backwards-compatible change since the new parameter is last and optional, and it will default to SHA1 if not specified. I've included basic tests as well in the patch.

Files

ruby-changes.patch (5.49 KB) ruby-changes.patch

tshirley (Tim Shirley), 09/25/2015 08:04 PM