In creating X.509 certificates and PKCS #10 requests, let (actually: require)

the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
author: lloyd <[email protected]> 2009-11-09 13:22:52 +0000
committer: lloyd <[email protected]> 2009-11-09 13:22:52 +0000
commit: 4049ba134674d78c07c8b0453cb5e5f312469639 (patch)
tree: b9214ede8da1600a46560fe061017fa124b2b465 /doc/examples/self_sig.cpp
parent: b5d4cf01a893718c8796652f3cf0f68b867bab94 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/examples/self_sig.cpp b/doc/examples/self_sig.cpp
index 0bf17e3bc..93161f7d2 100644
--- a/doc/examples/self_sig.cpp
+++ b/doc/examples/self_sig.cpp
@@ -64,7 +64,8 @@ int main(int argc, char* argv[])
       if(do_CA)
          opts.CA_key();
 
-      X509_Certificate cert = X509::create_self_signed_cert(opts, key, rng);
+      X509_Certificate cert =
+         X509::create_self_signed_cert(opts, key, "SHA-256", rng);
 
       std::ofstream cert_file("cert.pem");
       cert_file << cert.PEM_encode();
author	lloyd <[email protected]>	2009-11-09 13:22:52 +0000
committer	lloyd <[email protected]>	2009-11-09 13:22:52 +0000
commit	4049ba134674d78c07c8b0453cb5e5f312469639 (patch)
tree	b9214ede8da1600a46560fe061017fa124b2b465 /doc/examples/self_sig.cpp
parent	b5d4cf01a893718c8796652f3cf0f68b867bab94 (diff)