aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509/x509self.h
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-11-09 13:22:52 +0000
committerlloyd <[email protected]>2009-11-09 13:22:52 +0000
commit4049ba134674d78c07c8b0453cb5e5f312469639 (patch)
treeb9214ede8da1600a46560fe061017fa124b2b465 /src/cert/x509/x509self.h
parentb5d4cf01a893718c8796652f3cf0f68b867bab94 (diff)
In creating X.509 certificates and PKCS #10 requests, let (actually: require)
the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
Diffstat (limited to 'src/cert/x509/x509self.h')
-rw-r--r--src/cert/x509/x509self.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/cert/x509/x509self.h b/src/cert/x509/x509self.h
index bd3e29179..741350067 100644
--- a/src/cert/x509/x509self.h
+++ b/src/cert/x509/x509self.h
@@ -172,12 +172,14 @@ namespace X509 {
* @param opts the options defining the certificate to create
* @param key the private key used for signing, i.e. the key
* associated with this self-signed certificate
+* @param hash_fn the hash function to use
* @param rng the rng to use
* @return the newly created self-signed certificate
*/
BOTAN_DLL X509_Certificate
create_self_signed_cert(const X509_Cert_Options& opts,
const Private_Key& key,
+ const std::string& hash_fn,
RandomNumberGenerator& rng);
/**
@@ -185,10 +187,12 @@ create_self_signed_cert(const X509_Cert_Options& opts,
* @param opts the options defining the request to create
* @param key the key used to sign this request
* @param rng the rng to use
+* @param hash_fn the hash function to use
* @return the newly created PKCS#10 request
*/
BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
const Private_Key& key,
+ const std::string& hash_fn,
RandomNumberGenerator& rng);
}