Skip to content

Commit 4f52b9c

Browse files
cytopiacytopia
committed
Ensure to sign everything with sha256 by default
1 parent bd7107e commit 4f52b9c

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

bin/ca-gen

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ NAME="ca-gen"
99
# Generate default options
1010
DEF_KEYSIZE=2048
1111
DEF_DAYS=3650
12+
DEF_SIGN_SIGNATURE="sha256"
1213
# Subject default options
1314
DEF_COUNTRY=
1415
DEF_STATE=
@@ -246,7 +247,7 @@ cmd="openssl req \
246247
-new \
247248
-x509 \
248249
-nodes \
249-
-sha256 \
250+
-${DEF_SIGN_SIGNATURE} \
250251
-days ${DEF_DAYS} \
251252
-key ${CA_KEY_FILE} \
252253
-subj '${SUBJECT}' \

bin/cert-gen

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ NAME="cert-gen"
99
# Generate default options
1010
DEF_KEYSIZE=2048
1111
DEF_DAYS=3650
12+
DEF_SIGN_SIGNATURE="sha256"
1213
# Subject default options
1314
DEF_COUNTRY=
1415
DEF_STATE=
@@ -251,6 +252,7 @@ ENDOFTEXT
251252
# Command
252253
cmd="openssl req \
253254
-newkey rsa:${DEF_KEYSIZE} \
255+
-${DEF_SIGN_SIGNATURE} \
254256
-nodes \
255257
-extensions v3_req \
256258
-config <(echo \"${OPENSSL_CONFIG}\") \
@@ -284,7 +286,7 @@ fi
284286
# shellcheck disable=SC1117
285287
cmd="openssl x509 \
286288
-req \
287-
-sha256 \
289+
-${DEF_SIGN_SIGNATURE} \
288290
-extensions v3_req \
289291
-extfile <(printf '[ req ]\nreq_extensions = v3_req\n[ v3_req ]\nsubjectAltName=${ALT_NAMES}\n') \
290292
-days ${DEF_DAYS} \

0 commit comments

Comments
 (0)