don't use pseudo digests for default values of keys

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index fcf462d41a3c9d14805d433a15595e56953d18b7..3b05932172375f12fe6d15e3d712e85b30bf2fd4 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert)
        {
        /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+       cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        }
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5b285995ab34b073b626b37adecabfad4ac49328..48877031165fbe7114bca132f0967599e2131fa3 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2918,7 +2918,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
         */
 #ifndef OPENSSL_NO_DSA
        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
@@ -2929,7 +2929,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 #endif
 #ifndef OPENSSL_NO_ECDSA
        if (!c->pkeys[SSL_PKEY_ECC].digest)
-               c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+               c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        return 1;
        }