don't use pseudo digests for default values of keys

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 917be318760f509aa90dbdaaabc5949b2735b7d5..5123a89182e590267edcb5b382ab5a767128fb85 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert)
        {
        /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+       cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        }
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 27c8e3460da9ad1aaf0a9f65c778069aeeef0d71..05d69ae5d58b3ad241ff70c1527390539e56501f 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
         */
 #ifndef OPENSSL_NO_DSA
        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
@@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 #endif
 #ifndef OPENSSL_NO_ECDSA
        if (!c->pkeys[SSL_PKEY_ECC].digest)
-               c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+               c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        return 1;
        }