Use MD5+SHA1 for default digest if appropriate.

author Dr. Stephen Henson <steve@openssl.org>

Sat, 29 Aug 2015 21:11:05 +0000 (22:11 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 24 Nov 2015 19:18:44 +0000 (19:18 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sat, 29 Aug 2015 21:11:05 +0000 (22:11 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 24 Nov 2015 19:18:44 +0000 (19:18 +0000)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 2ba76e383504597f326dc0e3f0ccbe1a15e28e45..3375494b8abf71ddcd6809b562fe74038c046710 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2712,8 +2712,11 @@ static void ssl_set_default_md(SSL *s)
      pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
  #endif
  #ifndef OPENSSL_NO_RSA
-    pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
-    pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
+    if (SSL_USE_SIGALGS(s))
+        pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
+    else
+        pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1();
+    pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
  #endif
  #ifndef OPENSSL_NO_EC
      pmd[SSL_PKEY_ECC] = EVP_sha1();
author	Dr. Stephen Henson <steve@openssl.org>
	Sat, 29 Aug 2015 21:11:05 +0000 (22:11 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 24 Nov 2015 19:18:44 +0000 (19:18 +0000)