From 12bdb643756d829569bb903e5b806613ff975ccb Mon Sep 17 00:00:00 2001
From: Nils Larsch <nils@openssl.org>
Date: Sat, 2 Apr 2005 09:29:15 +0000
Subject: [PATCH] use SHA-1 as the default digest for the apps/openssl commands

---
 CHANGES           | 6 +++++-
 apps/crl.c        | 2 +-
 apps/openssl.cnf  | 2 +-
 apps/req.c        | 2 +-
 apps/x509.c       | 2 +-
 doc/apps/x509.pod | 4 ++--
 6 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 942279d25b..1e13733070 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,11 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7e and 0.9.8  [xx XXX xxxx]
+ Changes between 0.9.7f and 0.9.8  [xx XXX xxxx]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]
 
   *) Compile clean with "-Wall -Wmissing-prototypes
      -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
diff --git a/apps/crl.c b/apps/crl.c
index 878f65468e..3eb676e16b 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -115,7 +115,7 @@ int MAIN(int argc, char **argv)
 	X509_OBJECT xobj;
 	EVP_PKEY *pkey;
 	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_sha1();
 
 	apps_startup();
 
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 6d731cbe8b..04710f87d5 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -67,7 +67,7 @@ cert_opt 	= ca_default		# Certificate field options
 
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
+default_md	= sha1			# which md to use.
 preserve	= no			# keep passed DN ordering
 
 # A few difference way of specifying how similar the request should look
diff --git a/apps/req.c b/apps/req.c
index d634268653..f43c477f75 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
 	char *p;
 	char *subj = NULL;
 	int multirdn = 0;
-	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
diff --git a/apps/x509.c b/apps/x509.c
index 1dad6363de..9dc99dfa0f 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -184,7 +184,7 @@ int MAIN(int argc, char **argv)
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_sha1();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 21bdfccb9a..2b3cf28610 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -98,8 +98,8 @@ default.
 
 the digest to use. This affects any signing or display option that uses a message
 digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
-specified then MD5 is used. If the key being used to sign with is a DSA key then
-this option has no effect: SHA1 is always used with DSA keys.
+specified then SHA1 is used. If the key being used to sign with is a DSA key
+then this option has no effect: SHA1 is always used with DSA keys.
 
 =item B<-engine id>
 
-- 
2.34.1