ovs-pki: Use SHA-1 instead of SHA-512 as message digest.

Commit 9ff33ca7 (ovs-pki: Use SHA-512 instead of MD5 as message digest.) changes the message digest algorithm to SHA-512. This seems to break the unit tests on some xenserver 5.6/6.0 builds causing the error: "SSL_connect: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm". As a solution, this commit changes the message digest algorithm to SHA-1 which works for both the above xenserver builds and centos 7. VMware-BZ: #1319116 Signed-off-by: Alex Wang <alexw@nicira.com> Acked-by: Ben Pfaff <blp@nicira.com>
2025-08-22 09:58:01 +00:00 · 2014-09-22 15:34:12 -07:00 · 2014-09-22 15:34:12 -07:00 · 4a1f961068
commit 4a1f961068
parent 13a30965fa
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@ -20,7 +20,7 @@ Post-v2.3.0
     * "resubmit" actions may now be included in action sets.  The resubmit
       is executed last, and only if the action set has no "output" or "group"
       action.
-   - ovs-pki: Changed message digest algorithm from MD5 to SHA-512 because
+   - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because
     MD5 is no longer secure and some operating systems have started to disable
     it in OpenSSL.
   - ovsdb-server: New OVSDB protocol extension allows inequality tests on
--- a/utilities/ovs-pki.in
+++ b/utilities/ovs-pki.in
@ -274,7 +274,7 @@ private_key    = $dir/private/cakey.pem# CA private key
 RANDFILE       = $dir/private/.rand    # random number file
 default_days   = 3650                  # how long to certify for
 default_crl_days= 30                   # how long before next CRL
-default_md     = sha512                # message digest to use
+default_md     = sha1                  # message digest to use
 policy         = policy                # default policy
 email_in_dn    = no                    # Don't add the email into cert DN
 name_opt       = ca_default            # Subject name display option