Commit 36210456 authored by Bruno Thomsen's avatar Bruno Thomsen Committed by Daniel Stenberg
Browse files

mk-ca-bundle: added SHA-384 signature algorithm 

Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.

[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/



Signed-off-by: default avatarBruno Thomsen <bth@kamstrup.dk>
parent e64bc7cd

docs/mk-ca-bundle.1

+1 −1
Original line number Diff line number Diff line
@@ -87,7 +87,7 @@ each certificate and output when run in plain text mode. 


Valid algorithms are:

.RS

ALL, NONE, MD5 (default), SHA1, SHA256, SHA512

ALL, NONE, MD5 (default), SHA1, SHA256, SHA384, SHA512

.RE

.IP -u

unlink (remove) certdata.txt after processing

lib/mk-ca-bundle.pl

+2 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ $opt_d = 'release'; 
# If the OpenSSL commandline is not in search path you can configure it here!

my $openssl = 'openssl';



my $version = '1.23';

my $version = '1.24';



$opt_w = 76; # default base64 encoded lines length
@@ -97,6 +97,7 @@ my @valid_signature_algorithms = ( 
  "MD5",

  "SHA1",

  "SHA256",

  "SHA384",

  "SHA512"

);