Commit 10c85057 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Use the default_md config file value when signing CRLs. 

PR:662
parent 10f92aac

apps/ca.c

+18 −29
Original line number Diff line number Diff line
@@ -995,25 +995,27 @@ bad: 
			}

		}



	if (req)

		{

	if ((md == NULL) && ((md=NCONF_get_string(conf,

		section,ENV_DEFAULT_MD)) == NULL))

		{

		lookup_fail(section,ENV_DEFAULT_MD);

		goto err;

		}



	if ((dgst=EVP_get_digestbyname(md)) == NULL)

		{

		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);

		goto err;

		}



	if (req)

		{

		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,

			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))

			{

			if(strcmp(tmp_email_dn,"no") == 0)

				email_dn=0;

			}

		if ((dgst=EVP_get_digestbyname(md)) == NULL)

			{

			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);

			goto err;

			}

		if (verbose)

			BIO_printf(bio_err,"message digest is %s\n",

				OBJ_nid2ln(dgst->type));
@@ -1396,16 +1398,6 @@ bad: 


		/* we now have a CRL */

		if (verbose) BIO_printf(bio_err,"signing CRL\n");

		if (md != NULL)

			{

			if ((dgst=EVP_get_digestbyname(md)) == NULL)

				{

				BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);

				goto err;

				}

			}

		else

			{

#ifndef OPENSSL_NO_DSA

		if (pkey->type == EVP_PKEY_DSA) 

			dgst=EVP_dss1();
@@ -1414,10 +1406,7 @@ bad: 
#ifndef OPENSSL_NO_ECDSA

		if (pkey->type == EVP_PKEY_EC)

			dgst=EVP_ecdsa();

			else

#endif

				dgst=EVP_md5();

			}



		/* Add any extensions asked for */