x509: Use SHA-256 as default hash/signature algorithm for attribute certificates

References strongswan/strongswan#2523

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 2e370f5a713d1bd0b389c81e6b428ed3a295c971..3fc5de2f1186eddbbe8b353c928ca933eae3a873 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -1156,7 +1156,7 @@ static void add_groups_from_list(private_x509_ac_t *this, linked_list_t *list)
  */
 x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
 {
-       hash_algorithm_t digest_alg = HASH_SHA1;
+       hash_algorithm_t digest_alg = HASH_SHA256;
        private_x509_ac_t *ac;
 
        ac = create_empty();