From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 11 Nov 2024 16:30:16 +0000 (+0100)
Subject: x509: Use SHA-256 as default hash/signature algorithm for attribute certificates
X-Git-Tag: 6.0.0rc2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=559298b53e20096ae869a287569842f8c1ef2281;p=thirdparty%2Fstrongswan.git

x509: Use SHA-256 as default hash/signature algorithm for attribute certificates

References strongswan/strongswan#2523
---

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 2e370f5a71..3fc5de2f11 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -1156,7 +1156,7 @@ static void add_groups_from_list(private_x509_ac_t *this, linked_list_t *list)
  */
 x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args)
 {
-	hash_algorithm_t digest_alg = HASH_SHA1;
+	hash_algorithm_t digest_alg = HASH_SHA256;
 	private_x509_ac_t *ac;
 
 	ac = create_empty();