Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / faffde1f970c0786d0256e4d51725fbe2ceda063^! / . / lib / tls
commitfaffde1f970c0786d0256e4d51725fbe2ceda063[log] [tgz]
authorClark Boylan <clark.boylan@gmail.com>Thu Apr 27 09:54:27 2017 -0700
committerClark Boylan <clark.boylan@gmail.com>Thu Apr 27 09:54:27 2017 -0700
tree86cf143b35f4bf62cbec144a18e70c20e0f69d72
parenta292c5068ce8b285afc1ecfd473c91c8789922d3 [diff] [blame]
Use string cert CA defaults

Switch from sha1 to sha256 and from 1024 bits to 2048 bits. Do this
because things don't like the old inseucre sha1+1024bits combo.

Change-Id: Iae2958969aed0cd880844e19e8055c8bdc7d064d

diff --git a/lib/tls b/lib/tls
index 238687c..7c6b967 100644
--- a/lib/tls
+++ b/lib/tls

@@ -113,11 +113,11 @@
 certificate             = \$dir/cacert.pem
 private_key             = \$dir/private/cacert.key
 RANDFILE                = \$dir/private/.rand
-default_md              = default
+default_md              = sha256
 
 [ req ]
-default_bits            = 1024
-default_md              = sha1
+default_bits            = 2048
+default_md              = sha256
 
 prompt                  = no
 distinguished_name      = ca_distinguished_name