Skip to content

Commit

Permalink
Merge pull request #18 from brianhlin/sw2136_generate_sha2
Browse files Browse the repository at this point in the history 
PKI tools shoul dgenerate SHA2 CSRs (SOFTWARE-2136)
  • Loading branch information
@edquist
edquist authored Oct 12, 2016
2 parents 7837753 + 3eacca2 commit 4ee1f42
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions osgpkitools/OSGPKIUtils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,9 +312,13 @@ def CreatePKey(self, filename):
self.keypair = RSA.gen_key(self.rsakey['KeyLength'],
self.rsakey['PubExponent'],
self.rsakey['keygen_callback'])
RSA.new_pub_key(self.keypair.pub())
self.keypair.save_key(filename, cipher=None)
self.pkey = EVP.PKey(md='sha1')

# The message digest shouldn't matter here since we don't use
# PKey.sign_*() or PKey.verify_*() but there's no harm in keeping it and
# it ensures a strong hashing algo (default is sha1) if we do decide to
# sign things in the future
self.pkey = EVP.PKey(md='sha256')
self.pkey.assign_rsa(self.keypair)


Expand Down Expand Up @@ -369,6 +373,6 @@ def CreateX509Request(self, **config_items):

self.x509request.set_pubkey(pkey=self.pkey)
self.x509request.set_version(0)
self.x509request.sign(pkey=self.pkey, md='sha1')
self.x509request.sign(pkey=self.pkey, md='sha256')
return self.x509request

0 comments on commit 4ee1f42

Please sign in to comment.