From 8c3c780b12de4b408fcf20ea5d27624973f16c16 Mon Sep 17 00:00:00 2001 From: Florian Mounier Date: Mon, 18 May 2015 12:00:24 +0200 Subject: [PATCH] Sign certs with sha512 instead sha1 --- butterfly.server.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/butterfly.server.py b/butterfly.server.py index 4f600c4..ab81d1c 100755 --- a/butterfly.server.py +++ b/butterfly.server.py @@ -147,7 +147,7 @@ if tornado.options.options.generate_certs: ca_cert.gmtime_adj_notAfter(315360000) # to 10y ca_cert.set_issuer(ca_cert.get_subject()) # Self signed ca_cert.set_pubkey(ca_pk) - ca_cert.sign(ca_pk, 'sha1') + ca_cert.sign(ca_pk, 'sha512') write(ca, crypto.dump_certificate(crypto.FILETYPE_PEM, ca_cert)) write(ca_key, crypto.dump_privatekey(crypto.FILETYPE_PEM, ca_pk)) @@ -167,7 +167,7 @@ if tornado.options.options.generate_certs: server_cert.gmtime_adj_notAfter(315360000) # to 10y server_cert.set_issuer(ca_cert.get_subject()) # Signed by ca server_cert.set_pubkey(server_pk) - server_cert.sign(ca_pk, 'sha1') + server_cert.sign(ca_pk, 'sha512') write(cert % host, crypto.dump_certificate( crypto.FILETYPE_PEM, server_cert)) @@ -217,8 +217,8 @@ if (tornado.options.options.generate_current_user_pkcs or client_cert.gmtime_adj_notAfter(315360000) # to 10y client_cert.set_issuer(ca_cert.get_subject()) # Signed by ca client_cert.set_pubkey(client_pk) - client_cert.sign(client_pk, 'sha1') - client_cert.sign(ca_pk, 'sha1') + client_cert.sign(client_pk, 'sha512') + client_cert.sign(ca_pk, 'sha512') pfx = crypto.PKCS12() pfx.set_certificate(client_cert)