Re: Why is this OCSP response reporting a hash using SHA1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 09/08/2017 10:08 PM, Dr. Stephen Henson wrote:
On Fri, Sep 08, 2017, Robert Moskowitz wrote:

I am using the test responder:

    openssl ocsp -port 2560 -text -rmd sha256\
          -index index.txt \
          -CA certs/ca-chain.cert.pem \
          -rkey private/$ocspurl.key.pem \
          -rsigner certs/$ocspurl.cert.pem \
          -nrequest 1


What is the SHA1 hash report about?  It comes right after the line:
Certificate ID:

     Certificate ID:
       Hash Algorithm: sha1
       Issuer Name Hash: CA1F5832FA387F0127D8E0583F7331D1B903DBF0
       Issuer Key Hash: A3278D00B053BF259193A4833E669C451DAD36E0
       Serial Number: 762900CAB55A4762
It's the hash algorithm used to hash the issuer name and key to identify them.

And how do you get it to use sha256?

I would think that the -rmd sha256 in the responder command would that? What does it do anyway? It is listed in the -help:

-rmd val Digest Algorithm to use in signature of OCSP response

but not in the man page.

Ah, put -sha256 in the CLIENT request. Seems kind of backward. Or at least the server should have some control over the hash used?

thanks

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux