Implement OpenSSL 1.0 hashing algorithm #27
Comments
|
Sure sounds good. I think if we add all the SHA family that would be better. |
|
Adding all doesn't really make sense here... It's exclusively used to do a file lookup based on the filename being a md5 or sha1 hash of the CAs subject (where the subject lookup part is an IIRC). OpenSSL has moved from md5 to sha1. It doesn't make sense to look for filenames with the hash values of all the possible SHA family options before giving up that the CA files are not installed on disk :-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, JGlobus will perform a few optimizations based on a hashing algorithm (MD5) used by OpenSSL 0.9.8. The hash optimizations provide a quick-lookup path for a CA's certificate, CRL and signing policy without having to parse all files in a directory. This is especially important for clients as the modern IGTF CA distribution has several hundred files.
However, OpenSSL 1.0.0 switched the hashing algorithm to be based on SHA-1. We should update JGlobus to provide that algorithm, and allow the hash algorithm to be selected at runtime.
The text was updated successfully, but these errors were encountered: