exim-dev at spodhuis
Jun 14, 2009, 7:57 PM
Views: 556
Permalink
|
|
[Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
|
|
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=674
--- Comment #15 from Phil Pennock <exim-dev[at]spodhuis.org> 2009-06-15 03:57:24 ---
(In reply to comment #14)
> thanks a lot for this information. No doubt it's the cleanest solution if
> OpenSSL loads SHA256 by default.
I've been thinking about this some just recently; my opinion has shifted
somewhat. I still think that the patch I previously provided is the best
solution.
However, openssl-1.0.0-beta2 is out and it still does not enable SHA-256 by
default, even though it's in standards-tracks for default usage, as noted
above. More and more, I'm seeing real world usage shift towards sha-256 away
from SHA-1 or even MD5.
Exim *shouldn't* be getting involved in policy and loading SHA-256 manually,
but I think that pragmatically we're going to have to.
Tony, Nigel, any thoughts on this?
--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email
--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
|
[Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
