Subject: CAcert Code Development list.
List archive
- From: Michael Tänzer <michael.taenzer AT cacert.org>
- To: "critical-admin AT cacert.org" <critical-admin AT cacert.org>
- Cc: cacert-devel AT lists.cacert.org, Benny Baumann <benbe AT cacert.org>, Marcus Mängel <inopiae AT cacert.org>, Eva Stöwe <eva.stoewe AT cacert.org>, Martin Gummi <martin.gummi AT cacert.org>
- Subject: Re: Patch request: Bug #1237
- Date: Wed, 15 Jan 2014 00:02:39 +0100
- Openpgp: id=9940BEF1
Sorry I have to make a correction:
First apply the patch, then restart the signer and finally alter the
database.
Also whenever you make the next on-site visit to the signer you could
adjust the OpenSSL config files to set "default_md = sha512"
On 14.01.2014 23:55, Michael Tänzer wrote:
> Hi folks,
>
> We have a fix for https://bugs.cacert.org/view.php?id=1237
> "Certificates should be issued using sha512WithRSAEncryption for signatures"
>
> The fix was reviewed by Benny Baumann (BenBE) and me (NEOatNHNG) and
> tested by Martin Gummi, Eva Stöwe (Eva) and Marcus Mängel (INOPIAE).
>
> Diff is attached.
>
> Important
> =========
> Before applying the patch please execute the following SQL statements on
> the cacert database:
>
> ALTER TABLE `domaincerts` ALTER `md` SET DEFAULT 'sha512';
> ALTER TABLE `emailcerts` ALTER `md` SET DEFAULT 'sha512';
> ALTER TABLE `orgdomaincerts` ALTER `md` SET DEFAULT 'sha512';
> ALTER TABLE `orgemailcerts` ALTER `md` SET DEFAULT 'sha512';
>
> Then apply the patch and afterwards restart the CommModule
>
>
> Changed files:
> /CommModule/client.pl
>
--
Michael Tänzer
Attachment:
signature.asc
Description: OpenPGP digital signature
- Patch request: Bug #1237, Michael Tänzer, 01/14/2014
- Re: Patch request: Bug #1237, Michael Tänzer, 01/14/2014
- Re: Patch request: Bug #1237, Wytze van der Raay, 01/15/2014
- Re: Patch request: Bug #1237, Wytze van der Raay, 01/15/2014
- Re: Patch request: Bug #1237, Michael Tänzer, 01/14/2014
Archive powered by MHonArc 2.6.18.