Re: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf

To: David Brownlee <abs%absd.org@localhost>
Subject: Re: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
From: Benjamin Lorenz <benjamin@lorenz.place>
Date: Mon, 17 May 2021 16:40:21 +0200

Hi David,

I had an issue with this setting recently (in the context of creating
letsencrypt certificates). Was changing it to sha256 and all was fine.

Benjamin


> On 17. May 2021, at 15:42, David Brownlee <abs%absd.org@localhost> wrote:
> 
> For netbsd-9 /usr/share/examples/openssl/openssl.cnf includes the line
> 
> default_md             = sha2
> 
> With this in place a simple openssl req fails - eg:
> 
> % openssl req -x509 -nodes -days 1000000 -newkey rsa:4096 -keyout
> backup_key.pem -subj
> "/C=GB/ST=London/L=London/O=TAO/CN=www.example.com"  -out
> backup_key.pem.pub
> 
> req: Unrecognized flag sha2
> req: Use -help for summary.
> 
> This line is the only difference between NetBSD's
> usr/share/examples/openssl/openssl.cnf and /etc/ssl/openssl.cnf on an
> Ubuntu 20.04 box (OpenSSL 1.1.1k & 1.1.1f respectively)
> 
> Should it be removed or adjusted?
> 
> David

References:
- invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
  - From: David Brownlee

Prev by Date: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
Next by Date: NetBSD Security Advisory 2021-001: Predictable ID disclosures in IPv4 and IPv6
Previous by Thread: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
Indexes:

Home | Main Index | Thread Index | Old Index