While working with x509_cmp, I noticed that it is based on comparison of a SHA-1 digest. It seems that this would pose a potential security issue if being used with certificates that were stronger than 160 bits. It seems that it would be bad practice to use this function to compare certificates based on stronger digests (i.e. SHA-256). Working around this is not difficult - I'm just not sure if this is an oversight or if I missed a previous discussion, etc...
Are there any intentions to update this to utilize a comparison method more appropriate for certs with > 160 bit hashes?
Regards, Josh Silberman ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
