From cec2538ca9d053eb905069ea65e4925e9288558c Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 4 Dec 2007 12:41:28 +0000
Subject: Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve

Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
---
 crypto/ocsp/ocsp_cl.c  | 1 -
 crypto/ocsp/ocsp_vfy.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'crypto/ocsp')

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
 			goto err;
 
 	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-	if (!dgst) dgst = EVP_sha1();
 	if (key)
 		{
 		if (!X509_check_private_key(signer, key))
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 23ea41c847..5ea7c270ed 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -316,7 +316,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 			return -1;
 		if (memcmp(md, cid->issuerNameHash->data, mdlen))
 			return 0;
-		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+		X509_pubkey_digest(cert, dgst, md, NULL);
 		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
 			return 0;
 
-- 
cgit v1.2.3