don't use pseudo digests for default values of keys

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4205f6e6cccee320c6d662e0a60d341547199b8d..9d9b604553287ba4fc041ea7f953a95e74cb9394 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -164,14 +164,14 @@ void ssl_cert_set_default_md(CERT *cert)
        {
        /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
        cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-       cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+       cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        }
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 5fae9fb4260bb972484e6c5e8a19440cd98d8b56..88f70d73bf6cdb1ae7781b514376189af1dd9006 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3055,7 +3055,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
         */
 #ifndef OPENSSL_NO_DSA
        if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
        if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
@@ -3066,7 +3066,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 #endif
 #ifndef OPENSSL_NO_ECDSA
        if (!c->pkeys[SSL_PKEY_ECC].digest)
-               c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+               c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
        return 1;
        }