cURL / Mailing Lists / curl-users / Single Mail

curl-users

[PATCH] mk-ca-bundle: added SHA-384 signature algorithm

From: Bruno Thomsen <bth_at_kamstrup.dk>
Date: Wed, 15 Oct 2014 12:48:27 +0200

Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.

[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Signed-off-by: Bruno Thomsen <bth_at_kamstrup.dk>

---
 docs/mk-ca-bundle.1 | 2 +-
 lib/mk-ca-bundle.pl | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/mk-ca-bundle.1 b/docs/mk-ca-bundle.1
index aa38612..7d38dba 100644
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -87,7 +87,7 @@ each certificate and output when run in plain text mode.
 
 Valid algorithms are:
 .RS
-ALL, NONE, MD5 (default), SHA1, SHA256, SHA512
+ALL, NONE, MD5 (default), SHA1, SHA256, SHA384, SHA512
 .RE
 .IP -u
 unlink (remove) certdata.txt after processing
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 51af5c9..4278e82 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -56,7 +56,7 @@ $opt_d = 'release';
 # If the OpenSSL commandline is not in search path you can configure it here!
 my $openssl = 'openssl';
 
-my $version = '1.23';
+my $version = '1.24';
 
 $opt_w = 76; # default base64 encoded lines length
 
@@ -97,6 +97,7 @@ my @valid_signature_algorithms = (
   "MD5",
   "SHA1",
   "SHA256",
+  "SHA384",
   "SHA512"
 );
 
-- 
1.9.1
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-15