[exim-dev] [Bug 674] exim can't verify sha256WithRSAEncrypti…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 674] New: exim can't verify sha256WithRSAEncryption signature in X. 509 certificates when linked against OpenSSL
Subject: [exim-dev] [Bug 674] exim can't verify sha256WithRSAEncryption signature in X.509 certificates when linked against OpenSSL
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=674




--- Comment #15 from Phil Pennock <exim-dev@???> 2009-06-15 03:57:24 ---
(In reply to comment #14)
> thanks a lot for this information. No doubt it's the cleanest solution if
> OpenSSL loads SHA256 by default.


I've been thinking about this some just recently; my opinion has shifted
somewhat. I still think that the patch I previously provided is the best
solution.

However, openssl-1.0.0-beta2 is out and it still does not enable SHA-256 by
default, even though it's in standards-tracks for default usage, as noted
above. More and more, I'm seeing real world usage shift towards sha-256 away
from SHA-1 or even MD5.

Exim *shouldn't* be getting involved in policy and loading SHA-256 manually,
but I think that pragmatically we're going to have to.

Tony, Nigel, any thoughts on this?


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email