mirror of
https://github.com/ipxe/ipxe
synced 2025-12-19 11:00:27 +03:00
[crypto] Disable MD5 as an OID-identifiable algorithm by default
Disable the use of MD5 as an OID-identifiable algorithm. Note that the MD5 algorithm implementation will still be present in the build, since it is used implicitly by various cryptographic components such as HTTP digest authentication; this commit removes it only from the list of OID-identifiable algorithms. It would be appropriate to similarly disable the use of SHA-1 by default, but doing so would break the use of OCSP since several OCSP responders (including the current version of openca-ocspd) are not capable of interpreting the hashAlgorithm field and so will fail if the client uses any algorithm other than the configured default. Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
@@ -22,7 +22,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
||||
//#define CRYPTO_DIGEST_MD4
|
||||
|
||||
/** MD5 digest algorithm */
|
||||
#define CRYPTO_DIGEST_MD5
|
||||
//#define CRYPTO_DIGEST_MD5
|
||||
|
||||
/** SHA-1 digest algorithm */
|
||||
#define CRYPTO_DIGEST_SHA1
|
||||
|
||||
Reference in New Issue
Block a user