On Fri, May 08, 2009 at 04:10:19PM -0700, Alex Chen wrote:
> Thanks again for the detail explanation, Viktor.
> We use OpenSSL only between our client and server, both use OpenSSL,
> therefore interoperability with other SSL entity is not a concern.
> Is there a 'sha2' flag for 'req' command so we can use SHA-2 as the hash
> function?
Well, "sha2" is not a specific algorithm, but sha256, sha384 and sha512
are. These will work for signing private-use certificates, provided your
application enables these algorithms during SSL library initialization.
Yes every digest name is also a "-<dgstname>" flag for x509(1) and req(1).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]