From d18d31a16f91dc5042344e207390322170458025 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 29 Aug 2015 22:11:05 +0100
Subject: Use MD5+SHA1 for default digest if appropriate.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/t1_lib.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ssl')

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2ba76e3835..3375494b8a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2712,8 +2712,11 @@ static void ssl_set_default_md(SSL *s)
     pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
-    pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
-    pmd[SSL_PKEY_RSA_ENC] = EVP_sha1();
+    if (SSL_USE_SIGALGS(s))
+        pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1();
+    else
+        pmd[SSL_PKEY_RSA_SIGN] = EVP_md5_sha1();
+    pmd[SSL_PKEY_RSA_ENC] = pmd[SSL_PKEY_RSA_SIGN];
 #endif
 #ifndef OPENSSL_NO_EC
     pmd[SSL_PKEY_ECC] = EVP_sha1();
-- 
cgit v1.2.3