invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf

To: tech-security%netbsd.org@localhost
Subject: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
From: David Brownlee <abs%absd.org@localhost>
Date: Mon, 17 May 2021 14:42:50 +0100

For netbsd-9 /usr/share/examples/openssl/openssl.cnf includes the line

default_md             = sha2

With this in place a simple openssl req fails - eg:

% openssl req -x509 -nodes -days 1000000 -newkey rsa:4096 -keyout
backup_key.pem -subj
"/C=GB/ST=London/L=London/O=TAO/CN=www.example.com"  -out
backup_key.pem.pub

req: Unrecognized flag sha2
req: Use -help for summary.

This line is the only difference between NetBSD's
usr/share/examples/openssl/openssl.cnf and /etc/ssl/openssl.cnf on an
Ubuntu 20.04 box (OpenSSL 1.1.1k & 1.1.1f respectively)

Should it be removed or adjusted?

David

Follow-Ups:
- Re: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
  - From: Benjamin Lorenz

Prev by Date: NetBSD Security Advisory 2021-001: Predictable ID disclosures in IPv4 and IPv6
Next by Date: Re: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
Previous by Thread: NetBSD Security Advisory 2021-001: Predictable ID disclosures in IPv4 and IPv6
Next by Thread: Re: invalid -default_md sha2 in /usr/share/examples/openssl/openssl.cnf
Indexes:

Home | Main Index | Thread Index | Old Index