github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avformat/tls_openssl: use SHA-256 instead of SHA-1 for self-signed cert

Browse Source 
SHA-1 is deprecated and considered cryptographically weak.
Replace EVP_sha1() with EVP_sha256() when signing self-generated
certificates to comply with modern security standards.
This commit is contained in:
Nariman-Sayed
2026-02-21 23:37:36 +02:00
committed by michaelni
parent f436d885fc
commit 477bf79b06
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/tls_openssl.c
View File

@@ -312,7 +312,7 @@ static int openssl_gen_certificate(EVP_PKEY *pkey, X509 **cert, char **fingerpri
goto einval_end;
}
if (!X509_sign(*cert, pkey, EVP_sha1())) {
if (!X509_sign(*cert, pkey, EVP_sha256())) {
av_log(NULL, AV_LOG_ERROR, "TLS: Failed to sign certificate, %s\n", ERR_error_string(ERR_get_error(), NULL));
goto einval_end;
}