From 3a66c0a4c068fffcfc8ba63056fccc14318171d6 Mon Sep 17 00:00:00 2001 From: Vladimir Dubrovin <3proxy@3proxy.ru> Date: Mon, 13 Jul 2026 17:14:46 +0300 Subject: [PATCH] Use half sha256 for cert cache --- src/ssllib.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/ssllib.c b/src/ssllib.c index 41fa0ca..62a132a 100644 --- a/src/ssllib.c +++ b/src/ssllib.c @@ -20,9 +20,6 @@ #include #include #include -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -#include -#endif #include "proxy.h" #include "ssl.h" @@ -108,19 +105,18 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config) EVP_PKEY *pk = NULL; RSA *rsa = NULL; - int hash_size = 20; - unsigned char hash_sha1[20]; - char hash_name_sha1[(20*2) + 1]; + unsigned char hash_sha256[32]; + char hash_name_sha256[(16*2) + 1]; char cache_name[256]; - err = X509_digest(src_cert, EVP_sha1(), hash_sha1, NULL); + err = X509_digest(src_cert, EVP_sha256(), hash_sha256, NULL); if(!err){ return NULL; } if(config->certcache){ - bin2hex(hash_sha1, 20, hash_name_sha1, sizeof(hash_name_sha1)); - sprintf(cache_name, "%s%s.pem", config->certcache, hash_name_sha1); + bin2hex(hash_sha256, 16, hash_name_sha256, sizeof(hash_name_sha256)); + sprintf(cache_name, "%s%s.pem", config->certcache, hash_name_sha256); /* check if certificate is already cached */ fcache = BIO_new_file(cache_name, "rb"); if ( fcache != NULL ) { @@ -290,8 +286,5 @@ void ssl_init() SSL_load_error_strings(); _3proxy_mutex_init(&ssl_file_mutex); bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - OSSL_PROVIDER_load(NULL, "default"); -#endif } }