读好书,交益友
分类: 网络与安全
2012-10-18 15:30:23
Since 2004, MD2 is not considered safe; it is vulnerable to a preimage attack with time complexity. Some Certificate Authorities and vendors are starting to not support MD2.
当然也包括verisign。
Sun released the Java SE version 1.6.0_17, they have removed the support for MD2 hash algorithm in certificates。
如果使用,Caused by: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled
Internet Explorer 8+ on Windows 7 SP1+ no longer accepts Authenticode signatures that use the MD2 or MD4 hashing algorithms in the certificate chain. (MD2 and MD4 on the root itself isn’t a worry, because the root itself is installed on the machine).
OpenSSL 1.0 and later does not include the MD2 digest algorithm in the default configuration due to its security weaknesses.
如果支持md2,需要编译时加上enable-md2
如果使用
md = EVP_get_digestbyname (digest);
digets是md2时,一直返回NULL。
但是EVP_md2();还是可以使用的
代码改为
const EVP_MD *md = NULL;
ASSERT (digest);
if(0 == strcasecmp(digest,"md2")||0 == strcasecmp(digest,"rsa-md2"))
{
md = EVP_md2();
}
else
{
md = EVP_get_digestbyname (digest);
}
或者
在 OpenSSL_add_all_digests();后面添加
EVP_add_digest(EVP_md2());