From 71960940163e248e0af20fdc3fcd782382d47622 Mon Sep 17 00:00:00 2001
From: Koichiro IWAO <meta@vmeta.jp>
Date: Wed, 16 Nov 2016 17:24:26 +0900
Subject: [PATCH] Do not create SHA-1 certificates anymore

as many systems in the world still default to create SHA-1 certs if
hash algorithm is not specified explicitly.
---
 keygen/Makefile.am | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keygen/Makefile.am b/keygen/Makefile.am
index 8cdea746..e77fe24e 100644
--- a/keygen/Makefile.am
+++ b/keygen/Makefile.am
@@ -19,7 +19,7 @@ xrdpsysconfdir = $(sysconfdir)/xrdp
 install-data-hook:
 	umask 077 && \
 	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini ]; then ./xrdp-keygen xrdp $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini; fi && \
-	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/cert.pem ]; then openssl req -x509 -newkey rsa:2048 -nodes -keyout $(DESTDIR)$(xrdpsysconfdir)/key.pem -out $(DESTDIR)$(xrdpsysconfdir)/cert.pem -days 365 -subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org; fi
+	  if [ ! -f $(DESTDIR)$(xrdpsysconfdir)/cert.pem ]; then openssl req -x509 -newkey rsa:2048 -sha256 -nodes -keyout $(DESTDIR)$(xrdpsysconfdir)/key.pem -out $(DESTDIR)$(xrdpsysconfdir)/cert.pem -days 365 -subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org; fi
 
 uninstall-hook:
 	rm -f $(DESTDIR)$(xrdpsysconfdir)/rsakeys.ini