From 4c1b972f9ea2d10b7029ea9646279a3ee831129b Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri, 11 Mar 2022 10:53:58 +0100
Subject: [PATCH] set the default message digest to sha256

---
 NEWS.md        | 2 ++
 osslsigncode.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index 2576984..aee5ad9 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,6 +2,8 @@
 
 ### 2.4 (unreleased)
 
+- set the default message digest to sha256
+
 ### 2.3 (2022.03.06)
 
 **CRITICAL SECURITY VULNERABILITIES**
diff --git a/osslsigncode.c b/osslsigncode.c
index d24bf0d..fbc0cd9 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -5603,7 +5603,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS
 		argv++;
 		argc--;
 	}
-	options->md = EVP_sha1();
+	options->md = EVP_sha256();
 	options->signing_time = INVALID_TIME;
 	options->jp = -1;