From d200d72fb7e9bdfa53fb0e60767664480ee45f6b Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri, 11 Mar 2022 10:53:58 +0100
Subject: [PATCH] set the default message digest to sha256

---
 NEWS.md        | 2 ++
 osslsigncode.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index 2576984..aee5ad9 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,6 +2,8 @@
 
 ### 2.4 (unreleased)
 
+- set the default message digest to sha256
+
 ### 2.3 (2022.03.06)
 
 **CRITICAL SECURITY VULNERABILITIES**
diff --git a/osslsigncode.c b/osslsigncode.c
index a4d1d4e..14bc095 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -5602,7 +5602,7 @@ static int main_configure(int argc, char **argv, cmd_type_t *cmd, GLOBAL_OPTIONS
 		argv++;
 		argc--;
 	}
-	options->md = EVP_sha1();
+	options->md = EVP_sha256();
 	options->signing_time = INVALID_TIME;
 	options->jp = -1;