Use sha256 as default message_digest (issue #69).

README.md

@@ -73,7 +73,7 @@ The following are for the default values for fields place in the certificate fro
 * `node['openvpn']['key']['email']` - `KEY_EMAIL`
 
 The following lets you specify the message digest used for generating certificates by OpenVPN
-* `node['openvpn']['key']['message_digest'] - `sha1` . Recommend using sha256 or higher for security.
+* `node['openvpn']['key']['message_digest'] - Default is `sha256` for a high level of security.
 
 
 Recipes

attributes/default.rb

@@ -21,15 +21,15 @@
 default['openvpn']['configure_default_server'] = true
 
 # Used by helper library to generate certificates/keys
-default['openvpn']['key']['ca_expire'] = 3650
-default['openvpn']['key']['expire']    = 3650
-default['openvpn']['key']['size']      = 1024
-default['openvpn']['key']['country']   = 'US'
-default['openvpn']['key']['province']  = 'CA'
-default['openvpn']['key']['city']      = 'San Francisco'
-default['openvpn']['key']['org']       = 'Fort Funston'
-default['openvpn']['key']['email']     = 'admin@foobar.com'
-default['openvpn']['key']['message_digest'] = 'sha1'
+default['openvpn']['key']['ca_expire']      = 3650
+default['openvpn']['key']['expire']         = 3650
+default['openvpn']['key']['size']           = 1024
+default['openvpn']['key']['country']        = 'US'
+default['openvpn']['key']['province']       = 'CA'
+default['openvpn']['key']['city']           = 'San Francisco'
+default['openvpn']['key']['org']            = 'Fort Funston'
+default['openvpn']['key']['email']          = 'admin@foobar.com'
+default['openvpn']['key']['message_digest'] = 'sha256'
 
 # Cookbook attributes
 default['openvpn']['key_dir']         = '/etc/openvpn/keys'

test/integration/server/serverspec/server_spec.rb

@@ -13,7 +13,7 @@
   describe file('/etc/openvpn/easy-rsa/pkitool') do
     describe '#content' do
       subject { super().content }
-      it { is_expected.to include '-md sha1' }
+      it { is_expected.to include '-md sha256' }
     end
   end
 end