From aa426c6790ef006d68be6ef8e68a7afd91596339 Mon Sep 17 00:00:00 2001
From: Chris Fordham <chris@fordham-nagy.id.au>
Date: Sun, 21 Feb 2016 12:24:10 +1100
Subject: [PATCH] Use sha256 as default message_digest (issue #69).

---
 README.md                                      |  2 +-
 attributes/default.rb                          | 18 +++++++++---------
 .../server/serverspec/server_spec.rb           |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 90bc2380..c57a9120 100644
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ The following are for the default values for fields place in the certificate fro
 * `node['openvpn']['key']['email']` - `KEY_EMAIL`
 
 The following lets you specify the message digest used for generating certificates by OpenVPN
-* `node['openvpn']['key']['message_digest'] - `sha1` . Recommend using sha256 or higher for security.
+* `node['openvpn']['key']['message_digest'] - Default is `sha256` for a high level of security.
 
 
 Recipes
diff --git a/attributes/default.rb b/attributes/default.rb
index bf477ad8..e2c47c39 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -21,15 +21,15 @@
 default['openvpn']['configure_default_server'] = true
 
 # Used by helper library to generate certificates/keys
-default['openvpn']['key']['ca_expire'] = 3650
-default['openvpn']['key']['expire']    = 3650
-default['openvpn']['key']['size']      = 1024
-default['openvpn']['key']['country']   = 'US'
-default['openvpn']['key']['province']  = 'CA'
-default['openvpn']['key']['city']      = 'San Francisco'
-default['openvpn']['key']['org']       = 'Fort Funston'
-default['openvpn']['key']['email']     = 'admin@foobar.com'
-default['openvpn']['key']['message_digest'] = 'sha1'
+default['openvpn']['key']['ca_expire']      = 3650
+default['openvpn']['key']['expire']         = 3650
+default['openvpn']['key']['size']           = 1024
+default['openvpn']['key']['country']        = 'US'
+default['openvpn']['key']['province']       = 'CA'
+default['openvpn']['key']['city']           = 'San Francisco'
+default['openvpn']['key']['org']            = 'Fort Funston'
+default['openvpn']['key']['email']          = 'admin@foobar.com'
+default['openvpn']['key']['message_digest'] = 'sha256'
 
 # Cookbook attributes
 default['openvpn']['key_dir']         = '/etc/openvpn/keys'
diff --git a/test/integration/server/serverspec/server_spec.rb b/test/integration/server/serverspec/server_spec.rb
index 6da37edd..57183164 100644
--- a/test/integration/server/serverspec/server_spec.rb
+++ b/test/integration/server/serverspec/server_spec.rb
@@ -13,7 +13,7 @@
   describe file('/etc/openvpn/easy-rsa/pkitool') do
     describe '#content' do
       subject { super().content }
-      it { is_expected.to include '-md sha1' }
+      it { is_expected.to include '-md sha256' }
     end
   end
 end