2 files changed, 19 insertions, 6 deletions

diff --git a/bin/bbstored/bbstored-certs.in b/bin/bbstored/bbstored-certs.in
index 00085662..10072a87 100755
--- a/bin/bbstored/bbstored-certs.in
+++ b/bin/bbstored/bbstored-certs.in
@@ -122,7 +122,7 @@ sub cmd_init_create_root
 	
 	# make CSR
 	die "Couldn't run openssl for CSR generation" unless
-		open(CSR,"|openssl req -new -key $key -sha1 -out $csr");
+		open(CSR,"|openssl req -new -key $key -sha256 -out $csr");
 	print CSR <<__E;
 .
 .
@@ -140,7 +140,7 @@ __E
 	die "Certificate request wasn't created.\n" unless -f $csr;
 	
 	# sign it to make a self-signed root CA key
-	if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
+	if(system("openssl x509 -req -in $csr -sha256 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
 	{
 		die "Couldn't generate root certificate."
 	}
@@ -201,7 +201,7 @@ __E
 	my $out_cert = "$cert_dir/clients/$acc"."-cert.pem";
 
 	# sign it!
-	if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
+	if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
 	{
 		die "Signing failed"
 	}
@@ -257,7 +257,7 @@ __E
 	my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem";
 
 	# sign it!
-	if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
+	if(system("openssl x509 -req -in $csr -sha256 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
 	{
 		die "Signing failed"
 	}
diff --git a/bin/bbstored/bbstored-config.in b/bin/bbstored/bbstored-config.in
index 83305c4f..1efaf668 100755
--- a/bin/bbstored/bbstored-config.in
+++ b/bin/bbstored/bbstored-config.in
@@ -202,11 +202,24 @@ Server
 	CertificateFile = $certificate
 	PrivateKeyFile = $private_key
 	TrustedCAsFile = $ca_root_cert
-}
-
+__E
 
+if("@HAVE_SSL_CTX_SET_SECURITY_LEVEL@" eq "1")
+{
+	print CONFIG <<__E;
+	# Box Backup compiled with support for SSLSecurityLevel
+	SSLSecurityLevel = 2
 __E
+}
+else
+{
+	print CONFIG <<__E;
+	# Box Backup compiled without support for SSLSecurityLevel
+	# SSLSecurityLevel = 2
+__E
+}
 
+print CONFIG "}\n";
 close CONFIG;
 
 # explain to the user what they need to do next