From 12a6e49cf11d3b7de623c6279ffbf1387328688f Mon Sep 17 00:00:00 2001
From: Blake Griffith <cowlicks@riseup.net>
Date: Thu, 2 Mar 2017 21:16:19 -0800
Subject: [PATCH] Remove use of sha1 (#4271)

These are not security critical uses of sha1 but they should still be removed.
---
 acme/acme/challenges.py           | 2 +-
 certbot/tests/crypto_util_test.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py
index 3b1e90166..ac4e3d60a 100644
--- a/acme/acme/challenges.py
+++ b/acme/acme/challenges.py
@@ -445,7 +445,7 @@ class TLSSNI01Response(KeyAuthorizationChallengeResponse):
         """
         # pylint: disable=protected-access
         sans = crypto_util._pyopenssl_cert_or_req_san(cert)
-        logger.debug('Certificate %s. SANs: %s', cert.digest('sha1'), sans)
+        logger.debug('Certificate %s. SANs: %s', cert.digest('sha256'), sans)
         return self.z_domain.decode() in sans
 
     def simple_verify(self, chall, domain, account_public_key,
diff --git a/certbot/tests/crypto_util_test.py b/certbot/tests/crypto_util_test.py
index a580574a4..946e772c1 100644
--- a/certbot/tests/crypto_util_test.py
+++ b/certbot/tests/crypto_util_test.py
@@ -336,8 +336,8 @@ class CertLoaderTest(unittest.TestCase):
         from certbot.crypto_util import pyopenssl_load_certificate
 
         cert, file_type = pyopenssl_load_certificate(CERT)
-        self.assertEqual(cert.digest('sha1'),
-                         OpenSSL.crypto.load_certificate(file_type, CERT).digest('sha1'))
+        self.assertEqual(cert.digest('sha256'),
+                         OpenSSL.crypto.load_certificate(file_type, CERT).digest('sha256'))
 
     def test_load_invalid_cert(self):
         from certbot.crypto_util import pyopenssl_load_certificate