Force SHA256 for code signing.

CMakeLists.txt

@@ -647,7 +647,7 @@ if(WIN32)
     if(SIGN_WINDOWS_BINARIES)
         # Add finalize command for NSIS so the installer/uninstaller can be
         # signed too.
-        set(CPACK_NSIS_FINALIZE_CMD "mv %1 %1.tmp; ${OSSLSIGNCODE_BIN} sign -pkcs11engine ${PKCS11_ENGINE} -pkcs11module ${PKCS11_MODULE} -pkcs11cert \\\"${PKCS11_CERTIFICATE}\\\" -key \\\"${PKCS11_KEY}\\\" -t ${TIMESTAMP_SERVER} -in %1.tmp -out %1")
+        set(CPACK_NSIS_FINALIZE_CMD "mv %1 %1.tmp; ${OSSLSIGNCODE_BIN} sign -pkcs11engine ${PKCS11_ENGINE} -pkcs11module ${PKCS11_MODULE} -pkcs11cert \\\"${PKCS11_CERTIFICATE}\\\" -key \\\"${PKCS11_KEY}\\\" -h sha256 -ts ${TIMESTAMP_SERVER} -in %1.tmp -out %1")
     endif(SIGN_WINDOWS_BINARIES)
 
     include(CPack)

src/CMakeLists.txt

@@ -178,7 +178,7 @@ if(SIGN_WINDOWS_BINARIES)
         TARGET freedv 
         POST_BUILD
         COMMAND mv $<TARGET_FILE:freedv> $<TARGET_FILE:freedv>.tmp
-        COMMAND ${OSSLSIGNCODE_BIN} ARGS sign -pkcs11engine ${PKCS11_ENGINE} -pkcs11module ${PKCS11_MODULE} -pkcs11cert "${PKCS11_CERTIFICATE}" -key "${PKCS11_KEY}" -t ${TIMESTAMP_SERVER} -in $<TARGET_FILE:freedv>.tmp -out $<TARGET_FILE:freedv>
+        COMMAND ${OSSLSIGNCODE_BIN} ARGS sign -pkcs11engine ${PKCS11_ENGINE} -pkcs11module ${PKCS11_MODULE} -pkcs11cert "${PKCS11_CERTIFICATE}" -key "${PKCS11_KEY}" -h sha256 -ts ${TIMESTAMP_SERVER} -in $<TARGET_FILE:freedv>.tmp -out $<TARGET_FILE:freedv>
         COMMAND rm $<TARGET_FILE:freedv>.tmp
         VERBATIM)
 endif(SIGN_WINDOWS_BINARIES)