openssl - What is the public key default MD

In openssl.cnf default_md (use public key default MD) is set to default. How can I find out what the default is without generating a certificate? Is there a file I can check where it lists the default?

md stands for message digest and from openssl version 1.1 the default digest is sha256.

-md alg

the message digest to use. Any digest supported by the OpenSSL dgst command can be used. This option also applies to CRLs.

https://www.openssl.org/docs/manmaster/man1/ca.html

The default digest was changed from MD5 to SHA256 in Openssl 1.1.

https://www.openssl.org/docs/manmaster/man1/dgst.html

Since 1.0.0 (in 2010), the default hash used by req and ca -- or more exactly the default used by the internal functions those commands call, X509_sign X509_REQ_sign X509_CRL_sign -- is determined in ASN1_item_sign by calling EVP_PKEY_get_default_digest_nid which uses pkey->ameth->pkey_ctrl(pkey,ASN1_PKEY_CTRL_DEFAULT_MD_NID,...). Thus in principle the hash choice could depend on the key type or even the actual key, but for the three public-key-signature types currently supported (RSA, DSA, ECDSA) it is in fact hardcoded: in 1.0.0 and 1.0.1 it is SHA1, and in 1.0.2 1.1.0 and 1.1.1 it is SHA256.

Before that, in 0.9.8, the default for req was hardcoded as SHA1, but for ca there was no default: if you didn't specify a hash on the commandline, and you didn't have default_md set to a valid hash, it failed. The upstream config, which might or might not be used in any particular case, had it set to sha1.