Split up the one big CRL test and deprecate the default message digest.
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 95ccc18..9f44b44 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -2,6 +2,7 @@
 from base64 import b16encode
 from functools import partial
 from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
+from warnings import warn as _warn
 
 from six import (
     integer_types as _integer_types,
@@ -24,6 +25,10 @@
 TYPE_RSA = _lib.EVP_PKEY_RSA
 TYPE_DSA = _lib.EVP_PKEY_DSA
 
+# A marker object to observe whether some optional arguments are passed any
+# value or not.
+_undefined = object()
+
 
 class Error(Exception):
     """
@@ -1707,7 +1712,8 @@
             _raise_current_error()
 
 
-    def export(self, cert, key, type=FILETYPE_PEM, days=100, digest="md5"):
+    def export(self, cert, key, type=FILETYPE_PEM, days=100,
+               digest=_undefined):
         """
         export a CRL as a string
 
@@ -1722,7 +1728,7 @@
         :param days: The number of days until the next update of this CRL.
         :type days: :py:data:`int`
 
-        :param digest: The message digest to use
+        :param digest: The message digest to use (eg ``"sha1"``).
         :type digest: :py:data:`str`
 
         :return: :py:data:`str`
@@ -1734,6 +1740,15 @@
         if not isinstance(type, int):
             raise TypeError("type must be an integer")
 
+        if digest is _undefined:
+            _warn(
+                "The default message digest (md5) is deprecated.  "
+                "Pass the name of a message digest explicitly.",
+                category=DeprecationWarning,
+                stacklevel=2,
+            )
+            digest = "md5"
+
         digest_obj = _lib.EVP_get_digestbyname(_byte_string(digest))
         if digest_obj == _ffi.NULL:
             raise ValueError("No such digest method")