diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 08:46:01 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 10:30:42 +0100 |
commit | f20525b5eac8adff2926bc9c0ee8ab98940680e8 (patch) | |
tree | 85031425b0e4982204f23b640d40874b5d68de03 | |
parent | d08d141d83fce6dcc0219ca75e93763963608bb2 (diff) | |
download | gnutls-f20525b5eac8adff2926bc9c0ee8ab98940680e8.tar.gz |
verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/verify.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 3159e70f6f..468714a61f 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -350,12 +350,16 @@ static unsigned int check_time_status(gnutls_x509_crt_t crt, time_t now) static int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags) { + /* the first two are for backwards compatibility */ if ((sig == GNUTLS_SIGN_RSA_MD2) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) return 1; if ((sig == GNUTLS_SIGN_RSA_MD5) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)) return 1; + /* we no longer have individual flags - but rather a catch all */ + if ((flags & GNUTLS_VERIFY_ALLOW_BROKEN) == GNUTLS_VERIFY_ALLOW_BROKEN) + return 1; return 0; } |