diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-21 13:20:02 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-21 15:10:53 +0100 |
| commit | 9fc8a8444633f91f439850a92927987fde515835 (patch) | |
| tree | 789267201185d0a822bfd25205fe654b95af0699 | |
| parent | 882667663e0e0ca0549b287b8f239da6b7a9da3a (diff) | |
| download | gnutls-9fc8a8444633f91f439850a92927987fde515835.tar.gz | |
_gnutls_check_key_cert_match: allow broken sigs
That ensures that when loading a certificate pair with SHA1, when
SHA1 is disabled will not cause the server to fail to load.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/cert.c b/lib/cert.c index 825354509f..edcd413776 100644 --- a/lib/cert.c +++ b/lib/cert.c @@ -918,7 +918,7 @@ int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res) ret = gnutls_pubkey_verify_data2(res->certs[res->ncerts - 1].cert_list[0].pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), - 0, &test, &sig); + GNUTLS_VERIFY_ALLOW_BROKEN, &test, &sig); gnutls_free(sig.data); |