summaryrefslogtreecommitdiff
path: root/doc/cha-gtls-app.texi
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2017-03-13 17:06:47 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2017-03-16 15:47:10 +0100
commit773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch)
treecb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc/cha-gtls-app.texi
parentc020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff)
downloadgnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz
Introduced the %VERIFY_ALLOW_BROKEN priority string option
This allows enabling broken signature algorithms in certificate verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r--doc/cha-gtls-app.texi4
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8b417d6f00..a205667a01 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1355,6 +1355,10 @@ client hello. Note that this should be set only by applications that
try to reconnect with a downgraded protocol version. See RFC7507 for
details.
+@item %VERIFY_ALLOW_BROKEN @tab
+will allow signatures with known to be broken algorithms (such as MD5 or
+SHA1) in certificate chains.
+
@item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab
will allow RSA-MD5 signatures in certificate chains.