Introduced the %VERIFY_ALLOW_BROKEN priority string option

This allows enabling broken signature algorithms in certificate verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-13 17:06:47 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-16 15:47:10 +0100
commit: 773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch)
tree: cb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc/cha-gtls-app.texi
parent: c020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff)
download: gnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8b417d6f00..a205667a01 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1355,6 +1355,10 @@ client hello.  Note that this should be set only by applications that
 try to reconnect with a downgraded protocol version. See RFC7507 for
 details.
 
+@item %VERIFY_ALLOW_BROKEN @tab
+will allow signatures with known to be broken algorithms (such as MD5 or
+SHA1) in certificate chains.
+
 @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab
 will allow RSA-MD5 signatures in certificate chains.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-13 17:06:47 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-16 15:47:10 +0100
commit	773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch)
tree	cb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc/cha-gtls-app.texi
parent	c020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff)
download	gnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz