Introduced the %VERIFY_ALLOW_BROKEN priority string option

This allows enabling broken signature algorithms in certificate verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-13 17:06:47 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-16 15:47:10 +0100
commit: 773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch)
tree: cb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc
parent: c020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff)
download: gnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 6145fdf851..75c118dedb 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -631,6 +631,7 @@ certificate chain, you can call
 @itemize
 @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2}
 @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5}
+@item @code{GNUTLS_VERIFY_ALLOW_BROKEN}
 @end itemize
 as in the following example:
 
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 8b417d6f00..a205667a01 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1355,6 +1355,10 @@ client hello.  Note that this should be set only by applications that
 try to reconnect with a downgraded protocol version. See RFC7507 for
 details.
 
+@item %VERIFY_ALLOW_BROKEN @tab
+will allow signatures with known to be broken algorithms (such as MD5 or
+SHA1) in certificate chains.
+
 @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab
 will allow RSA-MD5 signatures in certificate chains.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-13 17:06:47 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-16 15:47:10 +0100
commit	773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch)
tree	cb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc
parent	c020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff)
download	gnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz