diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-13 17:06:47 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-16 15:47:10 +0100 |
commit | 773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (patch) | |
tree | cb362a6fa0701bec647b5af953f1ead9d0518ea3 /doc | |
parent | c020faada2688515f8a7c90ab95f8d5b0b3b82ae (diff) | |
download | gnutls-773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56.tar.gz |
Introduced the %VERIFY_ALLOW_BROKEN priority string option
This allows enabling broken signature algorithms in certificate verification.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-cert-auth.texi | 1 | ||||
-rw-r--r-- | doc/cha-gtls-app.texi | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 6145fdf851..75c118dedb 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -631,6 +631,7 @@ certificate chain, you can call @itemize @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2} @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} +@item @code{GNUTLS_VERIFY_ALLOW_BROKEN} @end itemize as in the following example: diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 8b417d6f00..a205667a01 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1355,6 +1355,10 @@ client hello. Note that this should be set only by applications that try to reconnect with a downgraded protocol version. See RFC7507 for details. +@item %VERIFY_ALLOW_BROKEN @tab +will allow signatures with known to be broken algorithms (such as MD5 or +SHA1) in certificate chains. + @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab will allow RSA-MD5 signatures in certificate chains. |