diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-13 17:13:48 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-16 15:47:10 +0100 |
commit | eb3650c4602ea9b92cfd084ef417bc7f6b89555c (patch) | |
tree | 644cb5ee31ebed4acb8cfe60f59f2d5e335f58c9 /doc | |
parent | 773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (diff) | |
download | gnutls-eb3650c4602ea9b92cfd084ef417bc7f6b89555c.tar.gz |
Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
This allows performing a verification with only SHA1 allowed
from the broken algorithms. This can be used to fine-tune
verification in case default verification fails, to detect
whether the failed algorithm was SHA1.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-cert-auth.texi | 1 | ||||
-rw-r--r-- | doc/cha-gtls-app.texi | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 75c118dedb..1da3ce3bd9 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -631,6 +631,7 @@ certificate chain, you can call @itemize @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2} @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} +@item @code{GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1} @item @code{GNUTLS_VERIFY_ALLOW_BROKEN} @end itemize as in the following example: diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index a205667a01..fb4a5aa2f5 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1362,6 +1362,9 @@ SHA1) in certificate chains. @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab will allow RSA-MD5 signatures in certificate chains. +@item %VERIFY_ALLOW_SIGN_WITH_SHA1 @tab +will allow signatures with SHA1 hash algorithm in certificate chains. + @item %VERIFY_DISABLE_CRL_CHECKS @tab will disable CRL or OCSP checks in the verification of the certificate chain. |