priority: disable the enabled by default RSA-PSS signature algorithmstmp-tests-include-ccm

They have been modified in the latest (yet unsupported) TLS 1.3
drafts, so prevent causes interoperability failures by keeping them
on.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 7 insertions, 7 deletions

diff --git a/lib/priority.c b/lib/priority.c
index ff49875e7b..6019321405 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004-2015 Free Software Foundation, Inc.
- * Copyright (C) 2015-2017 Red Hat, Inc.
+ * Copyright (C) 2015-2018 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -376,9 +376,9 @@ static const int _sign_priority_default[] = {
 	GNUTLS_SIGN_ECDSA_SHA1,
 
 	/* added on the final position for compatibility purposes */
-	GNUTLS_SIGN_RSA_PSS_SHA256,
+	/*GNUTLS_SIGN_RSA_PSS_SHA256,
 	GNUTLS_SIGN_RSA_PSS_SHA384,
-	GNUTLS_SIGN_RSA_PSS_SHA512,
+	GNUTLS_SIGN_RSA_PSS_SHA512,*/
 
 	GNUTLS_SIGN_EDDSA_ED25519,
 	0
@@ -407,9 +407,9 @@ static const int _sign_priority_secure128[] = {
 	GNUTLS_SIGN_ECDSA_SHA512,
 
 	/* added on the final position for compatibility purposes */
-	GNUTLS_SIGN_RSA_PSS_SHA256,
+	/*GNUTLS_SIGN_RSA_PSS_SHA256,
 	GNUTLS_SIGN_RSA_PSS_SHA384,
-	GNUTLS_SIGN_RSA_PSS_SHA512,
+	GNUTLS_SIGN_RSA_PSS_SHA512,*/
 
 	GNUTLS_SIGN_EDDSA_ED25519,
 	0
@@ -423,8 +423,8 @@ static const int _sign_priority_secure192[] = {
 	GNUTLS_SIGN_ECDSA_SHA512,
 
 	/* added on the final position for compatibility purposes */
-	GNUTLS_SIGN_RSA_PSS_SHA384,
-	GNUTLS_SIGN_RSA_PSS_SHA512,
+	/*GNUTLS_SIGN_RSA_PSS_SHA384,
+	GNUTLS_SIGN_RSA_PSS_SHA512,*/
 	0
 };
 static const int* sign_priority_secure192 = _sign_priority_secure192;