Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1

This allows performing a verification with only SHA1 allowed from the broken algorithms. This can be used to fine-tune verification in case default verification fails, to detect whether the failed algorithm was SHA1. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-13 17:13:48 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-16 15:47:10 +0100
commit: eb3650c4602ea9b92cfd084ef417bc7f6b89555c (patch)
tree: 644cb5ee31ebed4acb8cfe60f59f2d5e335f58c9 /lib/priority_options.gperf
parent: 773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (diff)
download: gnutls-eb3650c4602ea9b92cfd084ef417bc7f6b89555c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/priority_options.gperf b/lib/priority_options.gperf
index 0808ffc87a..9de43785bb 100644
--- a/lib/priority_options.gperf
+++ b/lib/priority_options.gperf
@@ -15,6 +15,7 @@ NO_SESSION_HASH, enable_no_ext_master_secret
 STATELESS_COMPRESSION, enable_stateless_compression
 VERIFY_ALLOW_BROKEN, enable_verify_allow_broken
 VERIFY_ALLOW_SIGN_RSA_MD5, enable_verify_allow_rsa_md5
+VERIFY_ALLOW_SIGN_WITH_SHA1, enable_verify_allow_sha1
 VERIFY_DISABLE_CRL_CHECKS, disable_crl_checks
 SSL3_RECORD_VERSION, enable_ssl3_record_version
 LATEST_RECORD_VERSION, enable_latest_record_version
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-13 17:13:48 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-16 15:47:10 +0100
commit	eb3650c4602ea9b92cfd084ef417bc7f6b89555c (patch)
tree	644cb5ee31ebed4acb8cfe60f59f2d5e335f58c9 /lib/priority_options.gperf
parent	773f7e8e3d16a0426c11edd7c3d8883ab6ee3a56 (diff)
download	gnutls-eb3650c4602ea9b92cfd084ef417bc7f6b89555c.tar.gz