gnutls_x509_*_sign: no longer sign with SHA1

Modify the behavior of the functions to sign with an appropriate to the public key hash algorithm. That although it modifies the semantics of the functions, it allows them to be useful even after SHA1 is considered insecure. In addition to that, the functions which accept a hash algorithm, will accept a null hash, which instructs the function to select a reasonable choice. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-09-07 08:21:47 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-09-08 08:55:38 +0200
commit: d4f53725183006498aca205c35aea0dbf1e7ad1d (patch)
tree: a48a91c269f3926f0282d28f0561d01a1ff6a733 /lib/x509/x509.c
parent: 3a91d55f272cd2e9c49b81c0662ed18aea0c6022 (diff)
download: gnutls-d4f53725183006498aca205c35aea0dbf1e7ad1d.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index d513b8e2fe..a383a47821 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3183,7 +3183,7 @@ gnutls_x509_crt_check_key_purpose(gnutls_x509_crt_t cert,
  * gnutls_x509_crt_get_preferred_hash_algorithm:
  * @crt: Holds the certificate
  * @hash: The result of the call with the hash algorithm used for signature
- * @mand: If non-zero it means that the algorithm MUST use this hash. May be NULL.
+ * @mand: If non-zero it means that the algorithm MUST use this hash. May be %NULL.
  *
  * This function will read the certificate and return the appropriate digest
  * algorithm to use for signing with this certificate. Some certificates (i.e.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-09-07 08:21:47 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-09-08 08:55:38 +0200
commit	d4f53725183006498aca205c35aea0dbf1e7ad1d (patch)
tree	a48a91c269f3926f0282d28f0561d01a1ff6a733 /lib/x509/x509.c
parent	3a91d55f272cd2e9c49b81c0662ed18aea0c6022 (diff)
download	gnutls-d4f53725183006498aca205c35aea0dbf1e7ad1d.tar.gz