diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 08:46:01 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 12:26:43 +0100 |
commit | e2de2924506edec3183648225d5c08b5e29bbf61 (patch) | |
tree | 38422fd955be0411d9a22453ac09127e2bab1831 /lib | |
parent | 4b5216d9b8ed0f135688da2b673c26d6d07df3ae (diff) | |
download | gnutls-e2de2924506edec3183648225d5c08b5e29bbf61.tar.gz |
verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/x509/verify.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 84746d4e85..2a89883513 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -350,12 +350,16 @@ static unsigned int check_time_status(gnutls_x509_crt_t crt, time_t now) static int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags) { + /* the first two are for backwards compatibility */ if ((sig == GNUTLS_SIGN_RSA_MD2) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) return 1; if ((sig == GNUTLS_SIGN_RSA_MD5) && (flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)) return 1; + /* we no longer have individual flags - but rather a catch all */ + if ((flags & GNUTLS_VERIFY_ALLOW_BROKEN) == GNUTLS_VERIFY_ALLOW_BROKEN) + return 1; return 0; } |