actually deprecate MD5 and MD2 signatures during X.509 verification by treating them as invalid unless the GNUTLS_VERIFY_ALLOW_SIGN_RSA_{MD5,MD2} flags are present.

author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2009-01-06 10:46:01 -0500
committer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2009-01-06 10:46:01 -0500
commit: ebbd1b6feedb6bfb5651da73ee064738d3d2264f (patch)
tree: 6200d0716dc7a320a9364b2de38c0a91b9af3e77 /lib
parent: c17774b6c5a17b2079eb4125b518343431af34fe (diff)
download: gnutls-ebbd1b6feedb6bfb5651da73ee064738d3d2264f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 02964bafc8..c00b4bf499 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -320,6 +320,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
 	{
 	  if (output)
 	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+	  ret = 0;
 	}
     }
 
@@ -1036,6 +1037,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
       {
 	if (output)
 	  *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+	ret = 0;
       }
   }
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2009-01-06 10:46:01 -0500
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2009-01-06 10:46:01 -0500
commit	ebbd1b6feedb6bfb5651da73ee064738d3d2264f (patch)
tree	6200d0716dc7a320a9364b2de38c0a91b9af3e77 /lib
parent	c17774b6c5a17b2079eb4125b518343431af34fe (diff)
download	gnutls-ebbd1b6feedb6bfb5651da73ee064738d3d2264f.tar.gz