diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-23 20:20:58 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-26 07:46:43 +0100 |
commit | 49d27a55031e72ade52984f5cd94e82e97b46228 (patch) | |
tree | 373f1d010011a93d7f246e79ce3de996d45d256a /m4 | |
parent | 58a45b8c2fbf2f0ff22e1c7c7762d0cb00855df9 (diff) | |
download | gnutls-49d27a55031e72ade52984f5cd94e82e97b46228.tar.gz |
x509: do not tolerate invalid DER time
This effectively reverts !400 and ensures that we no longer tolerate
invalid DER time. This complements the previous commit by Lili Quan
and ensures we provide the --disable-strict-der-time backwards compatibility
option.
Resolves: #207
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'm4')
-rw-r--r-- | m4/hooks.m4 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 34a5b38eb9..49367bd1da 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -144,6 +144,20 @@ LIBTASN1_MINIMUM=4.9 AC_MSG_WARN([C99 macros not supported. This may affect compiling.]) ]) + ac_strict_der_time=yes + AC_MSG_CHECKING([whether to disable strict DER time encodings for backwards compatibility]) + AC_ARG_ENABLE(strict-der-time, + AS_HELP_STRING([--disable-strict-der-time], + [allow non compliant DER time values]), + ac_strict_der_time=$enableval) + if test x$ac_strict_der_time != xno; then + AC_MSG_RESULT(no) + AC_DEFINE([STRICT_DER_TIME], 1, [force strict DER time constraints]) + else + AC_MSG_RESULT(yes) + fi + AM_CONDITIONAL(STRICT_DER_TIME, test "$ac_strict_der_time" != "no") + ac_allow_sha1=no AC_MSG_CHECKING([whether to allow SHA1 as an acceptable hash for cert digital signatures]) AC_ARG_ENABLE(sha1-support, |