diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-01-06 10:46:01 -0500 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2009-01-06 10:46:01 -0500 |
| commit | ebbd1b6feedb6bfb5651da73ee064738d3d2264f (patch) | |
| tree | 6200d0716dc7a320a9364b2de38c0a91b9af3e77 | |
| parent | c17774b6c5a17b2079eb4125b518343431af34fe (diff) | |
| download | gnutls-ebbd1b6feedb6bfb5651da73ee064738d3d2264f.tar.gz | |
actually deprecate MD5 and MD2 signatures during X.509 verification by treating them as invalid unless the GNUTLS_VERIFY_ALLOW_SIGN_RSA_{MD5,MD2} flags are present.
| -rw-r--r-- | lib/x509/verify.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 02964bafc8..c00b4bf499 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -320,6 +320,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, { if (output) *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; + ret = 0; } } @@ -1036,6 +1037,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, { if (output) *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; + ret = 0; } } |