diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 09:09:10 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 12:26:43 +0100 |
commit | fbf1af1e852dfe5bb255e6bed608d0fc02561102 (patch) | |
tree | a02f88ca5fadb2db695861128bf29eb0fa668c19 | |
parent | 1f2f9dafe00f6d240cb8c67f49bfadfd020e0304 (diff) | |
download | gnutls-fbf1af1e852dfe5bb255e6bed608d0fc02561102.tar.gz |
is_level_acceptable: no longer checks for broken algorithms
This is done at is_broken_allowed(), and in fact checking them in
is_level_acceptable() creates a conflict when overrides like flag
GNUTLS_VERIFY_ALLOW_BROKEN is used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/verify.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 2a89883513..cfd79befc4 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -373,7 +373,7 @@ int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags) _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \ return gnutls_assert_val(0); \ } \ - if (entry->secure == 0 || entry->output_size*8/2 < sym_bits) { \ + if (entry->output_size*8/2 < sym_bits) { \ _gnutls_cert_log("cert", crt); \ _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", entry->output_size*8/2, sym_bits); \ return gnutls_assert_val(0); \ |