diff options
author | Kenneth J. Miller <ken@miller.ec> | 2019-04-15 17:56:13 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-05-21 08:17:06 +0200 |
commit | b1476abeb6f8b5046e6cd62724cdac241f71aa7b (patch) | |
tree | 061a7075bf65f008acc88e2480b03a6607cbedac | |
parent | 5791817e5f30b7ee2c206594104973cdb56e1d6b (diff) | |
download | gnutls-b1476abeb6f8b5046e6cd62724cdac241f71aa7b.tar.gz |
pubkey: remove deprecated TLS1_RSA flag check
The gnutls_certificate_verify_flags comparisons against
OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.
Resolves: #754
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
-rw-r--r-- | lib/pubkey.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index f1a0302fca..2dfe5d56ec 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1678,8 +1678,6 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, } -#define OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA 1 - /* Updates the gnutls_x509_spki_st parameters based on the signature * information, and reports any incompatibilities between the existing * parameters (if any) with the signature algorithm */ @@ -1758,7 +1756,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, return GNUTLS_E_INVALID_REQUEST; } - if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) + if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); memcpy(¶ms, &pubkey->params.spki, sizeof(gnutls_x509_spki_st)); @@ -1830,7 +1828,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, memcpy(¶ms, &key->params.spki, sizeof(gnutls_x509_spki_st)); - if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { + if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) { if (!GNUTLS_PK_IS_RSA(key->params.algo)) return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); params.pk = GNUTLS_PK_RSA; |