diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-21 13:20:02 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-22 08:46:04 +0100 |
| commit | 6ef0944c12a9ea3f5e841aea76f433d6e1cd353c (patch) | |
| tree | 5af2e5f8d525a7ce8068432183a0b6ea0f605a4f | |
| parent | 6b5d11a29afd6d45b2d4eca131a570f87a2503ac (diff) | |
| download | gnutls-6ef0944c12a9ea3f5e841aea76f433d6e1cd353c.tar.gz | |
_gnutls_check_key_cert_match: allow broken sigs
That ensures that when loading a certificate pair with SHA1, when
SHA1 is disabled will not cause the server to fail to load.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/cert.c b/lib/cert.c index 9e42de1c51..a1bcfee040 100644 --- a/lib/cert.c +++ b/lib/cert.c @@ -918,7 +918,7 @@ int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res) ret = gnutls_pubkey_verify_data2(res->certs[res->ncerts - 1].cert_list[0].pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), - 0, &test, &sig); + GNUTLS_VERIFY_ALLOW_BROKEN, &test, &sig); gnutls_free(sig.data); |