diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-23 08:37:50 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-25 14:26:38 +0200 |
commit | 1bec2f8c843eb6937bce4106bf9ff7fa3f7410f5 (patch) | |
tree | 4e9c375ad11fe81f4d87d6b3d488a17b13800552 | |
parent | 0ad717cf20fa2ac4c1c293ff6662707704da10f7 (diff) | |
download | gnutls-1bec2f8c843eb6937bce4106bf9ff7fa3f7410f5.tar.gz |
signature: on client side, refuse to negotiate non-enabled signature schemes
That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4:
"On client side allow signing with the signature algorithm of our cert"
Previously, when we initially disabled DSA, we allowed client certificates
which can do DSA-SHA1 to be utilized to ease migration from these certificates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | lib/ext/signature.c | 10 |
2 files changed, 17 insertions, 1 deletions
@@ -23,6 +23,14 @@ See the end for copying conditions. TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm in TLS 1.2. As such, no reason to keep supporting it. +** libgnutls: Refuse to use client certificates containing disallowed + algorithms for a session. That reverts a change on 3.5.5, which allowed + a client to use DSA-SHA1 due to his old DSA certificate, without requiring him + to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). + The previous approach was to allow a smooth move to client infrastructure + after the DSA algorithm became disabled by default, and is no longer necessary + as DSA is now being universally depracated. + ** p11tool: added options --sign-params and --hash. This allows testing signature with multiple algorithms, including RSA-PSS. diff --git a/lib/ext/signature.c b/lib/ext/signature.c index 61a67b0d31..5961ffc51a 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -296,7 +296,7 @@ _gnutls_session_get_sign_algo(gnutls_session_t session, priv->sign_algorithms[i]) < 0) continue; - if (!client_cert && _gnutls_session_sign_algo_enabled + if (_gnutls_session_sign_algo_enabled (session, priv->sign_algorithms[i]) < 0) continue; @@ -304,6 +304,14 @@ _gnutls_session_get_sign_algo(gnutls_session_t session, } } + /* When having a legacy client certificate which can only be signed + * using algorithms we don't always enable by default (e.g., DSA-SHA1), + * continue and sign with it. */ + if (client_cert) { + _gnutls_audit_log(session, "No shared signature schemes with peer for client certificate (%s). Is the certificate a legacy one?", + gnutls_pk_get_name(cert_algo)); + } + fail: return GNUTLS_SIGN_UNKNOWN; } |