diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 09:09:10 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-24 10:30:42 +0100 |
commit | 10ebf799f12d331b4e28336deeff6f13a39c0e87 (patch) | |
tree | 743d8339838023cbc7bfee213eceeaf7804b1e18 | |
parent | d766bb305afd9ba3006d87aa7aa9d2af91715364 (diff) | |
download | gnutls-10ebf799f12d331b4e28336deeff6f13a39c0e87.tar.gz |
is_level_acceptable: no longer checks for broken algorithms
This is done at is_broken_allowed(), and in fact checking them in
is_level_acceptable() creates a conflict when overrides like flag
GNUTLS_VERIFY_ALLOW_BROKEN is used.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/verify.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 468714a61f..c4ea75144c 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -373,7 +373,7 @@ int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags) _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \ return gnutls_assert_val(0); \ } \ - if (entry->secure == 0 || entry->output_size*8/2 < sym_bits) { \ + if (entry->output_size*8/2 < sym_bits) { \ _gnutls_cert_log("cert", crt); \ _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", entry->output_size*8/2, sym_bits); \ return gnutls_assert_val(0); \ |