diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-11-06 09:54:54 +0100 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-11-06 09:54:54 +0100 |
| commit | 69e8ce64330a73e6a00c35dac8c36018083e0287 (patch) | |
| tree | 6b8fba284d840d80ee0ca679e783df9d4a331c39 /lib/tls13-sig.c | |
| parent | 4511d0cebd3b37d7878139fd9c6e2fda68707169 (diff) | |
| download | gnutls-69e8ce64330a73e6a00c35dac8c36018083e0287.tar.gz | |
tls-sig: defer allowed sigalg check to gnutls_pubkey_verify_data2
This reverts 485f2551e68d1b4ee70be2960f0a241b4a2b9fb9. After the new
configuration file has been introduced, the allowed algorithms are
checked after this part.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/tls13-sig.c')
| -rw-r--r-- | lib/tls13-sig.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c index b14390e353..a52295faca 100644 --- a/lib/tls13-sig.c +++ b/lib/tls13-sig.c @@ -122,12 +122,8 @@ _gnutls13_handshake_verify_data(gnutls_session_t session, p.data = buf.data; p.size = buf.length; - /* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN - * because we have checked whether the currently used signature - * algorithm is allowed in the session. */ - ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id, - verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN, - &p, signature); + ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id, verify_flags, &p, + signature); if (ret < 0) { gnutls_assert(); goto cleanup; |