diff options
| author | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:07:30 +0100 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:07:30 +0100 |
| commit | 5babf9728ae6f063fea93185d03cab0743d3a461 (patch) | |
| tree | 0d0dab4a2aae2781a32400f58e9291bf81d00767 /lib | |
| parent | 29c3b3e7acb542bd488ceb21b1c2e427d6af9a01 (diff) | |
| download | gnutls-5babf9728ae6f063fea93185d03cab0743d3a461.tar.gz | |
libgnutls: Add new priority strings for allowing RSA-MD5 and V1-CA.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gnutls_int.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_priority.c | 13 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 14 |
3 files changed, 20 insertions, 8 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1146bcc04f..4c61fdba92 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -412,6 +412,7 @@ struct gnutls_priority_st /* to disable record padding */ int no_padding; + int additional_verify_flags; }; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 994beeba6e..f160eef391 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation + * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -472,6 +472,9 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * '!' or '-' appended with an algorithm will remove this algorithm. * '+' appended with an algorithm will add this algorithm. * '%COMPAT' will enable compatibility features for a server. + * '%VERIFY_ALLOW_SIGN_RSA_MD5' will allow RSA-MD5 signatures in + * certificate chains. + * '%VERIFY_ALLOW_X509_V1_CA_CRT' will allow V1 CAs in chains. * * To avoid collisions in order to specify a compression algorithm in * this string you have to prefix it with "COMP-", protocol versions @@ -623,6 +626,14 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, { if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) (*priority_cache)->no_padding = 1; + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; else goto error; } diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index d9e6b64be1..6b3c76bc2b 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -171,12 +171,12 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, /* Verify certificate */ - ret = - gnutls_x509_crt_list_verify (peer_certificate_list, - peer_certificate_list_size, - cred->x509_ca_list, cred->x509_ncas, - cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags, status); + ret = gnutls_x509_crt_list_verify (peer_certificate_list, + peer_certificate_list_size, + cred->x509_ca_list, cred->x509_ncas, + cred->x509_crl_list, cred->x509_ncrls, + cred->verify_flags | session->internals.priorities.additional_verify_flags, + status); CLEAR_CERTS; |