Allow reverting the SHA1 ban as a signature algorithm

This allows distributors to decide not to ban SHA1. This option may be removed in the future. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-13 17:00:22 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-03-16 15:47:10 +0100
commit: c020faada2688515f8a7c90ab95f8d5b0b3b82ae (patch)
tree: 4f329f9db7587cd3ea5bf7515b29ee27d5fe0cef /m4
parent: 9a1fae278a723af8a817e402349af10e82a1e616 (diff)
download: gnutls-c020faada2688515f8a7c90ab95f8d5b0b3b82ae.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index e8d80a549d..1c4f5b50ce 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -142,6 +142,20 @@ LIBTASN1_MINIMUM=4.9
     AC_MSG_WARN([C99 macros not supported. This may affect compiling.])
   ])
 
+  ac_allow_sha1=no
+  AC_MSG_CHECKING([whether to allow SHA1 as an acceptable hash for digital signatures])
+  AC_ARG_ENABLE(sha1-support,
+    AS_HELP_STRING([--enable-sha1-support],
+                   [allow SHA1 as an acceptable hash for digital signatures]),
+    ac_allow_sha1=$enableval)
+  if test x$ac_allow_sha1 != xno; then
+   AC_MSG_RESULT(no)
+   AC_DEFINE([ALLOW_SHA1], 1, [allow SHA1 as an acceptable hash for digital signatures])
+  else
+   AC_MSG_RESULT(yes)
+  fi
+  AM_CONDITIONAL(ALLOW_SHA1, test "$ac_allow_sha1" != "no")
+
   ac_enable_ssl3=yes
   AC_MSG_CHECKING([whether to disable the SSL 3.0 protocol])
   AC_ARG_ENABLE(ssl3-support,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-13 17:00:22 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-03-16 15:47:10 +0100
commit	c020faada2688515f8a7c90ab95f8d5b0b3b82ae (patch)
tree	4f329f9db7587cd3ea5bf7515b29ee27d5fe0cef /m4
parent	9a1fae278a723af8a817e402349af10e82a1e616 (diff)
download	gnutls-c020faada2688515f8a7c90ab95f8d5b0b3b82ae.tar.gz