diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-04-04 16:25:37 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-06-20 15:50:44 +0200 |
| commit | e9366c86ee8434669014fc1544d52e384430072a (patch) | |
| tree | 036ff1eb760c05691288a198bbbfb8e915f43e20 /tests/certs | |
| parent | 90142f2d70018d862cba02067159cad8c7db4239 (diff) | |
| download | gnutls-e9366c86ee8434669014fc1544d52e384430072a.tar.gz | |
config: added ability to override and mark algorithms as disabled
This allows the system administrator or the distributor to use
the gnutls configuration file to mark hashes, signature algorithms,
TLS versions, curves, groups, ciphers KX, and MAC algorithms as
insecure (the last four only in the context of a TLS session).
It also allows to set a minimum profile which the applications
cannot fall below.
The options intentionally do not allow marking algorithms as
secure so that the configuration file cannot be used as an attack
vector. This change also makes sure that unsupported and disabled protocols
during compile time (e.g., SSL3.0), do not get listed by gnutls-cli.
The configuration file feature can be disabled at compile time
with an empty --with-system-priority-file.
This patch it introduces the function gnutls_get_system_config_file()
allowing applications to check whether a configuration file
was used.
Resolves: #587
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/certs')
| -rw-r--r-- | tests/certs/ca-cert-ecc.pem | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tests/certs/ca-cert-ecc.pem b/tests/certs/ca-cert-ecc.pem index ad8a34b552..2e95c957dd 100644 --- a/tests/certs/ca-cert-ecc.pem +++ b/tests/certs/ca-cert-ecc.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +MIICLTCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 -ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw +ZSBhdXRob3JpdHkwHhcNMTEwNTIzMTgzODIxWhcNMzEwNTI0MTIyOTEyWjB9MQsw CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG -SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA -l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= +SM49BAMCA0kAMEYCIQCoTZHO4jSkIKq5UVMnPFzv2MtJHd62KxMPq4Ad5c9RwwIh +AMyj06hO1DGrV3bOPBRJrfWTEzkgA4p1wntYRoPfCTdF -----END CERTIFICATE----- |