diff options
-rw-r--r-- | lib/x509/output.c | 6 | ||||
-rw-r--r-- | lib/x509/verify.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index b12c4890e4..ac652fee18 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1635,7 +1635,7 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert, print_crt_sig_params(str, cert, format); - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) { + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { adds(str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); @@ -1862,7 +1862,7 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) else p = name; - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure( err) == 0) + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) addf(str, _("signed using %s (broken!), "), p); else addf(str, _("signed using %s, "), p); @@ -2279,7 +2279,7 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) addf(str, _("\tSignature Algorithm: %s\n"), p); gnutls_free(name); - if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) { + if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) { adds(str, _("warning: signed using a broken signature " "algorithm that can be forged.\n")); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index e27c5dfdaa..002fac6f2a 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -782,7 +782,7 @@ verify_crt(gnutls_x509_crt_t cert, * used are secure. If the certificate is self signed it doesn't * really matter. */ - if (gnutls_sign_is_secure(sigalg) == 0 && + if (gnutls_sign_is_secure2(sigalg, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0 && _gnutls_is_broken_sig_allowed(sigalg, flags) == 0 && is_issuer(cert, cert) == 0) { MARK_INVALID(GNUTLS_CERT_INSECURE_ALGORITHM); |