summaryrefslogtreecommitdiff
path: root/tests/system-override-sig.c
Commit message (Collapse)AuthorAgeFilesLines
* Replace FSF snail mail addresses with URLStefan Kangas2022-12-271-2/+1
| | | | | | | This is the latest recommendation, as described here: https://www.gnu.org/licenses/gpl-howto.html Signed-off-by: Stefan Kangas <stefankangas@gmail.com>
* config: added ability to override and mark algorithms as disabledNikos Mavrogiannopoulos2019-06-201-0/+53
This allows the system administrator or the distributor to use the gnutls configuration file to mark hashes, signature algorithms, TLS versions, curves, groups, ciphers KX, and MAC algorithms as insecure (the last four only in the context of a TLS session). It also allows to set a minimum profile which the applications cannot fall below. The options intentionally do not allow marking algorithms as secure so that the configuration file cannot be used as an attack vector. This change also makes sure that unsupported and disabled protocols during compile time (e.g., SSL3.0), do not get listed by gnutls-cli. The configuration file feature can be disabled at compile time with an empty --with-system-priority-file. This patch it introduces the function gnutls_get_system_config_file() allowing applications to check whether a configuration file was used. Resolves: #587 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>