From 10ebf799f12d331b4e28336deeff6f13a39c0e87 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 24 Feb 2017 09:09:10 +0100
Subject: is_level_acceptable: no longer checks for broken algorithms

This is done at is_broken_allowed(), and in fact checking them in
is_level_acceptable() creates a conflict when overrides like flag
GNUTLS_VERIFY_ALLOW_BROKEN is used.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/x509/verify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 468714a61f..c4ea75144c 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -373,7 +373,7 @@ int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags)
 			_gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
 			return gnutls_assert_val(0); \
 		} \
-		if (entry->secure == 0 || entry->output_size*8/2 < sym_bits) { \
+		if (entry->output_size*8/2 < sym_bits) { \
 			_gnutls_cert_log("cert", crt); \
 			_gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", entry->output_size*8/2, sym_bits); \
 			return gnutls_assert_val(0); \
-- 
cgit v1.2.1