From 538a6bebd6f7a222ab5c3b98e8c83994b718b08a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 26 Jun 2017 15:04:32 +0200
Subject: algorithms/sign: removed TLS identifiers for legacy algorithms

That is, for the MD5-using algorithms, as well as for the DSA2
signature algorithms that were never really used with TLS 1.2.

Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/algorithms/sign.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 84015fc2b3..e7c225a795 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -266,21 +266,21 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .id = GNUTLS_SIGN_DSA_SHA256,
 	 .pk = GNUTLS_PK_DSA,
 	 .hash = GNUTLS_DIG_SHA256,
-	 .aid = {{4, 2}}},
+	 .aid = TLS_SIGN_AID_UNKNOWN},
 	{.name = "RSA-MD5",
 	 .oid = SIG_RSA_MD5_OID,
 	 .id = GNUTLS_SIGN_RSA_MD5,
 	 .pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_MD5,
 	 .slevel = _INSECURE,
-	 .aid = {{1, 1}}},
+	 .aid = TLS_SIGN_AID_UNKNOWN},
 	{.name = "RSA-MD5",
 	 .oid = "1.3.14.3.2.25",
 	 .id = GNUTLS_SIGN_RSA_MD5,
 	 .pk = GNUTLS_PK_RSA,
 	 .hash = GNUTLS_DIG_MD5,
 	 .slevel = _INSECURE,
-	 .aid = {{1, 1}}},
+	 .aid = TLS_SIGN_AID_UNKNOWN},
 	{.name = "RSA-MD2",
 	 .oid = SIG_RSA_MD2_OID,
 	 .id = GNUTLS_SIGN_RSA_MD2,
@@ -318,14 +318,13 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
 	 .id = GNUTLS_SIGN_DSA_SHA384,
 	 .pk = GNUTLS_PK_DSA,
 	 .hash = GNUTLS_DIG_SHA384,
-	 .aid = {{5, 2}}},
+	 .aid = TLS_SIGN_AID_UNKNOWN},
 	{.name = "DSA-SHA512",
 	 .oid = SIG_DSA_SHA512_OID,
 	 .id = GNUTLS_SIGN_DSA_SHA512,
 	 .pk = GNUTLS_PK_DSA,
 	 .hash = GNUTLS_DIG_SHA512,
-	 .aid = {{6, 2}}},
-
+	 .aid = TLS_SIGN_AID_UNKNOWN},
 
 	{0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
 };
-- 
cgit v1.2.1