]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6280983)
- RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
authorWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 30 Aug 2012 12:02:53 +0000 (12:02 +0000)
committerWouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 30 Aug 2012 12:02:53 +0000 (12:02 +0000)
git-svn-id: file:///svn/unbound/trunk@2753 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog patch | blob | blame | history
validator/val_secalgo.c patch | blob | blame | history

diff --git a/doc/Changelog b/doc/Changelog
index ee65b512a85f8ab523aacadeffb86af5e442cee2..399ea9b46837487c599760be2aeda60bae5fbbf4 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+30 August 2012: Wouter
+       - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
+
 29 August 2012: Wouter
        - Nicer comments outgoing-port-avoid, thanks Stu (bug #465).
 
diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index f3f861ee2a47efccd3f0c3a775cea836ad9fe605..676399733553907555b51c7a0e88cd6706deff5b 100644 (file)
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -152,13 +152,8 @@ dnskey_algo_id_is_supported(int id)
 {
        switch(id) {
        case LDNS_RSAMD5:
-#ifdef HAVE_FIPS_MODE
-               /* openssl can return if the system is in FIPS mode, 
-                * which does not allow MD5 hashes for network traffic */
-               return !FIPS_mode();
-#else
-               return 1;
-#endif
+               /* RFC 6725 deprecates RSAMD5 */
+               return 0;
        case LDNS_DSA:
        case LDNS_DSA_NSEC3:
        case LDNS_RSASHA1:
@@ -621,8 +616,8 @@ dnskey_algo_id_is_supported(int id)
        /* uses libNSS */
        switch(id) {
        case LDNS_RSAMD5:
-               /* disable MD5 support if FIPS mode is enabled in libnss */
-               return !PK11_IsFIPS();
+               /* RFC 6725 deprecates RSAMD5 */
+               return 0;
        case LDNS_DSA:
        case LDNS_DSA_NSEC3:
        case LDNS_RSASHA1:
Mirror of https://github.com/NLnetLabs/unbound.git