]> git.ipfire.org Git - thirdparty/unbound.git/commit
projects / thirdparty / unbound.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 730a03e) | patch
Make SHA-1 signed domains insecure if openssl refuses the digest
authorPetr Mensik <pemensik@redhat.com>
Fri, 8 Apr 2022 10:15:14 +0000 (12:15 +0200)
committerPetr Mensik <pemensik@redhat.com>
Fri, 8 Apr 2022 14:26:50 +0000 (16:26 +0200)
commit6cfcf214516b93622602684be5c3036bc1e3df1e
tree5eda44cde9e793f0c95ed9a38d1e65892d2ad99etree
parent730a03e9bd9daa39b8028e7ec5cc64ea2b0b5df6commit | diff
Make SHA-1 signed domains insecure if openssl refuses the digest

RHEL9/CentOS 9 would fail in default crypto policy. If call to openssl
returns invalid digest then report the name insecure. If all tested
signatures return the same issue, then make the reply insecure.
validator/val_secalgo.c diff | blob | blame | history
validator/val_sigcrypt.c diff | blob | blame | history
Mirror of https://github.com/NLnetLabs/unbound.git