]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
decreased certificate verification level to allow SHA1 as hash.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 15 Jan 2014 09:16:44 +0000 (10:16 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 15 Jan 2014 09:16:44 +0000 (10:16 +0100)
lib/gnutls_priority.c

index d3120be610ec7109b1921f77d00c2d4eb98f98fc..34c64ee6c822500c5b2b3afcf29c2f60a8f8dc09 100644 (file)
@@ -662,7 +662,7 @@ int check_level(const char *level, gnutls_priority_t priority_cache,
                func(&priority_cache->supported_ecc, supported_ecc_normal);
 
                if (GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags) == 0)
-                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY);
+                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW);
                if (priority_cache->level == 0)
                        priority_cache->level = GNUTLS_SEC_PARAM_LOW;
                return 1;
@@ -674,7 +674,7 @@ int check_level(const char *level, gnutls_priority_t priority_cache,
                func(&priority_cache->supported_ecc, supported_ecc_normal);
 
                if (GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags) == 0)
-                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY);
+                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW);
                if (priority_cache->level == 0)
                        priority_cache->level = GNUTLS_SEC_PARAM_LOW;
                return 1;
@@ -686,7 +686,7 @@ int check_level(const char *level, gnutls_priority_t priority_cache,
                func(&priority_cache->supported_ecc, supported_ecc_normal);
 
                if (GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags) == 0)
-                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY);
+                       priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW);
                if (priority_cache->level == 0)
                        priority_cache->level = GNUTLS_SEC_PARAM_LOW;
                return 1;