From b2f736f2cb38c6804368b2570ffbbfc151d1a61d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 9 Feb 2011 23:35:45 +0100 Subject: [PATCH] Allow DSA2 even in protocols before TLS 1.2. --- NEWS | 6 ++++++ lib/gnutls_sig.c | 8 -------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index ba01bd7eac..9faf22c1b2 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ See the end for copying conditions. * Version 2.99.0 (unreleased) +** libgnutls: SRP and PSK are no longer set on the default priorities. +They have to be explicitly set. + +** libgnutls: During handshake message verification using DSS +use the hash algorithm required by it. + ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index a4c3f20c4f..287865f73e 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -133,14 +133,6 @@ gnutls_protocol_t ver = gnutls_protocol_get_version (session); { /* override */ *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]); - if (!_gnutls_version_has_selectable_sighash (ver) && *hash_algo != GNUTLS_DIG_SHA1) - { - /* In TLS < 1.2 one cannot use anything but SHA1 - */ - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - ret = _gnutls_session_sign_algo_requested(session, _gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo)); if (ret < 0) return gnutls_assert_val(ret); -- 2.47.3