is_level_acceptable: no longer checks for broken algorithms

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Fri, 24 Feb 2017 08:09:10 +0000 (09:09 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Fri, 24 Feb 2017 09:30:42 +0000 (10:30 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 24 Feb 2017 08:09:10 +0000 (09:09 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 24 Feb 2017 09:30:42 +0000 (10:30 +0100)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c

index 468714a61f25be82fe81e7d8fcbd910be10b560f..c4ea75144c7a77bd9a70141886216d601177e841 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -373,7 +373,7 @@ int is_broken_allowed(gnutls_sign_algorithm_t sig, unsigned int flags)
                         _gnutls_debug_log(#level": certificate's signature hash is unknown\n"); \
                         return gnutls_assert_val(0); \
                 } \
-               if (entry->secure == 0 || entry->output_size*8/2 < sym_bits) { \
+               if (entry->output_size*8/2 < sym_bits) { \
                         _gnutls_cert_log("cert", crt); \
                         _gnutls_debug_log(#level": certificate's signature hash strength is unacceptable (is %u bits, needed %u)\n", entry->output_size*8/2, sym_bits); \
                         return gnutls_assert_val(0); \
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Fri, 24 Feb 2017 08:09:10 +0000 (09:09 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Fri, 24 Feb 2017 09:30:42 +0000 (10:30 +0100)