]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42cd76b)
x509 output: don't warn about insecure algorithm when unknown
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 9 Apr 2016 11:31:54 +0000 (13:31 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 9 Apr 2016 11:40:24 +0000 (13:40 +0200)
lib/x509/ocsp_output.c patch | blob | blame | history
lib/x509/output.c patch | blob | blame | history

diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index 16381fe7bdeb57579ceebdd7dd9b20ee85113b34..7dbd4bde9a75e3cae336797699e5e23fc002532d 100644 (file)
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -530,7 +530,7 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp,
                                name = _("unknown");
                        addf(str, _("\tSignature Algorithm: %s\n"), name);
                }
-               if (gnutls_sign_is_secure(ret) == 0) {
+               if (ret != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(ret) == 0) {
                        adds(str,
                             _("warning: signed using a broken signature "
                               "algorithm that can be forged.\n"));
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 29a94df867c73b73dfb879274ed1f5540b07dd4b..cf72019bc2ecb886a61d73d1aec939dfb046debd 100644 (file)
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1453,7 +1453,7 @@ print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
                                name = _("unknown");
                        addf(str, _("\tSignature Algorithm: %s\n"), name);
                }
-               if (gnutls_sign_is_secure(err) == 0) {
+               if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) {
                        adds(str,
                             _("warning: signed using a broken signature "
                               "algorithm that can be forged.\n"));
@@ -2095,7 +2095,7 @@ print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
                                name = _("unknown");
                        addf(str, _("\tSignature Algorithm: %s\n"), name);
                }
-               if (gnutls_sign_is_secure(err) == 0) {
+               if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure(err) == 0) {
                        adds(str,
                             _("warning: signed using a broken signature "
                               "algorithm that can be forged.\n"));
Mirror of https://gitlab.com/gnutls/gnutls.git