]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Allow DSA2 even in protocols before TLS 1.2.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 9 Feb 2011 22:35:45 +0000 (23:35 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 9 Feb 2011 22:35:45 +0000 (23:35 +0100)
NEWS
lib/gnutls_sig.c

diff --git a/NEWS b/NEWS
index ba01bd7eac1d232b8f90fa39e6dc0fc5ab75e573..9faf22c1b2f290d1ef3551a36cec4ae849462a26 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ See the end for copying conditions.
 
 * Version 2.99.0 (unreleased)
 
+** libgnutls: SRP and PSK are no longer set on the default priorities. 
+They have to be explicitly set.
+
+** libgnutls: During handshake message verification using DSS
+use the hash algorithm required by it.
+
 ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION
 on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH.
 
index a4c3f20c4fdad1f3132a3c26ed7303e2b50cd21b..287865f73e46d944ed0786225d04755029d5f64a 100644 (file)
@@ -133,14 +133,6 @@ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
     { /* override */
       *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
 
-      if (!_gnutls_version_has_selectable_sighash (ver) && *hash_algo != GNUTLS_DIG_SHA1)
-        {
-          /* In TLS < 1.2 one cannot use anything but SHA1
-           */
-          gnutls_assert();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      
       ret = _gnutls_session_sign_algo_requested(session, _gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
       if (ret < 0)
         return gnutls_assert_val(ret);