From: Nikos Mavrogiannopoulos Date: Wed, 9 Feb 2011 22:35:45 +0000 (+0100) Subject: Allow DSA2 even in protocols before TLS 1.2. X-Git-Tag: gnutls_2_99_0~279 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2f736f2cb38c6804368b2570ffbbfc151d1a61d;p=thirdparty%2Fgnutls.git Allow DSA2 even in protocols before TLS 1.2. --- diff --git a/NEWS b/NEWS index ba01bd7eac..9faf22c1b2 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ See the end for copying conditions. * Version 2.99.0 (unreleased) +** libgnutls: SRP and PSK are no longer set on the default priorities. +They have to be explicitly set. + +** libgnutls: During handshake message verification using DSS +use the hash algorithm required by it. + ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index a4c3f20c4f..287865f73e 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -133,14 +133,6 @@ gnutls_protocol_t ver = gnutls_protocol_get_version (session); { /* override */ *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]); - if (!_gnutls_version_has_selectable_sighash (ver) && *hash_algo != GNUTLS_DIG_SHA1) - { - /* In TLS < 1.2 one cannot use anything but SHA1 - */ - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - ret = _gnutls_session_sign_algo_requested(session, _gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo)); if (ret < 0) return gnutls_assert_val(ret);