algorithms/sign: removed TLS identifiers for legacy algorithms

That is, for the MD5-using algorithms, as well as for the DSA2
signature algorithms that were never really used with TLS 1.2.

Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 84015fc2b318c73c483016ee612b29b45689a4e8..e7c225a795b1a6eb71b46d283ac4bf8ab3ee979c 100644 (file)
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -266,21 +266,21 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
         .id = GNUTLS_SIGN_DSA_SHA256,
         .pk = GNUTLS_PK_DSA,
         .hash = GNUTLS_DIG_SHA256,
-        .aid = {{4, 2}}},
+        .aid = TLS_SIGN_AID_UNKNOWN},
        {.name = "RSA-MD5",
         .oid = SIG_RSA_MD5_OID,
         .id = GNUTLS_SIGN_RSA_MD5,
         .pk = GNUTLS_PK_RSA,
         .hash = GNUTLS_DIG_MD5,
         .slevel = _INSECURE,
-        .aid = {{1, 1}}},
+        .aid = TLS_SIGN_AID_UNKNOWN},
        {.name = "RSA-MD5",
         .oid = "1.3.14.3.2.25",
         .id = GNUTLS_SIGN_RSA_MD5,
         .pk = GNUTLS_PK_RSA,
         .hash = GNUTLS_DIG_MD5,
         .slevel = _INSECURE,
-        .aid = {{1, 1}}},
+        .aid = TLS_SIGN_AID_UNKNOWN},
        {.name = "RSA-MD2",
         .oid = SIG_RSA_MD2_OID,
         .id = GNUTLS_SIGN_RSA_MD2,
@@ -318,14 +318,13 @@ static const gnutls_sign_entry_st sign_algorithms[] = {
         .id = GNUTLS_SIGN_DSA_SHA384,
         .pk = GNUTLS_PK_DSA,
         .hash = GNUTLS_DIG_SHA384,
-        .aid = {{5, 2}}},
+        .aid = TLS_SIGN_AID_UNKNOWN},
        {.name = "DSA-SHA512",
         .oid = SIG_DSA_SHA512_OID,
         .id = GNUTLS_SIGN_DSA_SHA512,
         .pk = GNUTLS_PK_DSA,
         .hash = GNUTLS_DIG_SHA512,
-        .aid = {{6, 2}}},
-
+        .aid = TLS_SIGN_AID_UNKNOWN},
 
        {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
 };