Gitweb:
https://git.exim.org/exim.git/commitdiff/bfe754cbf74acf00b11d5051b1263f5dca32ede3
Commit: bfe754cbf74acf00b11d5051b1263f5dca32ede3
Parent: 8af4fd7e0f697d9585f013b9664f88d32131b5df
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Fri May 28 20:04:44 2021 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Jun 3 23:44:31 2021 +0100
DKIM: under GnuTLS, permit weak algorithms
Recent versions of GnuTLS by default disallow use of some methods now regarded as
weak. This probably mean sha1, which is deprecated per DKIM standards.
---
src/src/pdkim/signing.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f63ba44..d818fc9 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -219,7 +219,8 @@ else
default: return US"nonhandled hash type";
}
- if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+ if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+ GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
ret = US gnutls_strerror(rc);
}
