[exim-cvs] DKIM: under GnuTLS, permit weak algorithms

Góra strony
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
Dla: exim-cvs
Temat: [exim-cvs] DKIM: under GnuTLS, permit weak algorithms
Gitweb: https://git.exim.org/exim.git/commitdiff/bfe754cbf74acf00b11d5051b1263f5dca32ede3
Commit:     bfe754cbf74acf00b11d5051b1263f5dca32ede3
Parent:     8af4fd7e0f697d9585f013b9664f88d32131b5df
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Fri May 28 20:04:44 2021 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Jun 3 23:44:31 2021 +0100


    DKIM: under GnuTLS, permit weak algorithms


    Recent versions of GnuTLS by default disallow use of some methods now regarded as
    weak.  This probably mean sha1, which is deprecated per DKIM standards.
---
 src/src/pdkim/signing.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f63ba44..d818fc9 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -219,7 +219,8 @@ else
     default:        return US"nonhandled hash type";
     }


-  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+          GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
     ret = US gnutls_strerror(rc);
   }