diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2019-05-27 16:52:03 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2019-05-28 17:22:14 +0200 |
commit | 871c675b8592261abb7de294b40f2c6f7311fa58 (patch) | |
tree | f274104e92279bee9089be9a2e5a40075a5b0cc7 | |
parent | b29cd8b57f0764c413e40b42f077a2de74b87f13 (diff) |
The SHA256 is not a mandatory digest for DSA.
The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.
There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)
(cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 9c5b8aa02e..c82e3bdd05 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2; |