Revert "Stop accepting certificates signed using SHA1 at security level 1"

This reverts commit 68436f0a8964e911eb4f864bc8b31d7ca4d29585. The OMC did not vote in favour of backporting this to 1.1.1, so this change should be reverted. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
author: Matt Caswell <matt@openssl.org> 2020-03-09 09:05:27 +0000
committer: Matt Caswell <matt@openssl.org> 2020-03-11 14:56:05 +0000
commit: 63fa6f2e4ba7641fd5f10c70eaa0c3a4b42e124c (patch)
tree: cc72e2f7ac427de5ec93dfbad01b6a051721f814 /CHANGES
parent: 004f570821b1a92cbb733d8e03b54223231bfac3 (diff)
1 files changed, 0 insertions, 12 deletions
diff --git a/CHANGES b/CHANGES
index 7e348b078b..8c29dfae55 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,18 +21,6 @@
      resolve symbols with longer names.
      [Richard Levitte]
 
-  *) X509 certificates signed using SHA1 are no longer allowed at security
-     level 1 and above.
-     In TLS/SSL the default security level is 1. It can be set either
-     using the cipher string with @SECLEVEL, or calling
-     SSL_CTX_set_security_level(). If the leaf certificate is signed with SHA-1,
-     a call to SSL_CTX_use_certificate() will fail if the security level is not
-     lowered first.
-     Outside TLS/SSL, the default security level is -1 (effectively 0). It can
-     be set using X509_VERIFY_PARAM_set_auth_level() or using the -auth_level
-     options of the apps.
-     [Kurt Roeckx]
-
   *) Corrected the documentation of the return values from the EVP_DigestSign*
      set of functions.  The documentation mentioned negative values for some
      errors, but this was never the case, so the mention of negative values
author	Matt Caswell <matt@openssl.org>	2020-03-09 09:05:27 +0000
committer	Matt Caswell <matt@openssl.org>	2020-03-11 14:56:05 +0000
commit	63fa6f2e4ba7641fd5f10c70eaa0c3a4b42e124c (patch)
tree	cc72e2f7ac427de5ec93dfbad01b6a051721f814 /CHANGES
parent	004f570821b1a92cbb733d8e03b54223231bfac3 (diff)