|
 |
708b34 |
From 0994996671d98b67d576ebe4a7b1314a61411066 Mon Sep 17 00:00:00 2001
|
|
|
708b34 |
From: Bastien Nocera <hadess@hadess.net>
|
|
|
708b34 |
Date: Fri, 15 Sep 2017 16:00:09 +0200
|
|
|
708b34 |
Subject: [PATCH 1/2] userpref: [GnuTLS] Fix 3.6.0 SHA1 compatibility
|
|
|
708b34 |
|
|
|
708b34 |
Verification will fail if a special flag is not passed. Use
|
|
|
708b34 |
gnutls_x509_crt_sign2() instead of gnutls_x509_crt_sign() to make
|
|
|
708b34 |
sure that passing this flag works in 3.6.0 and stays working with
|
|
|
708b34 |
3.6.1.
|
|
|
708b34 |
---
|
|
|
708b34 |
common/userpref.c | 6 +++---
|
|
|
708b34 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
708b34 |
|
|
|
708b34 |
diff --git a/common/userpref.c b/common/userpref.c
|
|
|
708b34 |
index 3ae503a..f496fee 100644
|
|
|
708b34 |
--- a/common/userpref.c
|
|
|
708b34 |
+++ b/common/userpref.c
|
|
|
708b34 |
@@ -603,7 +603,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
|
|
|
708b34 |
gnutls_x509_crt_set_ca_status(root_cert, 1);
|
|
|
708b34 |
gnutls_x509_crt_set_activation_time(root_cert, time(NULL));
|
|
|
708b34 |
gnutls_x509_crt_set_expiration_time(root_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
|
|
|
708b34 |
- gnutls_x509_crt_sign(root_cert, root_cert, root_privkey);
|
|
|
708b34 |
+ gnutls_x509_crt_sign2(root_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
|
|
|
708b34 |
|
|
|
708b34 |
gnutls_x509_crt_set_key(host_cert, host_privkey);
|
|
|
708b34 |
gnutls_x509_crt_set_serial(host_cert, "\x00", 1);
|
|
|
708b34 |
@@ -612,7 +612,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
|
|
|
708b34 |
gnutls_x509_crt_set_key_usage(host_cert, GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_DIGITAL_SIGNATURE);
|
|
|
708b34 |
gnutls_x509_crt_set_activation_time(host_cert, time(NULL));
|
|
|
708b34 |
gnutls_x509_crt_set_expiration_time(host_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
|
|
|
708b34 |
- gnutls_x509_crt_sign(host_cert, root_cert, root_privkey);
|
|
|
708b34 |
+ gnutls_x509_crt_sign2(host_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
|
|
|
708b34 |
|
|
|
708b34 |
/* export to PEM format */
|
|
|
708b34 |
size_t root_key_export_size = 0;
|
|
|
708b34 |
@@ -720,7 +720,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
|
|
|
708b34 |
}
|
|
|
708b34 |
|
|
|
708b34 |
gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT);
|
|
|
708b34 |
- gnutls_error = gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
|
|
|
708b34 |
+ gnutls_error = gnutls_x509_crt_sign2(dev_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
|
|
|
708b34 |
if (GNUTLS_E_SUCCESS == gnutls_error) {
|
|
|
708b34 |
/* if everything went well, export in PEM format */
|
|
|
708b34 |
size_t export_size = 0;
|
|
|
708b34 |
--
|
|
|
708b34 |
2.14.1
|
|
|
708b34 |
|