rpms / libreswan

Clone
Source Code
GIT

Blame SOURCES/libreswan-3.32-1861360-nodefault-rsa-pss.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f208bec9a3a9fd573feecf4c70fbb2416d39aa44
  2.   SOURCES
  3.   libreswan-3.32-1861360-nodefault-rsa-pss.patch
Blob History Raw
e84ee2 
diff -Naur libreswan-3.32-orig/lib/libipsecconf/confread.c libreswan-3.32/lib/libipsecconf/confread.c
e84ee2 
--- libreswan-3.32-orig/lib/libipsecconf/confread.c	2020-07-28 20:25:54.618261606 -0400
e84ee2 
+++ libreswan-3.32/lib/libipsecconf/confread.c	2020-07-28 20:28:03.952421236 -0400
e84ee2 
@@ -1498,9 +1498,14 @@
e84ee2 
 			} else if (streq(val, "rsasig") || streq(val, "rsa")) {
e84ee2 
 				conn->policy |= POLICY_RSASIG;
e84ee2 
 				conn->policy |= POLICY_RSASIG_v1_5;
e84ee2 
+				/*
e84ee2 
+				 * These cause failure with RSA 1024 bits because it uses RSA-PSS
e84ee2 
+				 */
e84ee2 
+#if 0
e84ee2 
 				conn->sighash_policy |= POL_SIGHASH_SHA2_256;
e84ee2 
 				conn->sighash_policy |= POL_SIGHASH_SHA2_384;
e84ee2 
 				conn->sighash_policy |= POL_SIGHASH_SHA2_512;
e84ee2 
+#endif
e84ee2 
 			} else if (streq(val, "never")) {
e84ee2 
 				conn->policy |= POLICY_AUTH_NEVER;
e84ee2 
 			/* everything else is only supported for IKEv2 */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation