diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2019-05-27 16:52:03 +0200 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2019-05-28 17:14:47 +0200 |
| commit | cd4c83b52423008391b50abcccf18a7d8fcce03b (patch) | |
| tree | 87263a680a3b00322d4cf31f036b34233e13126d /crypto/dsa | |
| parent | Configure: Remove extra warning and sanitizer options from CXXFLAGS (diff) | |
| download | openssl-cd4c83b52423008391b50abcccf18a7d8fcce03b.tar.xz openssl-cd4c83b52423008391b50abcccf18a7d8fcce03b.zip | |
The SHA256 is not a mandatory digest for DSA.
The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.
There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)
Diffstat (limited to 'crypto/dsa')
| -rw-r--r-- | crypto/dsa/dsa_ameth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 756ee7441d..ef6fc7632a 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -505,7 +505,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha256; - return 2; + return 1; default: return -2; |