[gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Oct 31 16:54:05 CET 2019
Philipp Marek commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942
I've got a (server) certificate that is still using a sha1rsa signature. I need to allow that one.
So I tried
- `NORMAL:+%VERIFY_ALLOW_BROKEN`,
- `NORMAL:+%VERIFY_ALLOW_SIGN_WITH_SHA1`,
- `NORMAL:+VERIFY-RSA-SHA1`,
- `NORMAL:+VERIFY-RSA-SHA1`,
- `NORMAL:+CTYPE-RSA-SHA1`,
- `NORMAL:+%VERIFY_ALLOW_BROKEN`
all of which were rejected by an error (which the application didn't even report, grrr -- but which I saw via `gdb`).
The priority string `NORMAL:+SIGN-RSA-SHA1` was _not_ rejected, but didn't solve my problem (the application did try to connect at least)
I also tried `NORMAL:+CTYPE-RSA-SHA1` but didn't log the result.
So, it seems that the examples using `:+` and a simple cipher specification made me think that the same syntax is also valid for the special priority strings; I got corrected on IRC, though. (Thanks, rockdaboot[!)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191031/0da23c10/attachment.html>
More information about the Gnutls-devel
mailing list