[gnutls-devel] GnuTLS | Priority Strings documentation - +% doesn't work (#856)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Oct 31 16:54:05 CET 2019




Philipp Marek commented on a discussion: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942

I've got a (server) certificate that is still using a sha1rsa signature. I need to allow that one.

So I tried 
- `NORMAL:+%VERIFY_ALLOW_BROKEN`, 
- `NORMAL:+%VERIFY_ALLOW_SIGN_WITH_SHA1`,
- `NORMAL:+VERIFY-RSA-SHA1`,
- `NORMAL:+VERIFY-RSA-SHA1`,
- `NORMAL:+CTYPE-RSA-SHA1`,
- `NORMAL:+%VERIFY_ALLOW_BROKEN`

all of which were rejected by an error (which the application didn't even report, grrr -- but which I saw via `gdb`).

The priority string `NORMAL:+SIGN-RSA-SHA1` was _not_ rejected, but didn't solve my problem (the application did try to connect at least)

I also tried `NORMAL:+CTYPE-RSA-SHA1` but didn't log the result.

So, it seems that the examples using `:+` and a simple cipher specification made me think that the same syntax is also valid for the special priority strings; I got corrected on IRC, though. (Thanks, rockdaboot[!)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/856#note_238499942
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191031/0da23c10/attachment.html>


More information about the Gnutls-devel mailing list