From dc7cbdfa65fd814b3b9aa3c56257da201109e807 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 5 Apr 2019 21:17:31 +0100 Subject: gentoo resync : 05.04.2019 --- dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch | 47 ++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch (limited to 'dev-libs/xmlsec/files') diff --git a/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch b/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch new file mode 100644 index 000000000000..2837420e0dc7 --- /dev/null +++ b/dev-libs/xmlsec/files/xmlsec-1.2.27-gnutls.patch @@ -0,0 +1,47 @@ +From 321e62add243cf8f024d6278da4c5ff030bae3b9 Mon Sep 17 00:00:00 2001 +From: Alon Bar-Lev +Date: Mon, 1 Apr 2019 01:28:18 +0300 +Subject: [PATCH] gnutls: allow SHA-1 signed certificate when not in strict + checks (#250) (#251) + +This is required for gnutls-3.6.x. + +Allow tests to use no strict checks until all certificates will be converted +to stronger signature than SHA-1. + +Signed-off-by: Alon Bar-Lev +--- + src/gnutls/x509vfy.c | 3 +++ + tests/testrun.sh | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c +index a9c956a3..4c753344 100644 +--- a/src/gnutls/x509vfy.c ++++ b/src/gnutls/x509vfy.c +@@ -295,6 +295,9 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) { + flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2; + flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; ++#if GNUTLS_VERSION_NUMBER >= 0x030600 ++ flags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1; ++#endif + } + + /* We are going to build all possible cert chains and try to verify them */ +diff --git a/tests/testrun.sh b/tests/testrun.sh +index 02484d09..ea65802b 100755 +--- a/tests/testrun.sh ++++ b/tests/testrun.sh +@@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then + elif [ "z$crypto" != "z" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" + fi +-xmlsec_params="$xmlsec_params --crypto-config $crypto_config" ++xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config" + + # + # Setup keys config +-- +2.21.0 + -- cgit v1.2.3