DKIM: under GnuTLS, permit weak algorithms

Recent versions of GnuTLS by default disallow use of some methods now regarded as weak. This probably mean sha1, which is deprecated per DKIM standards.
author: Jeremy Harris <jgh146exb@wizmail.org> 2021-05-28 20:04:44 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2021-06-03 23:44:31 +0100
commit: bfe754cbf74acf00b11d5051b1263f5dca32ede3 (patch)
tree: 9d8b0b87be9bff032452d8953bbf31f35d1812c6
parent: 8af4fd7e0f697d9585f013b9664f88d32131b5df (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f63ba449e..d818fc9df 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -219,7 +219,8 @@ else
     default:		return US"nonhandled hash type";
     }
 
-  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+	      GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
     ret = US gnutls_strerror(rc);
   }
author	Jeremy Harris <jgh146exb@wizmail.org>	2021-05-28 20:04:44 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2021-06-03 23:44:31 +0100
commit	bfe754cbf74acf00b11d5051b1263f5dca32ede3 (patch)
tree	9d8b0b87be9bff032452d8953bbf31f35d1812c6
parent	8af4fd7e0f697d9585f013b9664f88d32131b5df (diff)