From 401a89359e1fcff59218ae2a05a5e9f3a603d915 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sun, 10 Aug 2014 15:00:27 +0100
Subject: Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)

---
 src/src/dane-openssl.c | 4 ++--
 src/src/tls-openssl.c  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 4f90caa4a..aab32cabd 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -859,7 +859,7 @@ X509 *cert = ctx->cert;             /* XXX: accessor? */
 int matched = 0;
 int chain_length = sk_X509_num(ctx->chain);
 
-DEBUG(D_tls) debug_printf("Dane library verify_chain fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify_chain\n");
 
 issuer_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_ISSUER];
 leaf_rrs = dane->selectors[SSL_DANE_USAGE_LIMIT_LEAF];
@@ -952,7 +952,7 @@ int (*cb)(int, X509_STORE_CTX *) = ctx->verify_cb;
 int matched;
 X509 *cert = ctx->cert;             /* XXX: accessor? */
 
-DEBUG(D_tls) debug_printf("Dane library verify_cert fn called\n");
+DEBUG(D_tls) debug_printf("Dane verify_cert\n");
 
 if(ssl_idx < 0)
   ssl_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 70ac63f16..001403494 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1796,8 +1796,8 @@ if (dane)
       {
       default: /* log bad */ return FAIL;
       case 0:	mdname = NULL; break;
-      case 1:	mdname = "SHA2-256"; break;
-      case 2:	mdname = "SHA2-512"; break;
+      case 1:	mdname = "sha256"; break;
+      case 2:	mdname = "sha512"; break;
       }
 
     switch (DANESSL_add_tlsa(client_ssl,
-- 
cgit v1.2.3