diff options
Diffstat (limited to '')
-rw-r--r-- | distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch deleted file mode 100644 index cbc5aa2..0000000 --- a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: Daniel Salzman <daniel.salzman@nic.cz> -Date: Mon, 20 Mar 2023 14:57:54 +0100 -Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation - -diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c -index 5610865f6..555c495d9 100644 ---- a/src/libknot/quic/quic.c -+++ b/src/libknot/quic/quic.c -@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size, - goto error; - } - -- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size); -+ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size); - if (ret != GNUTLS_E_SUCCESS) { - gnutls_x509_crt_deinit(cert); - goto error; -diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c -index 245dd3f96..6a2e7a986 100644 ---- a/src/utils/common/tls.c -+++ b/src/utils/common/tls.c -@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) - - uint8_t cert_pin[CERT_PIN_LEN] = { 0 }; - size_t cert_pin_size = sizeof(cert_pin); -- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, -+ ret = gnutls_x509_crt_get_key_id(cert, 0, - cert_pin, &cert_pin_size); - if (ret != 0) { - gnutls_x509_crt_deinit(cert); -@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins) - } - - // Check if correspond to a specified PIN. -- bool match = check_pin(cert_pin, sizeof(cert_pin), pins); -+ bool match = check_pin(cert_pin, cert_pin_size, pins); - if (match) { - matches++; - } - - uint8_t *txt_pin; -- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin); -+ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin); - if (ret < 0) { - gnutls_x509_crt_deinit(cert); - return ret; - } -- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); -+ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : ""); - free(txt_pin); - - gnutls_x509_crt_deinit(cert); -diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c -index 359b8b596..8fd33b011 100644 ---- a/src/utils/kdig/kdig_params.c -+++ b/src/utils/kdig/kdig_params.c -@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query) - if (ret < 0) { - ERR("invalid +tls-pin=%s", arg); - return ret; -- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value. -- ERR("invalid sha256 hash length +tls-pin=%s", arg); -+ } else if (ret != 20) { // Check for 256-bit value. -+ ERR("invalid sha1 hash length +tls-pin=%s", arg); - return KNOT_EINVAL; - } - |