summaryrefslogtreecommitdiffstats
path: root/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch67
1 files changed, 0 insertions, 67 deletions
diff --git a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch b/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
deleted file mode 100644
index cbc5aa2..0000000
--- a/distro/pkg/el-7/02-fix-compilation-by-using-SHA-1.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Daniel Salzman <daniel.salzman@nic.cz>
-Date: Mon, 20 Mar 2023 14:57:54 +0100
-Subject: [PATCH] distro/el-7: fix compilation by using SHA-1 for PIN computation
-
-diff --git a/src/libknot/quic/quic.c b/src/libknot/quic/quic.c
-index 5610865f6..555c495d9 100644
---- a/src/libknot/quic/quic.c
-+++ b/src/libknot/quic/quic.c
-@@ -460,7 +460,7 @@ void knot_quic_conn_pin(knot_quic_conn_t *conn, uint8_t *pin, size_t *pin_size,
- goto error;
- }
-
-- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, pin, pin_size);
-+ ret = gnutls_x509_crt_get_key_id(cert, 0, pin, pin_size);
- if (ret != GNUTLS_E_SUCCESS) {
- gnutls_x509_crt_deinit(cert);
- goto error;
-diff --git a/src/utils/common/tls.c b/src/utils/common/tls.c
-index 245dd3f96..6a2e7a986 100644
---- a/src/utils/common/tls.c
-+++ b/src/utils/common/tls.c
-@@ -328,7 +328,7 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
-
- uint8_t cert_pin[CERT_PIN_LEN] = { 0 };
- size_t cert_pin_size = sizeof(cert_pin);
-- ret = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
-+ ret = gnutls_x509_crt_get_key_id(cert, 0,
- cert_pin, &cert_pin_size);
- if (ret != 0) {
- gnutls_x509_crt_deinit(cert);
-@@ -336,18 +336,18 @@ static int check_certificates(gnutls_session_t session, const list_t *pins)
- }
-
- // Check if correspond to a specified PIN.
-- bool match = check_pin(cert_pin, sizeof(cert_pin), pins);
-+ bool match = check_pin(cert_pin, cert_pin_size, pins);
- if (match) {
- matches++;
- }
-
- uint8_t *txt_pin;
-- ret = knot_base64_encode_alloc(cert_pin, sizeof(cert_pin), &txt_pin);
-+ ret = knot_base64_encode_alloc(cert_pin, cert_pin_size, &txt_pin);
- if (ret < 0) {
- gnutls_x509_crt_deinit(cert);
- return ret;
- }
-- DBG(" SHA-256 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
-+ DBG(" SHA-1 PIN: %.*s%s", ret, txt_pin, match ? ", MATCH" : "");
- free(txt_pin);
-
- gnutls_x509_crt_deinit(cert);
-diff --git a/src/utils/kdig/kdig_params.c b/src/utils/kdig/kdig_params.c
-index 359b8b596..8fd33b011 100644
---- a/src/utils/kdig/kdig_params.c
-+++ b/src/utils/kdig/kdig_params.c
-@@ -707,8 +707,8 @@ static int opt_tls_pin(const char *arg, void *query)
- if (ret < 0) {
- ERR("invalid +tls-pin=%s", arg);
- return ret;
-- } else if (ret != CERT_PIN_LEN) { // Check for 256-bit value.
-- ERR("invalid sha256 hash length +tls-pin=%s", arg);
-+ } else if (ret != 20) { // Check for 256-bit value.
-+ ERR("invalid sha1 hash length +tls-pin=%s", arg);
- return KNOT_EINVAL;
- }
-