libreswan/libreswan-3.32-1861360-nodefault-rsa-pss.patch

32 lines
1021 B
Diff
Raw Normal View History

From 1dddaa3226fe1b71b68ec9665d93864a5ec69801 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 9 Jan 2023 23:26:10 +0900
Subject: [PATCH] libreswan-3.32-1861360-nodefault-rsa-pss.patch
---
lib/libipsecconf/confread.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
index 0444118..ec87646 100644
--- a/lib/libipsecconf/confread.c
+++ b/lib/libipsecconf/confread.c
@@ -1501,9 +1501,14 @@ static bool load_conn(struct starter_conn *conn,
hunk_streq(val, "rsa")) {
conn->authby.rsasig = true;
conn->authby.rsasig_v1_5 = true;
+ /*
+ * These cause failure with RSA 1024 bits because it uses RSA-PSS
+ */
+#if 0
conn->sighash_policy |= POL_SIGHASH_SHA2_256;
conn->sighash_policy |= POL_SIGHASH_SHA2_384;
conn->sighash_policy |= POL_SIGHASH_SHA2_512;
+#endif
} else if (hunk_streq(val, "never")) {
conn->authby.never = true;
/* everything else is only supported for IKEv2 */
--
2.39.0