32 lines
1021 B
Diff
32 lines
1021 B
Diff
From 1dddaa3226fe1b71b68ec9665d93864a5ec69801 Mon Sep 17 00:00:00 2001
|
|
From: rpm-build <rpm-build>
|
|
Date: Mon, 9 Jan 2023 23:26:10 +0900
|
|
Subject: [PATCH] libreswan-3.32-1861360-nodefault-rsa-pss.patch
|
|
|
|
---
|
|
lib/libipsecconf/confread.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/lib/libipsecconf/confread.c b/lib/libipsecconf/confread.c
|
|
index 0444118..ec87646 100644
|
|
--- a/lib/libipsecconf/confread.c
|
|
+++ b/lib/libipsecconf/confread.c
|
|
@@ -1501,9 +1501,14 @@ static bool load_conn(struct starter_conn *conn,
|
|
hunk_streq(val, "rsa")) {
|
|
conn->authby.rsasig = true;
|
|
conn->authby.rsasig_v1_5 = true;
|
|
+ /*
|
|
+ * These cause failure with RSA 1024 bits because it uses RSA-PSS
|
|
+ */
|
|
+#if 0
|
|
conn->sighash_policy |= POL_SIGHASH_SHA2_256;
|
|
conn->sighash_policy |= POL_SIGHASH_SHA2_384;
|
|
conn->sighash_policy |= POL_SIGHASH_SHA2_512;
|
|
+#endif
|
|
} else if (hunk_streq(val, "never")) {
|
|
conn->authby.never = true;
|
|
/* everything else is only supported for IKEv2 */
|
|
--
|
|
2.39.0
|
|
|