rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

disable verification of certificate, CRL, and OCSP signatures using MD5

Browse Source 
if OPENSSL_ENABLE_MD5_VERIFY environment variable is not set
This commit is contained in:
Tomas Mraz 2013-11-13 20:06:28 +01:00
parent dcd0fb1ec9
commit 9caf868063
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
openssl-1.0.1e-no-md5-verify.patch Normal file
View File

@ -0,0 +1,25 @@
diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/a_verify.c 2013-11-13 16:30:04.628791616 +0100
@@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <time.h>
@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
goto err;
ret = -1;
}
+ else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
else
{
const EVP_MD *type;