Skip to content
Permalink
Browse files

openssl11: The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.

There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from openssl/openssl#9015)

(cherry picked from commit cd4c83b52423008391b50abcccf18a7d8fcce03b)
  • Loading branch information...
t8m authored and themiron committed May 27, 2019
1 parent 4e91815 commit fbe92300362a438637b8be84b85880b8f627d153
Showing with 1 addition and 1 deletion.
  1. +1 −1 release/src/router/openssl-1.1.x/crypto/dsa/dsa_ameth.c
@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha256;
return 2;
return 1;

default:
return -2;

0 comments on commit fbe9230

Please sign in to comment.
You can’t perform that action at this time.