diff options
author | Bastien Nocera | 2017-09-15 16:00:09 +0200 |
---|---|---|
committer | Nikias Bassen | 2018-04-27 19:24:36 +0200 |
commit | 90d4399c93ad73871db02eec115f0ac7f6137213 (patch) | |
tree | 7c0b805d47f903d0a3b0a7549feadc016335f7ad | |
parent | f37b592788bffcb9a70d211aef8b1f84751114ca (diff) | |
download | libimobiledevice-90d4399c93ad73871db02eec115f0ac7f6137213.tar.gz libimobiledevice-90d4399c93ad73871db02eec115f0ac7f6137213.tar.bz2 |
userpref: [GnuTLS] Fix 3.6.0 SHA1 compatibility
Verification will fail if a special flag is not passed. Use
gnutls_x509_crt_sign2() instead of gnutls_x509_crt_sign() to make
sure that passing this flag works in 3.6.0 and stays working with
3.6.1.
-rw-r--r-- | common/userpref.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/common/userpref.c b/common/userpref.c index 3ae503a..f496fee 100644 --- a/common/userpref.c +++ b/common/userpref.c @@ -603,7 +603,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da gnutls_x509_crt_set_ca_status(root_cert, 1); gnutls_x509_crt_set_activation_time(root_cert, time(NULL)); gnutls_x509_crt_set_expiration_time(root_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); - gnutls_x509_crt_sign(root_cert, root_cert, root_privkey); + gnutls_x509_crt_sign2(root_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0); gnutls_x509_crt_set_key(host_cert, host_privkey); gnutls_x509_crt_set_serial(host_cert, "\x00", 1); @@ -612,7 +612,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da gnutls_x509_crt_set_key_usage(host_cert, GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_DIGITAL_SIGNATURE); gnutls_x509_crt_set_activation_time(host_cert, time(NULL)); gnutls_x509_crt_set_expiration_time(host_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); - gnutls_x509_crt_sign(host_cert, root_cert, root_privkey); + gnutls_x509_crt_sign2(host_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0); /* export to PEM format */ size_t root_key_export_size = 0; @@ -720,7 +720,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da } gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT); - gnutls_error = gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); + gnutls_error = gnutls_x509_crt_sign2(dev_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0); if (GNUTLS_E_SUCCESS == gnutls_error) { /* if everything went well, export in PEM format */ size_t export_size = 0; |