parent
8321c52b3b
commit
418c1e3e94
@ -1 +1 @@
|
|||||||
722442f6afac60d4d6dce2c43752717a4d396d84 SOURCES/dotnet-v6.0.127.tar.gz
|
c649ed6290120976258e02ab5bab39e37f565b86 SOURCES/dotnet-v6.0.128.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
SOURCES/dotnet-v6.0.127.tar.gz
|
SOURCES/dotnet-v6.0.128.tar.gz
|
||||||
|
@ -0,0 +1,34 @@
|
|||||||
|
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tom Deseyn <tom.deseyn@gmail.com>
|
||||||
|
Date: Wed, 28 Feb 2024 14:08:15 +0100
|
||||||
|
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
|
||||||
|
|
||||||
|
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
|
||||||
|
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
|
||||||
|
with a chain where the last certificate uses a SHA-1 signature.
|
||||||
|
|
||||||
|
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
|
||||||
|
OpenSSL behavior for certificate validation.
|
||||||
|
---
|
||||||
|
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
|
||||||
|
1 file changed, 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
|
||||||
|
index 04c6ba06cd..2cd3413dae 100644
|
||||||
|
--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
|
||||||
|
+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
|
||||||
|
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
|
||||||
|
{
|
||||||
|
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
|
||||||
|
|
||||||
|
- if (val != 0)
|
||||||
|
- {
|
||||||
|
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return val;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.43.2
|
||||||
|
|
Loading…
Reference in new issue