mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- disable RSAMD5 if in FIPS mode (when compiled with openssl).
git-svn-id: file:///svn/unbound/trunk@2701 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
b9ed797a22
commit
98b6f90637
2 changed files with 7 additions and 1 deletions
|
|
@ -1,3 +1,6 @@
|
||||||
|
25 June 2012: Wouter
|
||||||
|
- disable RSAMD5 if in FIPS mode (when compiled with openssl).
|
||||||
|
|
||||||
22 June 2012: Wouter
|
22 June 2012: Wouter
|
||||||
- implement DS records, NSEC3 and ECDSA for compile with libnss.
|
- implement DS records, NSEC3 and ECDSA for compile with libnss.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -150,11 +150,14 @@ int
|
||||||
dnskey_algo_id_is_supported(int id)
|
dnskey_algo_id_is_supported(int id)
|
||||||
{
|
{
|
||||||
switch(id) {
|
switch(id) {
|
||||||
|
case LDNS_RSAMD5:
|
||||||
|
/* openssl can return if the system is in FIPS mode,
|
||||||
|
* which does not allow MD5 hashes for network traffic */
|
||||||
|
return !FIPS_mode();
|
||||||
case LDNS_DSA:
|
case LDNS_DSA:
|
||||||
case LDNS_DSA_NSEC3:
|
case LDNS_DSA_NSEC3:
|
||||||
case LDNS_RSASHA1:
|
case LDNS_RSASHA1:
|
||||||
case LDNS_RSASHA1_NSEC3:
|
case LDNS_RSASHA1_NSEC3:
|
||||||
case LDNS_RSAMD5:
|
|
||||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||||
case LDNS_RSASHA256:
|
case LDNS_RSASHA256:
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue