DKIM: under GnuTLS, permit weak algorithms

Recent versions of GnuTLS by default disallow use of some methods now regarded as
weak.  This probably mean sha1, which is deprecated per DKIM standards.

diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f63ba449eff1fbbbd6b87a5905697d274af70d9f..d818fc9df0de02272b656eb7beeed0c4261145d1 100644 (file)
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -219,7 +219,8 @@ else
     default:           return US"nonhandled hash type";
     }
 
     default:           return US"nonhandled hash type";
     }
 

-  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+             GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)

     ret = US gnutls_strerror(rc);
   }
 
     ret = US gnutls_strerror(rc);
   }