From bfe754cbf74acf00b11d5051b1263f5dca32ede3 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 28 May 2021 20:04:44 +0100
Subject: [PATCH] DKIM: under GnuTLS, permit weak algorithms

Recent versions of GnuTLS by default disallow use of some methods now regarded as
weak.  This probably mean sha1, which is deprecated per DKIM standards.
---
 src/src/pdkim/signing.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index f63ba449e..d818fc9df 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -219,7 +219,8 @@ else
     default:		return US"nonhandled hash type";
     }
 
-  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+	      GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
     ret = US gnutls_strerror(rc);
   }
 
-- 
2.30.2