unbound/contrib/patch_rsamd5_enable.diff
wouter 8964aebbfb - patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
otherwise it is treated as insecure.  The RSAMD5 algorithm is
  deprecated (RFC6725).  The MD5 hash is considered weak for some
  purposes, if you want to sign your zone, then RSASHA256 is an
  uncontested hash.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@2760 be551aaa-1e26-0410-a405-d3ace91eadb9
2012-09-17 13:15:12 +00:00

23 lines
542 B
Diff

Index: validator/val_secalgo.c
===================================================================
--- validator/val_secalgo.c (revision 2759)
+++ validator/val_secalgo.c (working copy)
@@ -153,7 +153,7 @@
switch(id) {
case LDNS_RSAMD5:
/* RFC 6725 deprecates RSAMD5 */
- return 0;
+ return 1;
case LDNS_DSA:
case LDNS_DSA_NSEC3:
case LDNS_RSASHA1:
@@ -617,7 +617,7 @@
switch(id) {
case LDNS_RSAMD5:
/* RFC 6725 deprecates RSAMD5 */
- return 0;
+ return 1;
case LDNS_DSA:
case LDNS_DSA_NSEC3:
case LDNS_RSASHA1: