dnssec_sign_verify(): fix algorithms considered insecure (!1209) · Merge requests · Knot projects / Knot DNS

Vladimír Čunát requested to merge dnssec-fedora-33 into master Oct 28, 2020

Fedora 33 configures GnuTLS to consider some algorithms as insecure, so they don't get usable normally. However, some of them still MUST be supported in validators. Fortunately GnuTLS provides a flag for signature verification; signing itself remains broken (most likely; it's RSA_SHA1* in F33 case).

Tested on Knot Resolver + the full algorithm matrix.

Admin message

Admin message

dnssec_sign_verify(): fix algorithms considered insecure

Merge request reports