X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fpdkim%2Fsigning.c;h=5f24e8030c77caac8ed29ba8700160eb95f24d4a;hb=8f0d0a3138e138ffa6bcc94c8378f5eb22573f0e;hp=b55bd9f5f5c70373463fee4fd2a706205997386c;hpb=a841a6eca79ff08b36f2225dcf89c1c162bb8777;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c
index b55bd9f5f..5f24e8030 100644
--- a/src/src/pdkim/signing.c
+++ b/src/src/pdkim/signing.c
@@ -1,7 +1,7 @@
 /*
  *  PDKIM - a RFC4871 (DKIM) implementation
  *
- *  Copyright (C) 1995 - 2018  Exim maintainers
+ *  Copyright (C) 1995 - 2020  Exim maintainers
  *
  *  signing/verification interface
  */
@@ -37,6 +37,10 @@ features_crypto(void)
 #ifdef SIGN_GNUTLS
 # define EXIM_GNUTLS_LIBRARY_LOG_LEVEL 3
 
+# ifndef GNUTLS_VERIFY_ALLOW_BROKEN
+#  define GNUTLS_VERIFY_ALLOW_BROKEN 0
+# endif
+
 
 /* Logging function which can be registered with
  *   gnutls_global_set_log_function()
@@ -219,7 +223,8 @@ else
     default:		return US"nonhandled hash type";
     }
 
-  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo, 0, &k, &s)) < 0)
+  if ((rc = gnutls_pubkey_verify_hash2(verify_ctx->key, algo,
+	      GNUTLS_VERIFY_ALLOW_BROKEN, &k, &s)) < 0)
     ret = US gnutls_strerror(rc);
   }