mbedtls: Re-allow SHA1-signed certificates

[openwrt/openwrt.git] / package / libs / mbedtls / patches / 200-config.patch

diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index 39de3cc1eca1f4d874af54f36cdc7e16f86dd321..fb5a74fc65b5b1258fe483eb6ce0202569796697 100644 (file)
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -269,3 +269,12 @@
  
  /* \} name SECTION: mbed TLS modules */
  
+@@ -2646,7 +2646,7 @@
+  * recommended because of it is possible to generte SHA-1 collisions, however
+  * this may be safe for legacy infrastructure where additional controls apply.
+  */
+-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+ 
+ /**
+  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake