Hi, > After reading related discussion on openssl-users [1], I'm not so sure > if > we should be doing that at all... > > Especially I agree with this bit: > > "Making your code more complex is a far higher risk than a practical > certificate forgery based on a collision attack on SHA-1. " > > The only thing, that makes sense IMHO would be adding support for > setting > security level only for OpenSSL 1.1. > > [1] > http://openssl.6102.n7.nabble.com/Rejecting-SHA-1-certificates- > td71439.html <http://openssl.6102.n7.nabble.com/Rejecting-SHA-1- > certificates-td71439.html> > > > Same here actually. While it's trivial to implement with OpenSSL 1.1, it's > non- > trivial before, because there's no API to get the trusted chain AFAIK, so we > would indeed have to do this inside verify_callback. > Thanks for the responses and for the discussion link. With that, the situation is simplified a lot. This allows for a better conceived patch and there's obviously no strong reason to touch the stable branches.
Thanks. Anatol
