Merge pull request #4898 from mstarzyk-mobica/disable_defaults_sha1

Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES in 2.28
2025-07-30 22:43:08 +03:00 · 2021-09-14 11:10:30 +02:00
parent 2079aa7838 7d13539d1b
commit 394b9f2d2c
7 changed files with 12 additions and 55 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -95,10 +95,6 @@ typedef struct {
 * concerns. */
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
 {
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
-    /* Allow SHA-1 (weak, but still safe in controlled environments) */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
-#endif
    /* Only SHA-2 hashes */
    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |