TKM can't verify such signatures so we'd fail in the authorize hook.
Skipping the algorithm identifier doesn't help if the peer uses
anything other than SHA-1, so config changes would be required.
goto deinit;
}
+ /* the authorize hook currently does not support RFC 7427 signature auth */
+ lib->settings->set_bool(lib->settings, "%s.signature_authentication", FALSE,
+ dmn_name);
+
/* make sure we log to the DAEMON facility by default */
lib->settings->set_int(lib->settings, "%s.syslog.daemon.default",
lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1,