From 3c8939c55d0b1a4fefa8172f6d3c2a41744d902d Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Wed, 22 May 2024 11:19:19 +0900
Subject: [PATCH] sha1 is only enabled when user intentionally enables
 NO_SHA1_SOFT_DISABLE

---
 src/internal.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index e94285029..ca57e6579 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13490,7 +13490,8 @@ static int PrepareUserAuthRequestPublicKey(WOLFSSH* ssh, word32* payloadSz,
         #ifndef WOLFSSH_NO_RSA_SHA2_256
             algoId[algoIdSz++] = ID_RSA_SHA2_256;
         #endif
-        #ifndef WOLFSSH_NO_SSH_RSA_SHA1
+        #if !defined(WOLFSSH_NO_SSH_RSA_SHA1) \
+            && defined(WOLFSSH_NO_SHA1_SOFT_DISABLE)
             algoId[algoIdSz++] = ID_SSH_RSA;
         #endif
         }