eden-emu/mbedtls
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow SHA-1 in X.509 and TLS tests

Browse source 
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
This commit is contained in:
Gilles Peskine 2017-05-05 18:59:02 +02:00 committed by Manuel Pégourié-Gonnard
parent 750c353c5c
commit ef86ab238f
4 changed files with 130 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

10
programs/ssl/ssl_client2.c
View file

@ -411,6 +411,9 @@ int main( int argc, char *argv[] )
#endif
const char *pers = "ssl_client2";
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
@ -1089,9 +1092,14 @@ int main( int argc, char *argv[] )
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/* The default algorithms profile disables SHA-1, but our tests still
rely on it heavily. */
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
if( opt.debug_level > 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
#endif
#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );