diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-12-19 09:37:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-19 20:13:47 +0100 |
commit | 1abb4298398ec6a942dc77384a19b3e3a2392341 (patch) | |
tree | 535697628d8d8745d51ab70cbfbb56ee9bbb2112 /tests/Makefile.am | |
parent | 88b3fb2978558eb319eebdf776ac60884359a573 (diff) | |
download | gnutls-1abb4298398ec6a942dc77384a19b3e3a2392341.tar.gz |
_gnutls_verify_crt_status: apply algorithm checks to trusted CAs
If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected
level. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise.
Resolves: #877
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/Makefile.am')
-rw-r--r-- | tests/Makefile.am | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 2e46290410..74c74b93d0 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -38,7 +38,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \ certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ certs/rawpk_priv.pem certs/rawpk_pub.pem \ - certs/ed25519.pem certs/cert-ed25519.pem \ + certs/ed25519.pem certs/cert-ed25519.pem certs/rsa-512.pem \ system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \ starttls-lmtp.txt starttls-pop3.txt starttls-xmpp.txt starttls-nntp.txt starttls-sieve.txt \ @@ -502,7 +502,8 @@ dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh start ocsp-tests/ocsp-test cipher-listings.sh sni-hostname.sh server-multi-keys.sh \ psktool.sh ocsp-tests/ocsp-load-chain gnutls-cli-save-data.sh gnutls-cli-debug.sh \ sni-resume.sh ocsp-tests/ocsptool cert-reencoding.sh pkcs7-cat.sh long-crl.sh \ - serv-udp.sh logfile-option.sh gnutls-cli-resume.sh profile-tests.sh + serv-udp.sh logfile-option.sh gnutls-cli-resume.sh profile-tests.sh \ + server-weak-keys.sh if !DISABLE_SYSTEM_CONFIG dist_check_SCRIPTS += system-override-sig-hash.sh system-override-versions.sh system-override-invalid.sh \ |