diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-13 17:17:32 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-16 15:47:10 +0100 |
commit | f635cfee81c76ed2d5107c4f68793c8c73909b84 (patch) | |
tree | ec7ff83941276b00a4ea00bc415f61b3e8333d0f /tests/test-chains.h | |
parent | eb3650c4602ea9b92cfd084ef417bc7f6b89555c (diff) | |
download | gnutls-f635cfee81c76ed2d5107c4f68793c8c73909b84.tar.gz |
tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1
In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag
works when MD5 is present.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/test-chains.h')
-rw-r--r-- | tests/test-chains.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/test-chains.h b/tests/test-chains.h index d3580824a5..c825a455a1 100644 --- a/tests/test-chains.h +++ b/tests/test-chains.h @@ -2975,6 +2975,8 @@ static struct GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, { "rsa-md5 ok", mayfirst_chain, &mayfirst_chain[1], GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0, NULL}, + { "rsa-md5 ok - allow broken", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_BROKEN, 0, NULL}, { "v1ca fail", v1ca, &v1ca[2], GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, @@ -2996,9 +2998,12 @@ static struct { "v1ca expired", v1ca, &v1ca[2], GNUTLS_VERIFY_ALLOW_BROKEN, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID , NULL}, - { "v1ca ok", v1ca, &v1ca[2], + { "v1ca (sha1) ok - allow broken", v1ca, &v1ca[2], /* check GNUTLS_VERIFY_ALLOW_BROKEN */ GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL}, + { "v1ca (sha1) ok - allow sha1", v1ca, &v1ca[2], /* check GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 */ + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + 0, NULL}, { "v1ca2 expired", v1ca, &v1ca[2], GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, |