diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 14:57:55 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:29 +0100 |
| commit | 962ef882031062866f6782078af17cf9701266da (patch) | |
| tree | 5468c098639efaa6014b136a82a1cf6414911702 /tests/tls-neg-ext4-key.c | |
| parent | c11835acafdb6e6ed75a81b4aaa11edb554df535 (diff) | |
| download | gnutls-962ef882031062866f6782078af17cf9701266da.tar.gz | |
Revert "priority: disable the enabled by default RSA-PSS signature algorithms"
This reverts commit ef44477127952c13e93d7ea88f7b549bf36602f5.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests/tls-neg-ext4-key.c')
| -rw-r--r-- | tests/tls-neg-ext4-key.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/tests/tls-neg-ext4-key.c b/tests/tls-neg-ext4-key.c index 1ee12d7ae4..b916294d3e 100644 --- a/tests/tls-neg-ext4-key.c +++ b/tests/tls-neg-ext4-key.c @@ -228,8 +228,7 @@ void try_with_key(const char *name, const char *client_prio, s_xcred); gnutls_priority_set_direct(server, - /*"NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519",*/ - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -388,8 +387,7 @@ static const test_st tests[] = { }, {.name = "rsa-pss-sign key", .pk = GNUTLS_PK_RSA_PSS, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", - /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", .cert = &server_ca3_rsa_pss2_cert, .key = &server_ca3_rsa_pss2_key, .sig = GNUTLS_SIGN_RSA_PSS_SHA256, @@ -397,8 +395,7 @@ static const test_st tests[] = { }, {.name = "rsa-pss cert, rsa-sign key", /* we expect the server to refuse negotiating */ .pk = GNUTLS_PK_RSA, - .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", - /*.prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2",*/ + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", .cert = &server_ca3_rsa_pss_cert, .key = &server_ca3_rsa_pss_key, .exp_kx = GNUTLS_KX_ECDHE_RSA, |