.gitlab-ci.yml: enable run with SHA-1 enabled

This adds a CI run with SHA-1 enabled, and corrects issues in the
testsuite when that's the case.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 12 insertions, 2 deletions

diff --git a/tests/dn2.c b/tests/dn2.c
index 8732939ac9..5c696f2301 100644
--- a/tests/dn2.c
+++ b/tests/dn2.c
@@ -89,6 +89,8 @@ void doit(void)
 	if (ret < 0)
 		fail("x509_crt_print %d\n", ret);
 
+/* When allowing SHA1, the output is different: no broken! string */
+#ifndef ALLOW_SHA1
 	if (out.size != strlen(info) ||
 	    strcasecmp((char *) out.data, info) != 0) {
 		fprintf(stderr, "comparison fail (%d/%d)\nexpected: %s\n\n   got: %.*s\n\n",
@@ -96,6 +98,7 @@ void doit(void)
 		     out.data);
 		fail("comparison failed\n");
 	}
+#endif
 
 	gnutls_x509_crt_deinit(cert);
 	gnutls_global_deinit();
diff --git a/tests/sign-is-secure.c b/tests/sign-is-secure.c
index 71446ee589..694fb143de 100644
--- a/tests/sign-is-secure.c
+++ b/tests/sign-is-secure.c
@@ -56,6 +56,7 @@
 		fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \
 	}
 
+#ifndef ALLOW_SHA1
 #define CHECK_INSECURE_FOR_CERTS_SIG(sig) \
 	ret = gnutls_sign_is_secure2(sig, 0); \
 	if (ret == 0) { \
@@ -69,6 +70,9 @@
 	if (ret == 0) { \
 		fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \
 	}
+#else
+#define CHECK_INSECURE_FOR_CERTS_SIG(sig)
+#endif
 
 void doit(void)
 {
@@ -83,8 +87,11 @@ void doit(void)
 	CHECK_INSECURE_SIG(GNUTLS_SIGN_RSA_MD2);
 
 	for (i=1;i<GNUTLS_SIGN_MAX;i++) {
-		if (i==GNUTLS_SIGN_RSA_SHA1||i==GNUTLS_SIGN_DSA_SHA1||i==GNUTLS_SIGN_ECDSA_SHA1||
-		    i==GNUTLS_SIGN_RSA_MD5||i==GNUTLS_SIGN_RSA_MD2||i==GNUTLS_SIGN_UNKNOWN)
+#ifndef ALLOW_SHA1
+		if (i==GNUTLS_SIGN_RSA_SHA1||i==GNUTLS_SIGN_DSA_SHA1||i==GNUTLS_SIGN_ECDSA_SHA1)
+			continue;
+#endif
+		if (i==GNUTLS_SIGN_RSA_MD5||i==GNUTLS_SIGN_RSA_MD2||i==GNUTLS_SIGN_UNKNOWN)
 			continue;
 		/* skip any unused elements */
 		if (gnutls_sign_algorithm_get_name(i)==NULL)