diff options
-rw-r--r-- | .gitlab-ci.yml | 3 | ||||
-rw-r--r-- | tests/dn2.c | 3 | ||||
-rw-r--r-- | tests/sign-is-secure.c | 11 |
3 files changed, 14 insertions, 3 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 020267b579..a14cebb9d0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -114,13 +114,14 @@ minimal.Fedora.x86_64: - tags retry: 1 +# This enables SSL3.0 and SHA-1 support SSL-3.0.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./bootstrap - mkdir -p build && cd build && - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-ssl3-support --disable-ssl2-support --disable-full-test-suite --enable-seccomp-tests --disable-doc --disable-guile && + dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --disable-ssl2-support --disable-full-test-suite --enable-seccomp-tests --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) - cd .. tags: diff --git a/tests/dn2.c b/tests/dn2.c index 8732939ac9..5c696f2301 100644 --- a/tests/dn2.c +++ b/tests/dn2.c @@ -89,6 +89,8 @@ void doit(void) if (ret < 0) fail("x509_crt_print %d\n", ret); +/* When allowing SHA1, the output is different: no broken! string */ +#ifndef ALLOW_SHA1 if (out.size != strlen(info) || strcasecmp((char *) out.data, info) != 0) { fprintf(stderr, "comparison fail (%d/%d)\nexpected: %s\n\n got: %.*s\n\n", @@ -96,6 +98,7 @@ void doit(void) out.data); fail("comparison failed\n"); } +#endif gnutls_x509_crt_deinit(cert); gnutls_global_deinit(); diff --git a/tests/sign-is-secure.c b/tests/sign-is-secure.c index 71446ee589..694fb143de 100644 --- a/tests/sign-is-secure.c +++ b/tests/sign-is-secure.c @@ -56,6 +56,7 @@ fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ } +#ifndef ALLOW_SHA1 #define CHECK_INSECURE_FOR_CERTS_SIG(sig) \ ret = gnutls_sign_is_secure2(sig, 0); \ if (ret == 0) { \ @@ -69,6 +70,9 @@ if (ret == 0) { \ fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ } +#else +#define CHECK_INSECURE_FOR_CERTS_SIG(sig) +#endif void doit(void) { @@ -83,8 +87,11 @@ void doit(void) CHECK_INSECURE_SIG(GNUTLS_SIGN_RSA_MD2); for (i=1;i<GNUTLS_SIGN_MAX;i++) { - if (i==GNUTLS_SIGN_RSA_SHA1||i==GNUTLS_SIGN_DSA_SHA1||i==GNUTLS_SIGN_ECDSA_SHA1|| - i==GNUTLS_SIGN_RSA_MD5||i==GNUTLS_SIGN_RSA_MD2||i==GNUTLS_SIGN_UNKNOWN) +#ifndef ALLOW_SHA1 + if (i==GNUTLS_SIGN_RSA_SHA1||i==GNUTLS_SIGN_DSA_SHA1||i==GNUTLS_SIGN_ECDSA_SHA1) + continue; +#endif + if (i==GNUTLS_SIGN_RSA_MD5||i==GNUTLS_SIGN_RSA_MD2||i==GNUTLS_SIGN_UNKNOWN) continue; /* skip any unused elements */ if (gnutls_sign_algorithm_get_name(i)==NULL) |