mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 04:55:33 +00:00
Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
While the whole script makes (often implicit) assumptions about the version of GnuTLS used, generally speaking it should work out of the box with the version packaged on our reference testing platform, which is Ubuntu 16.04 so far. With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting SHA-1 in certificate signatures were backported, so we should avoid presenting SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
This commit is contained in:
parent
32b6e6984d
commit
7006ca10d9
|
@ -5393,14 +5393,14 @@ run_test "Per-version suites: TLS 1.2" \
|
|||
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions, SHA-1 allowed" \
|
||||
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
|
||||
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
|
||||
"$P_SRV debug_level=3 allow_sha1=0" \
|
||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
|
Loading…
Reference in a new issue