X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in certificates by default, and one test case to validate that SHA-1 is supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
This commit is contained in:
parent
62469d95e2
commit
4fa6bed0c6
2 changed files with 10 additions and 1 deletions
|
@ -651,4 +651,9 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
|
||||
/* The test infrastructure requires a positive define */
|
||||
#define MBEDTLS_X509__DEFAULT_FORBID_SHA1
|
||||
#endif
|
||||
|
||||
#endif /* mbedtls_x509_crt.h */
|
||||
|
|
|
@ -431,8 +431,12 @@ X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in
|
|||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
|
||||
|
||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
|
||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL"
|
||||
|
||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_X509__DEFAULT_FORBID_SHA1
|
||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"default":"NULL"
|
||||
|
||||
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
||||
|
|
Loading…
Reference in a new issue