Allow SHA-1 in X.509 and TLS tests SHA-1 is now disabled by default in the X.509 layer. Explicitly enable it in our tests for now. Updating all the test data to SHA-256 should be done over time.

commit: ef86ab238fcbc186f324640bc264fd6f5f2123d1 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri May 05 18:59:02 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 18:44:13 2017 +0200
tree: acb396621949f25aa88fe86e6462a4393afe6e7b
parent: 750c353c5c828d27d077022f2c856fb13e6a5258 [diff] [blame]
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a1d71e1..bdaae31 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -411,6 +411,9 @@
 #endif
     const char *pers = "ssl_client2";
 
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#endif
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_ssl_context ssl;
@@ -1089,9 +1092,14 @@
     }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+    /* The default algorithms profile disables SHA-1, but our tests still
+       rely on it heavily. */
+    crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
+    mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+
     if( opt.debug_level > 0 )
         mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     if( opt.auth_mode != DFL_AUTH_MODE )
         mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
commit	ef86ab238fcbc186f324640bc264fd6f5f2123d1	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri May 05 18:59:02 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 18:44:13 2017 +0200
tree	acb396621949f25aa88fe86e6462a4393afe6e7b
parent	750c353c5c828d27d077022f2c856fb13e6a5258 [diff] [blame]