Allow SHA-1 in server tests, when the signature_algorithm extension is not used

This commit is contained in:
Gilles Peskine 2017-05-11 19:01:11 +02:00 committed by Manuel Pégourié-Gonnard
parent fd14bca6dc
commit 682df09159

View file

@ -802,6 +802,24 @@ void term_handler( int sig )
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static int ssl_sig_hashes_for_test[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
MBEDTLS_MD_SHA384,
#endif
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA224,
#endif
#if defined(MBEDTLS_SHA1_C)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_MD_SHA1,
#endif
MBEDTLS_MD_NONE
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
@ -1666,6 +1684,7 @@ int main( int argc, char *argv[] )
{
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */