mirrors-yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls synced 2024-11-24 21:48:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix issue in testing SHA-1 compile-time option

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-08 17:51:08 +02:00
parent c44c3c288d
commit af63c21466
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
tests/ssl-opt.sh
View file

@ -122,6 +122,13 @@ requires_config_enabled() {
fi fi
} }
# skip next test if the flag is enabled in config.h
requires_config_disabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then
SKIP_NEXT="YES"
fi
}
# skip next test if OpenSSL doesn't support FALLBACK_SCSV # skip next test if OpenSSL doesn't support FALLBACK_SCSV
requires_openssl_with_fallback_scsv() { requires_openssl_with_fallback_scsv() {
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@ -714,12 +721,19 @@ run_test "RC4: both enabled" \
# Tests for SHA-1 support # Tests for SHA-1 support
requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
run_test "SHA-1 forbidden by default in server certificate" \ run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \ "$P_CLI debug_level=2 allow_sha1=0" \
1 \ 1 \
-c "The certificate is signed with an unacceptable hash" -c "The certificate is signed with an unacceptable hash"
requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \
0
run_test "SHA-1 explicitly allowed in server certificate" \ run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI allow_sha1=1" \ "$P_CLI allow_sha1=1" \
@ -730,12 +744,19 @@ run_test "SHA-256 allowed by default in server certificate" \
"$P_CLI allow_sha1=0" \ "$P_CLI allow_sha1=0" \
0 0
requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
run_test "SHA-1 forbidden by default in client certificate" \ run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \ "$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \ 1 \
-s "The certificate is signed with an unacceptable hash" -s "The certificate is signed with an unacceptable hash"
requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0
run_test "SHA-1 explicitly allowed in client certificate" \ run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV auth_mode=required allow_sha1=1" \ "$P_SRV auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \