From 35db5bae2c0960c68416351b7756539b5a3bef6e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 10 May 2017 10:13:59 +0200 Subject: [PATCH] Allow SHA-1 in test scripts --- tests/compat.sh | 10 ++++++++++ tests/ssl-opt.sh | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index a333a1916..8b33890cd 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -815,6 +815,11 @@ setup_arguments() else P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none" fi + + # Allow SHA-1. It's disabled by default for security reasons but + # our tests still use certificates signed with it. + M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" + M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; "PSK") @@ -827,6 +832,11 @@ setup_arguments() P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none" O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" + + # Allow SHA-1. It's disabled by default for security reasons but + # our tests still use certificates signed with it. + M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1" + M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1" ;; esac } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ca0a1f1ff..f49873274 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -561,6 +561,10 @@ O_CLI="$O_CLI -connect localhost:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT localhost" +# Allow SHA-1, because many of our test certificates use it +P_SRV="$P_SRV allow_sha1=1" +P_CLI="$P_CLI allow_sha1=1" + # Also pick a unique name for intermediate files SRV_OUT="srv_out.$$" CLI_OUT="cli_out.$$"