mbedtls

yuzu-emu/mbedtls

Fork 0

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-24 02:45:39 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Gilles Peskine	74243ee878	Regenerate server2-sha256.crt with a PrintableString issuer server2-sha256.crt had the issuer ON and CN encoded as UTF8String, but the corresponding CA certificate test-ca_cat12.crt had them encoded as PrintableString. The strings matched, which is sufficient according to RFC 5280 §7.1 and RFC 4518 §2.1. However, GnuTLS 3.4.10 requires the strings to have the same encoding, so it did not accept that the UTF8String "PolarSSL Test CA" certificate was signed by the PrintableString "PolarSSL Test CA" CA. Since Mbed TLS 2.14 (specifically `ebc1f40aa0` merged via https://github.com/ARMmbed/mbedtls/pull/1641), server2-sha256.crt is generated by Mbed TLS's own cert_write program, which emits a PrintableString. In older versions, this file was generated by OpenSSL, which started emitting UTF8String at some point. `4f928c0f37` merged via https://github.com/ARMmbed/mbedtls/pull/2418 fixed this for the SHA-1 certificate which was used at the time. The present commit applies the same fix for the SHA-256 certificate that is now in use. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-08-21 19:15:51 +02:00
Ron Eldor	3936a0296d	Update certificates to expire in 2029 Update certificates that expire on 2021, to prolong their validity, to make tests pass three years ahead.	2019-07-10 17:23:06 +03:00
Gilles Peskine	bc70a1836b	Test that SHA-1 defaults off Added tests to validate that certificates signed using SHA-1 are rejected by default, but accepted if SHA-1 is explicitly enabled.	2017-06-06 18:44:14 +02:00

Gilles Peskine

74243ee878

Regenerate server2-sha256.crt with a PrintableString issuer

server2-sha256.crt had the issuer ON and CN encoded as UTF8String, but the
corresponding CA certificate test-ca_cat12.crt had them encoded as
PrintableString. The strings matched, which is sufficient according to RFC
5280 §7.1 and RFC 4518 §2.1. However, GnuTLS 3.4.10 requires the strings to
have the same encoding, so it did not accept that the
UTF8String "PolarSSL Test CA" certificate was signed by the
PrintableString "PolarSSL Test CA" CA.

Since Mbed TLS 2.14 (specifically ebc1f40aa0
merged via https://github.com/ARMmbed/mbedtls/pull/1641), server2-sha256.crt
is generated by Mbed TLS's own cert_write program, which emits a
PrintableString. In older versions, this file was generated by OpenSSL,
which started emitting UTF8String at some point.
4f928c0f37 merged via
https://github.com/ARMmbed/mbedtls/pull/2418 fixed this for the SHA-1
certificate which was used at the time. The present commit applies the same
fix for the SHA-256 certificate that is now in use.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

2020-08-21 19:15:51 +02:00

Ron Eldor

3936a0296d

Update certificates to expire in 2029

Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.

2019-07-10 17:23:06 +03:00

Gilles Peskine

bc70a1836b

Test that SHA-1 defaults off

Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.

2017-06-06 18:44:14 +02:00

3 Commits