Revert "Stop accepting certificates signed using SHA1 at security level 1"

This reverts commit 68436f0a8964e911eb4f864bc8b31d7ca4d29585.

The OMC did not vote in favour of backporting this to 1.1.1, so this
change should be reverted.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11282)

1 files changed, 4 insertions, 4 deletions

diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 5e5bc9ef1e..b80a1cde3e 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -336,14 +336,14 @@ ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cer
 ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
    "Name constraints nested DNS name excluded");
 
-ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"),
-    "Accept PSS signature using SHA1 at auth level 0");
+ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+    "Certificate PSS signature using SHA1");
 
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
     "CA with PSS signature using SHA256");
 
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
-    "Reject PSS signature using SHA1 and auth level 1");
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+    "Reject PSS signature using SHA1 and auth level 2");
 
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
     "PSS signature using SHA256 and auth level 2");