From 68436f0a8964e911eb4f864bc8b31d7ca4d29585 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Thu, 2 Jan 2020 23:25:27 +0100 Subject: Stop accepting certificates signed using SHA1 at security level 1 Reviewed-by: Viktor Dukhovni GH: #10786 (cherry picked from commit b744f915ca8bb37631909728dd2529289bda8438) --- test/recipes/25-test_verify.t | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index b80a1cde3e..5e5bc9ef1e 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -336,14 +336,14 @@ ok(!verify("badalt9-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cer ok(!verify("badalt10-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), "Name constraints nested DNS name excluded"); -ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], ), - "Certificate PSS signature using SHA1"); +ok(verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "0"), + "Accept PSS signature using SHA1 at auth level 0"); ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), "CA with PSS signature using SHA256"); -ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), - "Reject PSS signature using SHA1 and auth level 2"); +ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "1"), + "Reject PSS signature using SHA1 and auth level 1"); ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), "PSS signature using SHA256 and auth level 2"); -- cgit v1.2.3