Allow SHA-1 in server tests, when the signature_algorithm extension is not used

2025-11-03 20:22:59 -05:00 · 2017-05-11 19:01:11 +02:00 · 2017-05-11 19:01:11 +02:00 · 682df09159
commit 682df09159
parent fd14bca6dc
1 changed files with 19 additions and 0 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -802,6 +802,24 @@ void term_handler( int sig )
 }
 #endif

+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static int ssl_sig_hashes_for_test[] = {
+#if defined(MBEDTLS_SHA512_C)
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+    /* Allow SHA-1 as we use it extensively in tests. */
+    MBEDTLS_MD_SHA1,
+#endif
+    MBEDTLS_MD_NONE
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
 int main( int argc, char *argv[] )
 {
    int ret = 0, len, written, frags, exchanges_left;
@ -1666,6 +1684,7 @@ int main( int argc, char *argv[] )
    {
        crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
        mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+        mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
    }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */