commit 35db5bae2c0960c68416351b7756539b5a3bef6e
author Gilles Peskine <Gilles.Peskine@arm.com> Wed May 10 10:13:59 2017 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 19:08:23 2017 +0200
tree 21e4b42e140fa8645151cb9de55db96c02908877
parent ae765996868c3232206a16154a88a6509fca195c

Allow SHA-1 in test scripts

tests/compat.sh

diff --git a/tests/compat.sh b/tests/compat.sh
index a333a19..8b33890 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -815,6 +815,11 @@
             else
                 P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=none key_file=none"
             fi
+
+            # Allow SHA-1. It's disabled by default for security reasons but
+            # our tests still use certificates signed with it.
+            M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
+            M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
             ;;
 
         "PSK")
@@ -827,6 +832,11 @@
             P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
             O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
             G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
+
+            # Allow SHA-1. It's disabled by default for security reasons but
+            # our tests still use certificates signed with it.
+            M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
+            M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
             ;;
     esac
 }

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ca0a1f1..f498732 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -561,6 +561,10 @@
 G_SRV="$G_SRV -p $SRV_PORT"
 G_CLI="$G_CLI -p +SRV_PORT localhost"
 
+# Allow SHA-1, because many of our test certificates use it
+P_SRV="$P_SRV allow_sha1=1"
+P_CLI="$P_CLI allow_sha1=1"
+
 # Also pick a unique name for intermediate files
 SRV_OUT="srv_out.$$"
 CLI_OUT="cli_out.$$"