Allow SHA-1 in SSL renegotiation tests In the TLS test client, allow SHA-1 as a signature hash algorithm. Without this, the renegotation tests failed. A previous commit had allowed SHA-1 via the certificate profile but that only applied before the initial negotiation which includes the signature_algorithms extension.

commit: cd3c8451578d7a6ca14b7db92670b2f2750ea4dc [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue May 09 14:57:45 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 18:44:13 2017 +0200
tree: f550fca7ef15da3db74a0415bf3719dc01591b7c
parent: 2dc81a0cbcc0f162596f9c223c164baffd0c8259 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7da91e6..fcc7f5f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -2134,8 +2134,8 @@
      */
     if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
-                                    "that was not offered" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
+                                    *(p)[0] ) );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
     }
commit	cd3c8451578d7a6ca14b7db92670b2f2750ea4dc	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue May 09 14:57:45 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 18:44:13 2017 +0200
tree	f550fca7ef15da3db74a0415bf3719dc01591b7c
parent	2dc81a0cbcc0f162596f9c223c164baffd0c8259 [diff] [blame]