[glib-networking] tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking] tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
- Date: Sun, 15 Apr 2018 15:42:49 +0000 (UTC)
commit bc4469c8c4d0ebea7b4316cb0f39537d06a7c013
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sun Apr 15 10:30:22 2018 -0500
tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
This test checks that chain-with-verisign-md2.pem, which is not in the
trust store, is a valid substitute for ca-verisign-sha1.pem, since they
use the same private key. GnuTLS 3.6 now fails to validate this chain
since it no longer accepts MD2. This should be ignored for the purposes
of this test.
https://bugzilla.gnome.org/show_bug.cgi?id=794286
tls/tests/file-database.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
index 45fc10d..57ac47e 100644
--- a/tls/tests/file-database.c
+++ b/tls/tests/file-database.c
@@ -333,6 +333,7 @@ test_verify_with_incorrect_root_in_chain (void)
identity, NULL, 0, NULL, &error);
g_assert_no_error (error);
errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
+ errors &= ~G_TLS_CERTIFICATE_INSECURE; /* allow MD2 */
g_assert_cmpuint (errors, ==, 0);
g_object_unref (chain);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
