tests/crypto-tls-x509-helpers.c · 6d262dcb7d108eda93813574c2061398084dc795 · Anton / libtcg

Aug 29, 2017

crypto: fix test cert generation to not use SHA1 algorithm · 23c1595b

Daniel P. Berrangé authored Aug 29, 2017



GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.
Unfortunately the gnutls_x509_crt_sign() method we are
using to create certificates in the test suite is fixed
to always use SHA1. We must switch to a different method
and explicitly ask for SHA256.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

23c1595b

crypto: fix test cert generation to not use SHA1 algorithm

Daniel P. Berrangé authored Aug 29, 2017



GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.
Unfortunately the gnutls_x509_crt_sign() method we are
using to create certificates in the test suite is fixed
to always use SHA1. We must switch to a different method
and explicitly ask for SHA256.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>