[glib-networking/glib-2-56] tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/glib-2-56] tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
- Date: Tue, 22 May 2018 01:50:59 +0000 (UTC)
commit a80ca3f9fa68c2734d164f615de9545892755c7c
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sun Apr 15 10:30:22 2018 -0500
tests: Allow insecure certificates in verify-with-incorrect-root-in-chain
This test checks that chain-with-verisign-md2.pem, which is not in the
trust store, is a valid substitute for ca-verisign-sha1.pem, since they
use the same private key. GnuTLS 3.6 now fails to validate this chain
since it no longer accepts MD2. This should be ignored for the purposes
of this test.
https://bugzilla.gnome.org/show_bug.cgi?id=794286
tls/tests/file-database.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/tls/tests/file-database.c b/tls/tests/file-database.c
index 35a06f0..b8c2cdb 100644
--- a/tls/tests/file-database.c
+++ b/tls/tests/file-database.c
@@ -333,6 +333,7 @@ test_verify_with_incorrect_root_in_chain (void)
identity, NULL, 0, NULL, &error);
g_assert_no_error (error);
errors &= ~G_TLS_CERTIFICATE_EXPIRED; /* so that this test doesn't expire */
+ errors &= ~G_TLS_CERTIFICATE_INSECURE; /* allow MD2 */
g_assert_cmpuint (errors, ==, 0);
g_object_unref (chain);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]