[rpms/openssl] rebase_40beta: Adjust test_verify for the SHA1 allowement in SECLEVEL 2

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: Adjust test_verify for the SHA1 allowement in SECLEVEL 2
Date: Tue, 09 Jun 2026 12:44:19 GMT	[thread overview]
Message-ID: <178100905910.1.8820810262833257061.rpms-openssl-143a3dae642f@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : 143a3dae642fd0cf9f28bc4edb4fd2c0803184c1
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2018-09-14T12:38:01+02:00
Stats  : +17/-3 in 1 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/143a3dae642fd0cf9f28bc4edb4fd2c0803184c1?branch=rebase_40beta

Log:
Adjust test_verify for the SHA1 allowement in SECLEVEL 2

---
diff --git a/openssl-1.1.1-seclevel.patch b/openssl-1.1.1-seclevel.patch
index 1e26df6..0871c9d 100644
--- a/openssl-1.1.1-seclevel.patch
+++ b/openssl-1.1.1-seclevel.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
 --- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel	2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/crypto/x509/x509_vfy.c	2018-09-14 10:51:05.126520376 +0200
++++ openssl-1.1.1/crypto/x509/x509_vfy.c	2018-09-14 11:47:39.715317617 +0200
 @@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
  }
  
@@ -22,7 +22,7 @@ diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509
  }
 diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
 --- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel	2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod	2018-09-13 15:55:17.579190996 +0200
++++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod	2018-09-14 11:47:39.715317617 +0200
 @@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
  
  =item B<Level 2>
@@ -38,7 +38,7 @@ diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-
  
 diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
 --- openssl-1.1.1/ssl/ssl_cert.c.seclevel	2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/ssl_cert.c	2018-09-14 10:50:35.960112056 +0200
++++ openssl-1.1.1/ssl/ssl_cert.c	2018-09-14 11:47:39.716317598 +0200
 @@ -983,6 +983,9 @@ static int ssl_security_default_callback
              return 0;
          break;
@@ -49,3 +49,17 @@ diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
          if (bits < minbits)
              return 0;
      }
+diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
+--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel	2018-09-11 14:48:24.000000000 +0200
++++ openssl-1.1.1/test/recipes/25-test_verify.t	2018-09-14 12:36:40.021812399 +0200
+@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+     "CA with PSS signature using SHA256");
+ 
+-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+-    "Reject PSS signature using SHA1 and auth level 2");
++ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
++    "Reject PSS signature using SHA1 and auth level 3");
+ 
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+     "PSS signature using SHA256 and auth level 2");

                 reply	other threads:[~2026-06-09 12:44 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178100905910.1.8820810262833257061.rpms-openssl-143a3dae642f@fedoraproject.org \
    --to=tmraz@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox