public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: Adjust test_verify for the SHA1 allowement in SECLEVEL 2
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 143a3dae642fd0cf9f28bc4edb4fd2c0803184c1
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2018-09-14T12:38:01+02:00
Stats : +17/-3 in 1 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/143a3dae642fd0cf9f28bc4edb4fd2c0803184c1?branch=rebase_40beta
Log:
Adjust test_verify for the SHA1 allowement in SECLEVEL 2
---
diff --git a/openssl-1.1.1-seclevel.patch b/openssl-1.1.1-seclevel.patch
index 1e26df6..0871c9d 100644
--- a/openssl-1.1.1-seclevel.patch
+++ b/openssl-1.1.1-seclevel.patch
@@ -1,6 +1,6 @@
diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-09-14 10:51:05.126520376 +0200
++++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-09-14 11:47:39.715317617 +0200
@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
}
@@ -22,7 +22,7 @@ diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509
}
diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200
-+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-09-13 15:55:17.579190996 +0200
++++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-09-14 11:47:39.715317617 +0200
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
=item B<Level 2>
@@ -38,7 +38,7 @@ diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-
diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
--- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/ssl_cert.c 2018-09-14 10:50:35.960112056 +0200
++++ openssl-1.1.1/ssl/ssl_cert.c 2018-09-14 11:47:39.716317598 +0200
@@ -983,6 +983,9 @@ static int ssl_security_default_callback
return 0;
break;
@@ -49,3 +49,17 @@ diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
if (bits < minbits)
return 0;
}
+diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
+--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel 2018-09-11 14:48:24.000000000 +0200
++++ openssl-1.1.1/test/recipes/25-test_verify.t 2018-09-14 12:36:40.021812399 +0200
+@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+ "CA with PSS signature using SHA256");
+
+-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+- "Reject PSS signature using SHA1 and auth level 2");
++ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
++ "Reject PSS signature using SHA1 and auth level 3");
+
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ "PSS signature using SHA256 and auth level 2");
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: Adjust test_verify for the SHA1 allowement in SECLEVEL 2 Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox