X.509 tests: obey compile-time SHA-1 support option

There is now one test case to validate that SHA-1 is rejected in certificates by default, and one test case to validate that SHA-1 is supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2026-02-19 00:39:46 +00:00 · 2017-05-11 16:41:25 +02:00
parent 62469d95e2
commit 4fa6bed0c6
2 changed files with 10 additions and 1 deletions
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -651,4 +651,9 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf,
 }
 #endif

+#ifndef MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
+/* The test infrastructure requires a positive define */
+#define MBEDTLS_X509__DEFAULT_FORBID_SHA1
+#endif
+
 #endif /* mbedtls_x509_crt.h */