From 8d4062bbb5aca33c09c32c342e0eab722a592378 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 25 Mar 2024 02:27:16 -0500 Subject: backport regress updates for new certs from jsing Use the new certificates/chains in regress. The new certificates are more representative of the real world. The old certificates use weak algorithms and expire in the very near future. Most of our regress has already been switched over, this changes the remainder. Thanks to Bernhard M. Wiedemann for reminding us of the upcoming expiry. ok tb@ --- patches/keypairtest.c.patch | 11 +++++++++++ patches/ssl_get_shared_ciphers.c.patch | 11 +++++++++++ 2 files changed, 22 insertions(+) create mode 100644 patches/keypairtest.c.patch create mode 100644 patches/ssl_get_shared_ciphers.c.patch (limited to 'patches') diff --git a/patches/keypairtest.c.patch b/patches/keypairtest.c.patch new file mode 100644 index 0000000..5d3b905 --- /dev/null +++ b/patches/keypairtest.c.patch @@ -0,0 +1,11 @@ +--- tests/keypairtest.c.orig Mon Mar 25 02:14:35 2024 ++++ tests/keypairtest.c Mon Mar 25 02:20:15 2024 +@@ -29,7 +29,7 @@ + #include + + #define PUBKEY_HASH \ +- "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5" ++ "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f" + + char *cert_file, *key_file, *ocsp_staple_file; + diff --git a/patches/ssl_get_shared_ciphers.c.patch b/patches/ssl_get_shared_ciphers.c.patch new file mode 100644 index 0000000..8c2a029 --- /dev/null +++ b/patches/ssl_get_shared_ciphers.c.patch @@ -0,0 +1,11 @@ +--- tests/ssl_get_shared_ciphers.c.orig Mon Mar 25 02:14:15 2024 ++++ tests/ssl_get_shared_ciphers.c Mon Mar 25 02:14:57 2024 +@@ -462,7 +462,7 @@ + size_t i; + int failed = 0; + +- if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) { ++ if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) { + fprintf(stderr, "asprintf server_cert failed\n"); + failed = 1; + goto err; -- cgit v1.2.3-55-g6feb