mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-03 02:54:01 +00:00
4511ca063a
Otherwise, in builds without PKSC1_V15, tests that are supposed to accept the certificate will fail, because once the cert is OK they will move on to checking the CRL and will choke on its non-PSS signature. Tests that are supposed to reject the cert due to an invalid signature from the CA will not check the CRL because they don't recognize the CA as valid, so they have no reason to check the CA's CRL. This was hiding the problem until the recent commit that added a test where the cert is supposed to be accepted. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>