mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-15 23:42:41 +00:00
499bf4c0c8
Replace server2.crt with server2-sha256.crt which, as the name implies, is just the SHA-256 version of the same certificate. Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is associated with the same key and just have a slightly different Subject Name, which doesn't matter in this instance. The other certificates used in this script (server5.crt and server6.crt) are already signed with SHA-256. This change is motivated by the fact that recent versions of GnuTLS (or older versions with the Debian patches) reject SHA-1 in certificates by default, as they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1) but: - they're not available in all versions that reject SHA-1-signed certs; - moving to SHA-2 just seems cleaner anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>