Author: brane
Date: Tue Jan 13 13:54:30 2026
New Revision: 1931292
Log:
Fix OCSP tests on Fedora and derivatives. It turns out we were signing OCSP
responses with SHA-1, which is disabled in OpenSSL builds on those platforms.
In addition, perform three *headbang*s for not catching this when I refreshed
the test certificates to also not use SHA-1. My wall is now slightly dented.
* test/test_ssl.c
(create_ocsp_response): Use EVP_sha256() instead of EVP_sha1().
Modified:
serf/trunk/test/test_ssl.c
Modified: serf/trunk/test/test_ssl.c
==============================================================================
--- serf/trunk/test/test_ssl.c Tue Jan 13 12:45:03 2026 (r1931291)
+++ serf/trunk/test/test_ssl.c Tue Jan 13 13:54:30 2026 (r1931292)
@@ -2630,7 +2630,7 @@ static void create_ocsp_response(CuTest
}
if (!OCSP_basic_sign(basic, signer_cert, pkey,
- EVP_sha1(), ca, 0)) {
+ EVP_sha256(), ca, 0)) {
sk_X509_free(ca);
goto cleanup;
}
