From 0f2d07907722af1f18866b9a97c7b5debed1a3f2 Mon Sep 17 00:00:00 2001
From: Joe Orton <joe@manyfish.uk>
Date: Tue, 20 Oct 2020 19:17:46 +0100
Subject: * test/ssl.c (fail_nul_cn, fail_nul_san): Disable tests with prebuilt
   certs using a SHA-1 digest, which now fail with current OpenSSL and  
 GnuTLS. (issue #38)

---
 test/ssl.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/test/ssl.c b/test/ssl.c
index 812d71c..ee18105 100644
--- a/test/ssl.c
+++ b/test/ssl.c
@@ -895,7 +895,7 @@ static int fail_wrongCN(void)
 
 #define SRCDIR(s) ne_concat(srcdir, "/" s, NULL)
 
-#ifndef HAVE_GNUTLS
+#if 0
 static int fail_nul_cn(void)
 {
     char *key = SRCDIR("nulsrv.key"), *ca = SRCDIR("nulca.pem");
@@ -1945,8 +1945,9 @@ ne_test tests[] = {
     T(fail_ca_expired),
 
     T(nulcn_identity),
-#ifndef HAVE_GNUTLS
-    /* These certs were created with a SHA#1 digest so are rejected by GnuTLS. */
+#if 0
+    /* These certs were created with a SHA#1 digest so are rejected by
+     * modern TLS libraries. */
     T(fail_nul_cn),
     T(fail_nul_san),
 #endif
-- 
cgit v1.2.1