{"id":810056,"url":"http://patchwork.ozlabs.org/api/1.2/patches/810056/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170905092910.8946-3-berrange@redhat.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.2/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170905092910.8946-3-berrange@redhat.com>","list_archive_url":null,"date":"2017-09-05T09:29:10","name":"[PULL,v1,2/2] crypto: fix test cert generation to not use SHA1 algorithm","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"2a40d6be491533ff70e0961436f18ad8abf8ca2c","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/1.2/people/2694/?format=json","name":"Daniel P. Berrange","email":"berrange@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170905092910.8946-3-berrange@redhat.com/mbox/","series":[{"id":1534,"url":"http://patchwork.ozlabs.org/api/1.2/series/1534/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=1534","date":"2017-09-05T09:29:09","name":"[PULL,v1,1/2] tests: fix incorrect size_t format in benchmark-crypto","version":1,"mbox":"http://patchwork.ozlabs.org/series/1534/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/810056/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/810056/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx08.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx08.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xmhPp0Tljz9s0g\n\tfor ;\n\tTue, 5 Sep 2017 19:34:38 +1000 (AEST)","from localhost ([::1]:57716 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dpAFg-0002jn-3O\n\tfor incoming@patchwork.ozlabs.org; Tue, 05 Sep 2017 05:34:36 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:45655)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1dpAAc-00076t-K8\n\tfor qemu-devel@nongnu.org; Tue, 05 Sep 2017 05:29:27 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1dpAAY-0007CM-0h\n\tfor qemu-devel@nongnu.org; Tue, 05 Sep 2017 05:29:22 -0400","from mx1.redhat.com ([209.132.183.28]:38296)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1dpAAX-0007Bw-RM\n\tfor qemu-devel@nongnu.org; Tue, 05 Sep 2017 05:29:17 -0400","from smtp.corp.redhat.com\n\t(int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id ED8EFC0587DB;\n\tTue, 5 Sep 2017 09:29:16 +0000 (UTC)","from t460.redhat.com (unknown [10.33.36.63])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 2A72B6F7F4;\n\tTue, 5 Sep 2017 09:29:16 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com ED8EFC0587DB","From":"\"Daniel P. Berrange\" ","To":"qemu-devel@nongnu.org","Date":"Tue, 5 Sep 2017 10:29:10 +0100","Message-Id":"<20170905092910.8946-3-berrange@redhat.com>","In-Reply-To":"<20170905092910.8946-1-berrange@redhat.com>","References":"<20170905092910.8946-1-berrange@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.11","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.32]);\n\tTue, 05 Sep 2017 09:29:17 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"[Qemu-devel] [PULL v1 2/2] crypto: fix test cert generation to not\n\tuse SHA1 algorithm","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"Peter Maydell ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"},"content":"GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.\nUnfortunately the gnutls_x509_crt_sign() method we are\nusing to create certificates in the test suite is fixed\nto always use SHA1. We must switch to a different method\nand explicitly ask for SHA256.\n\nReviewed-by: Eric Blake \nSigned-off-by: Daniel P. Berrange \n---\n tests/crypto-tls-x509-helpers.c | 3 ++-\n 1 file changed, 2 insertions(+), 1 deletion(-)","diff":"diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c\nindex 64073d3bd3..173d4e28fb 100644\n--- a/tests/crypto-tls-x509-helpers.c\n+++ b/tests/crypto-tls-x509-helpers.c\n@@ -406,7 +406,8 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req,\n * If no 'ca' is set then we are self signing\n * the cert. This is done for the root CA certs\n */\n- err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey);\n+ err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey,\n+ GNUTLS_DIG_SHA256, 0);\n if (err < 0) {\n g_critical(\"Failed to sign certificate %s\",\n gnutls_strerror(err));\n","prefixes":["PULL","v1","2/2"]}