1 files changed, 41 insertions, 0 deletions

diff --git a/0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch b/0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch
new file mode 100644
index 0000000..cad68cc
--- /dev/null
+++ b/0007-test13_test_lasso_server_load_metadata-Don-t-verify-.patch
@@ -0,0 +1,41 @@
+From 1b0000e0163edc9d831894bf4aac7503f0294062 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Fri, 18 Jun 2021 18:45:38 +0200
+Subject: [PATCH 7/7] test13_test_lasso_server_load_metadata: Don't verify
+ signature if lasso is not configured with sha-1 (#54037)
+
+---
+ tests/basic_tests.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/tests/basic_tests.c b/tests/basic_tests.c
+index 0652abc28..470d64fc6 100644
+--- a/tests/basic_tests.c
++++ b/tests/basic_tests.c
+@@ -1974,6 +1974,14 @@ START_TEST(test13_test_lasso_server_load_metadata)
+ 	LassoServer *server = NULL;
+ 	GList *loaded_entity_ids = NULL;
+ 	GList blacklisted_1 = { .data = "https://identities.univ-jfc.fr/idp/prod", .next = NULL };
++	const gchar *trusted_roots = TESTSDATADIR "/rootCA.crt";
++
++	/* The IDP metadata file is signed with rsa-sha1, so verifying it would
++	 * fail incase sha1 is not available
++	 */
++	if (lasso_get_default_signature_method() != LASSO_SIGNATURE_METHOD_RSA_SHA1) {
++		trusted_roots = NULL;
++	}
+ 
+ 	check_not_null(server = lasso_server_new(
+ 			TESTSDATADIR "/idp5-saml2/metadata.xml",
+@@ -1983,7 +1991,7 @@ START_TEST(test13_test_lasso_server_load_metadata)
+ 	block_lasso_logs;
+ 	check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP,
+ 				TESTSDATADIR "/metadata/renater-metadata.xml",
+-				TESTSDATADIR "/rootCA.crt",
++				trusted_roots,
+ 				&blacklisted_1, &loaded_entity_ids,
+ 				LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT));
+ 	unblock_lasso_logs;
+-- 
+2.26.3
+