From d968b80e5c26be032b7a006769275256efb1b0f2 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Thu, 9 Mar 2023 13:18:42 +0800
Subject: [PATCH] Fix sha1 test issue

---
 smx509/x509_test.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/smx509/x509_test.go b/smx509/x509_test.go
index 32edc15..96e9aa5 100644
--- a/smx509/x509_test.go
+++ b/smx509/x509_test.go
@@ -1681,18 +1681,21 @@ func TestSHA1(t *testing.T) {
 	if sa := cert.SignatureAlgorithm; sa != ECDSAWithSHA1 {
 		t.Errorf("signature algorithm is %v, want %v", sa, ECDSAWithSHA1)
 	}
-	if err = cert.CheckSignatureFrom(cert); err == nil {
-		t.Fatalf("certificate verification succeeded incorrectly")
-	}
-	if _, ok := err.(x509.InsecureAlgorithmError); !ok {
-		t.Fatalf("certificate verification returned %v (%T), wanted InsecureAlgorithmError", err, err)
-	}
+	if !debugAllowSHA1 {
+		if err = cert.CheckSignatureFrom(cert); err == nil {
+			t.Fatalf("certificate verification succeeded incorrectly")
+		}
+		if _, ok := err.(x509.InsecureAlgorithmError); !ok {
+			t.Fatalf("certificate verification returned %v (%T), wanted InsecureAlgorithmError", err, err)
+		}
 
-	defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1)
-	debugAllowSHA1 = true
+		defer func(old bool) { debugAllowSHA1 = old }(debugAllowSHA1)
+		debugAllowSHA1 = true
+	}
 	if err = cert.CheckSignatureFrom(cert); err != nil {
 		t.Fatalf("SHA-1 certificate did not verify with GODEBUG=x509sha1=1: %v", err)
 	}
+
 }
 
 // certMissingRSANULL contains an RSA public key where the AlgorithmIdentifier