From 200b47b8f5f156b57e811c035bc764b5d5f70b5c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 28 Jan 2022 14:26:30 +0800 Subject: [PATCH] Add more tests for CertificateRequest Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 47 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b0d2d79a4f..74bc24ae64 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9800,7 +9800,9 @@ run_test "TLS 1.3: CertificateRequest check - openssl" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9814,7 +9816,9 @@ run_test "TLS 1.3: CertificateRequest check - gnutls" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9827,7 +9831,9 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -9841,7 +9847,40 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ 1 \ -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 " \ + 0 \ + -c "=> parse certificate request" \ + -c "got no certificate request" \ + -c "<= parse certificate request" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ + "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ + 0 \ + -c "=> parse certificate request" \ + -c "got no certificate request" \ + -c "<= parse certificate request" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE