From e1cc60eca9b9c9862e5fd5cb5a4934d0936e8fa4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 7 Jan 2022 23:10:56 +0100
Subject: [PATCH] Add positive test case with self-signed certificates

Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 691c0e7d5b..450fc6eff5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4090,6 +4090,21 @@ run_test    "Authentication: client badcert, server required" \
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
 
+run_test    "Authentication: client cert self-signed and trusted, server required" \
+            "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
+            "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+             key_file=data_files/server5.key" \
+            0 \
+            -S "skip write certificate request" \
+            -C "skip parse certificate request" \
+            -c "got a certificate request" \
+            -C "skip write certificate" \
+            -C "skip write certificate verify" \
+            -S "skip parse certificate verify" \
+            -S "x509_verify_cert() returned" \
+            -S "! The certificate is not correctly signed" \
+            -S "X509 - Certificate verification failed"
+
 run_test    "Authentication: client cert not trusted, server required" \
             "$P_SRV debug_level=3 auth_mode=required" \
             "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \