Test ssl_client1

Test ssl_client1 with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

Clean up compile-time requirements in ssl_client1.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

programs/ssl/ssl_client1.c

@@ -9,17 +9,14 @@
 
 #include "mbedtls/platform.h"
 
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||     \
-    !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) ||    \
-    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||            \
-    !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
-    !defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) ||      \
+    !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) ||           \
+    !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
 int main(void)
 {
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
-                   "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+                   "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+                   "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
                    "not defined.\n");
     mbedtls_exit(0);
 }
@@ -288,6 +285,5 @@ exit:
 
     mbedtls_exit(exit_code);
 }
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
-          MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
-          MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
+
+#endif /* configuration allows running this program */

tests/opt-testcases/sample.sh

@@ -4,3 +4,45 @@
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
 : ${PROGRAMS_DIR:=../programs/ssl}
+
+requires_protocol_version tls12
+run_test    "Sample: ssl_client1, openssl server, TLS 1.2" \
+            -P 4433 \
+            "$O_SRV -tls1_2" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -c "New, TLSv1.2, Cipher is" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version tls12
+run_test    "Sample: ssl_client1, gnutls server, TLS 1.2" \
+            -P 4433 \
+            "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -s "Version: TLS1.2" \
+            -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
+            -S "Error" \
+            -C "error"
+
+requires_protocol_version tls13
+run_test    "Sample: ssl_client1, openssl server, TLS 1.3" \
+            -P 4433 \
+            "$O_SRV -tls1_3" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -c "New, TLSv1.3, Cipher is" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version tls13
+run_test    "Sample: ssl_client1, gnutls server, TLS 1.3" \
+            -P 4433 \
+            "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -s "Version: TLS1.3" \
+            -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
+            -S "Error" \
+            -C "error"

tests/ssl-opt.sh

@@ -491,6 +491,16 @@ detect_required_features() {
             requires_certificate_authentication;;
     esac
 
+    case " $CMD_LINE " in
+        *"programs/ssl/ssl_client1 "*)
+            requires_config_enabled MBEDTLS_CTR_DRBG_C
+            requires_config_enabled MBEDTLS_ENTROPY_C
+            requires_config_enabled MBEDTLS_PEM_PARSE_C
+            requires_config_enabled MBEDTLS_SSL_CLI_C
+            requires_certificate_authentication
+            ;;
+    esac
+
     case "$CMD_LINE" in
         *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
         */server5*|\