Detect more cases where certificates are required

When requiring a cryptographic mechanism for the sake of certificate authentication, also require that certificate authentication is enabled. Setting auth_mode explicitly means that we're testing something related to how certificate-based authentication is handled, so require a key exchange with certificate-based authentication. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-29 12:32:48 +00:00 · 2024-09-06 15:34:59 +02:00 · 2024-09-06 15:34:59 +02:00 · ae3dc17e50
commit ae3dc17e50
parent 6f9952abfc
1 changed files with 7 additions and 0 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -483,10 +483,16 @@ detect_required_features() {
            requires_config_enabled MBEDTLS_SSL_ALPN;;
    esac

+    case " $CMD_LINE " in
+         *\ auth_mode=*|*[-_\ =]crt[_=]*)
+            requires_certificate_authentication;;
+    esac
+
    case "$CMD_LINE" in
        */server5*|\
        */server7*|\
        */dir-maxpath*)
+            requires_certificate_authentication
            if [ "$TLS_VERSION" = "TLS13" ]; then
                # In case of TLS13 the support for ECDSA is enough
                requires_pk_alg "ECDSA"
@ -521,6 +527,7 @@ detect_required_features() {
        */server1*|\
        */server2*|\
        */server7*)
+            requires_certificate_authentication
            # Certificates with an RSA key. The algorithm requirement is
            # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature,
            # PSS signature}. We can't easily tell which subset works, and