Remove obsolete requirements on middlebox compatibility mode: generated

MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is no longer required, except in test cases that are specifically about it. This commit removes the requirement in tls13-compat.sh (which does not have test cases that actually depend on the feature). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-14 01:26:49 +00:00 · 2024-09-13 15:18:07 +02:00 · 2024-09-13 15:18:07 +02:00 · ae5a35fc30
commit ae5a35fc30
parent edc8f35ed3
2 changed files with 1 additions and 910 deletions
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@ -66,7 +66,7 @@ class TLSProgram:

    # pylint: disable=too-many-arguments
    def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
-                 cert_sig_alg=None, compat_mode=True):
+                 cert_sig_alg=None):
        self._ciphers = []
        self._sig_algs = []
        self._named_groups = []
@ -79,7 +79,6 @@ class TLSProgram:
            self.add_signature_algorithms(signature_algorithm)
        if cert_sig_alg:
            self.add_cert_signature_algorithms(cert_sig_alg)
-        self._compat_mode = compat_mode

    # add_ciphersuites should not override by sub class
    def add_ciphersuites(self, *ciphersuites):
@ -157,8 +156,6 @@ class OpenSSLBase(TLSProgram):
            ret += ["-groups {named_groups}".format(named_groups=named_groups)]

        ret += ['-msg -tls1_3']
-        if not self._compat_mode:
-            ret += ['-no_middlebox']

        return ret

@ -288,9 +285,6 @@ class GnuTLSBase(TLSProgram):
        priority_string = ':+'.join(priority_string_list)
        priority_string += ':%NO_TICKETS'

-        if not self._compat_mode:
-            priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
-
        ret += ['--priority={priority_string}'.format(
            priority_string=priority_string)]
        return ret
@ -370,9 +364,6 @@ class MbedTLSBase(TLSProgram):
        ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
               'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']

-        if self._compat_mode:
-            ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
-
        if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
            ret.append(
                'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')