mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-18 10:20:50 +00:00
Merge pull request #9028 from ronald-cron-arm/openssl3-3.6
Backport 3.6: Use latest installed OpenSSL 3 as OPENSSL_NEXT
This commit is contained in:
commit
c50bf9549b
@ -1765,6 +1765,22 @@ server2-sha256.crt: server2.req.sha256
|
||||
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
|
||||
all_final += server2-sha256.crt
|
||||
|
||||
server2-sha256.ku-ka.crt: SERVER2_CRT_SERIAL=22
|
||||
server2-sha256.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
|
||||
server2-sha256.ku-ke.crt: SERVER2_CRT_SERIAL=23
|
||||
server2-sha256.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
|
||||
server2-sha256.ku-ds.crt: SERVER2_CRT_SERIAL=24
|
||||
server2-sha256.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
|
||||
server2-sha256.ku-ds_ke.crt: SERVER2_CRT_SERIAL=28
|
||||
server2-sha256.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
|
||||
server2-sha256.ku-%.crt: server2.req.sha256
|
||||
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
|
||||
issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
|
||||
key_usage="$(SERVER2_KEY_USAGE)" \
|
||||
not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
|
||||
all_final += server2-sha256.ku-ka.crt server2-sha256.ku-ke.crt server2-sha256.ku-ds.crt server2-sha256.ku-ds_ke.crt
|
||||
|
||||
all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
|
||||
server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
|
||||
server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
|
||||
server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
|
||||
|
20
tests/data_files/server2-sha256.ku-ds.crt
Normal file
20
tests/data_files/server2-sha256.ku-ds.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRzCCAi+gAwIBAgIBGDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
|
||||
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
|
||||
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
|
||||
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
|
||||
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
|
||||
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
|
||||
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
|
||||
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQAtKutVrQunnzOQg3TP2vnOT8Qr5LrbvsSBaPEm21Oxkpr0gJcC
|
||||
/BgON5WrBdfpEDZ5jOMGgqdF3AxFzh/Zw1EBr2y2wIcleodtzV5j2fTQV9MPYJ9z
|
||||
XYfhNsr9idt/i4YCqJSe6lB/+GG/p+9jtMLGMjfSkNnG7ppa7Sv6NVsAxgbKskTw
|
||||
WU/z7T7Y/afK5omAPpHfWddzCl5o+o9VFi5scYyjv2iNPkRiTMDh4bE8RVm9vxcf
|
||||
TMH14TSa1Y6OkaTuzJLbU3V8yJZ67s2SK89Trd75SQ+B62nZYe+0NG+6b2s+D97y
|
||||
ex2x2EbfK/nxEL2Gv7/xG4gcpzxmKObhPpsS
|
||||
-----END CERTIFICATE-----
|
20
tests/data_files/server2-sha256.ku-ds_ke.crt
Normal file
20
tests/data_files/server2-sha256.ku-ds_ke.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRzCCAi+gAwIBAgIBHDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
|
||||
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
|
||||
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
|
||||
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
|
||||
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
|
||||
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
|
||||
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
|
||||
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQBZBDKh6TRkGh9ro5l/Rv6/LE9slTLCrAAjCA6fT2dig6WsijmK
|
||||
OLwjjuWRdKT+SPrm+42db4j++KcPVk/HwPNkbcXF7sAHy13DGi47mi7ySKqCiOZ8
|
||||
RVnpBWjZJpMzXi5l8RgXGK10v2C4iPX3E7iRw+CYTZjOWfjnzHUWqQ93eu3s6OU3
|
||||
3FobrPFKYkS9CvqvbGBIqpv8TTAoAvUAsjUbQHY2SlqlJLw2DUmewmeBzS2ItNyp
|
||||
BO367lTm03z+nG77pZYOhgxch8EA2RcIuoEExj0tHZcG3JLOz60ijqqG1lxjrTXV
|
||||
qMDRttuL8jisekj4gZD90T9JdMHpz8goNhO7
|
||||
-----END CERTIFICATE-----
|
20
tests/data_files/server2-sha256.ku-ka.crt
Normal file
20
tests/data_files/server2-sha256.ku-ka.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRzCCAi+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
|
||||
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
|
||||
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
|
||||
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
|
||||
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
|
||||
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
|
||||
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
|
||||
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQBsd9wHhcSkcO/AyrHRw33RVgdydoUIcopGHCnl+6ThQj9lM2cF
|
||||
eh7Zdu2GVyd2yyIeI7c+N1w1NOLxXYk4vviU6J/Jol706UefflMEMHIwgJqakWdj
|
||||
uq8o7CTOEhMpzSE6AfNj02jLb3qrkoJGB+STIwgx2IYdDzTrIr2Cb2T9zbDJCQBd
|
||||
l2PTVR5id/+Uy4h+2KNJzgRgOUIPc0eFN0aE5a7IHRx3q7h5h/DbBaQU4tVmaAYF
|
||||
o/6XlBvwVxan87w+hLfnFHUO7eMe0jnLvH2O+MW4ZeYh4VP2Jq7cLJQgTfCbFK9L
|
||||
PNG8gfhW71rcMRTxwKM5qziJ8h6PeomSglsO
|
||||
-----END CERTIFICATE-----
|
20
tests/data_files/server2-sha256.ku-ke.crt
Normal file
20
tests/data_files/server2-sha256.ku-ke.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDRzCCAi+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
|
||||
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
|
||||
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
|
||||
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
|
||||
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
|
||||
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
|
||||
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
|
||||
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQAuR/fgNifvtW6ukLxp+VFlYael3kAGJpKhe271fjkaqiyBB9Qt
|
||||
NfFX1HDq1hJe8c8uf+SgFnY6rg1BjdctrEU92avPYjhpsyYEuSjt9LAtLfpeMaWD
|
||||
ltem8PNh/lkR+v0xqeYsDcHTv/oR9NfCIqoPFWOPlH7CvLowNbI06D8KkKiWAlL1
|
||||
tC62db6T5sOrmcmyjLoKUyerBqCWC+MM4G+AXMdfp54/xLOvkTq/K1cu1oRIGIYL
|
||||
SSAtVeRQXqwgaH2M2EkN79joF6XnjGG27TN8rCS7gxJm87vZjtZiSFugwhFFHFhX
|
||||
Gmp9IkBVZKQci1NbTY18l/2wxFYICv486sAV
|
||||
-----END CERTIFICATE-----
|
@ -1460,8 +1460,10 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256
|
||||
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
||||
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
|
||||
@ -1473,8 +1475,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
|
||||
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
||||
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
|
||||
@ -1486,8 +1490,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521
|
||||
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
||||
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
|
||||
@ -1499,8 +1505,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255
|
||||
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
||||
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
|
||||
@ -1512,8 +1520,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448
|
||||
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
|
||||
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
|
||||
@ -1524,9 +1534,11 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_openssl_tls1_3_with_compatible_ephemeral
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
|
||||
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
||||
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
|
||||
@ -1537,12 +1549,13 @@ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
|
||||
requires_gnutls_tls1_3
|
||||
requires_gnutls_next_no_ticket
|
||||
requires_gnutls_next_disable_tls13_compat
|
||||
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
|
||||
requires_config_enabled PSA_WANT_ALG_ECDH
|
||||
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
|
||||
PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
|
||||
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
|
||||
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
|
||||
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
|
||||
|
@ -44,7 +44,7 @@
|
||||
# * GNUTLS_{CLI,SERV} = 3.4.10
|
||||
# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
|
||||
# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
|
||||
# * OPENSSL_NEXT = 1.1.1a
|
||||
# * OPENSSL_NEXT = 3.1.2
|
||||
# See the invocation of check_tools below for details.
|
||||
#
|
||||
# This script must be invoked from the toplevel directory of a git
|
||||
@ -195,6 +195,10 @@ pre_initialize_variables () {
|
||||
export CC="clang"
|
||||
fi
|
||||
|
||||
if [ -n "${OPENSSL_3+set}" ]; then
|
||||
export OPENSSL_NEXT="$OPENSSL_3"
|
||||
fi
|
||||
|
||||
# Include more verbose output for failing tests run by CMake or make
|
||||
export CTEST_OUTPUT_ON_FAILURE=1
|
||||
|
||||
|
@ -7716,7 +7716,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
|
||||
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds_ke.crt" \
|
||||
-cert data_files/server2-sha256.ku-ds_ke.crt" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-C "bad certificate (usage extensions)" \
|
||||
@ -7728,7 +7728,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
|
||||
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
-cert data_files/server2-sha256.ku-ke.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
1 \
|
||||
-c "bad certificate (usage extensions)" \
|
||||
@ -7740,7 +7740,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
|
||||
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ka.crt" \
|
||||
-cert data_files/server2-sha256.ku-ka.crt" \
|
||||
"$P_CLI debug_level=1" \
|
||||
1 \
|
||||
-c "bad certificate (usage extensions)" \
|
||||
@ -7839,7 +7839,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
|
||||
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
|
||||
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
-cert data_files/server2-sha256.ku-ds.crt" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
@ -7851,7 +7851,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
|
||||
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
|
||||
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
|
||||
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
-cert data_files/server2-sha256.ku-ke.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
-S "Processing of the Certificate handshake message failed"
|
||||
|
Loading…
x
Reference in New Issue
Block a user