mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-15 23:42:41 +00:00
ssl-opt.sh: Enable some authentication tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron
parent
1938588e80
commit
c78511b59a
@ -4747,7 +4747,6 @@ run_test "DER format: with 9 trailing random bytes" \
|
||||
# Tests for auth_mode, there are duplicated tests using ca callback for authentication
|
||||
# When updating these tests, modify the matching authentication tests accordingly
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: server badcert, client required" \
|
||||
"$P_SRV crt_file=data_files/server5-badsign.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
@ -4781,7 +4780,6 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \
|
||||
-C "X509 - Certificate verification failed" \
|
||||
-C "SSL - No CA Chain is set, but required to operate"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: server goodcert, client required, no trusted CA" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
|
||||
@ -4852,7 +4850,6 @@ run_test "Authentication: client SHA384, server required" \
|
||||
-c "Supported Signature Algorithm found: 4," \
|
||||
-c "Supported Signature Algorithm found: 5,"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client has no cert, server required (TLS)" \
|
||||
"$P_SRV debug_level=3 auth_mode=required" \
|
||||
"$P_CLI debug_level=3 crt_file=none \
|
||||
@ -4866,10 +4863,8 @@ run_test "Authentication: client has no cert, server required (TLS)" \
|
||||
-S "x509_verify_cert() returned" \
|
||||
-s "peer has no certificate" \
|
||||
-s "! mbedtls_ssl_handshake returned" \
|
||||
-c "! mbedtls_ssl_handshake returned" \
|
||||
-s "No client certification received from the client, but required by the authentication mode"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client badcert, server required" \
|
||||
"$P_SRV debug_level=3 auth_mode=required" \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
|
||||
@ -4885,13 +4880,11 @@ run_test "Authentication: client badcert, server required" \
|
||||
-s "! The certificate is not correctly signed by the trusted CA" \
|
||||
-s "! mbedtls_ssl_handshake returned" \
|
||||
-s "send alert level=2 message=48" \
|
||||
-c "! mbedtls_ssl_handshake returned" \
|
||||
-s "X509 - Certificate verification failed"
|
||||
# We don't check that the client receives the alert because it might
|
||||
# detect that its write end of the connection is closed and abort
|
||||
# before reading the alert message.
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client cert self-signed and trusted, server required" \
|
||||
"$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
|
||||
@ -4907,7 +4900,6 @@ run_test "Authentication: client cert self-signed and trusted, server require
|
||||
-S "! The certificate is not correctly signed" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client cert not trusted, server required" \
|
||||
"$P_SRV debug_level=3 auth_mode=required" \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
|
||||
@ -4925,7 +4917,6 @@ run_test "Authentication: client cert not trusted, server required" \
|
||||
-c "! mbedtls_ssl_handshake returned" \
|
||||
-s "X509 - Certificate verification failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client badcert, server optional" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional" \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
|
||||
@ -4943,7 +4934,6 @@ run_test "Authentication: client badcert, server optional" \
|
||||
-C "! mbedtls_ssl_handshake returned" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client badcert, server none" \
|
||||
"$P_SRV debug_level=3 auth_mode=none" \
|
||||
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
|
||||
@ -4961,7 +4951,6 @@ run_test "Authentication: client badcert, server none" \
|
||||
-C "! mbedtls_ssl_handshake returned" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client no cert, server optional" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional" \
|
||||
"$P_CLI debug_level=3 crt_file=none key_file=none" \
|
||||
@ -5023,7 +5012,6 @@ MAX_IM_CA='8'
|
||||
# are in place so that the semantics are consistent with the test description.
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: server max_int chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||
key_file=data_files/dir-maxpath/09.key" \
|
||||
@ -5033,7 +5021,6 @@ run_test "Authentication: server max_int chain, client default" \
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: server max_int+1 chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
@ -5065,7 +5052,6 @@ run_test "Authentication: server max_int+1 chain, client none" \
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client max_int+1 chain, server default" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
@ -5075,7 +5061,6 @@ run_test "Authentication: client max_int+1 chain, server default" \
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client max_int+1 chain, server optional" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
@ -5085,7 +5070,6 @@ run_test "Authentication: client max_int+1 chain, server optional" \
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client max_int+1 chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
|
||||
@ -5095,7 +5079,6 @@ run_test "Authentication: client max_int+1 chain, server required" \
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Authentication: client max_int chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user