From db264069346d980e6ce048affe27c296d09f8d10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 6 Sep 2024 19:08:41 +0200 Subject: [PATCH] Also activate PSK-only mode when PSK-ephemeral key exchanges are available The point of PSK-only mode is to transform certificate-based command lines into PSK-based command lines, when the certificates are not relevant to what is being tested. So it makes sense to do that in with PSK-ephemeral key exchanges too. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0fd3387bcf..4c5bd0c1a2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -598,15 +598,19 @@ maybe_adapt_for_psk() { adapt_cmd_for_psk SRV_CMD "$SRV_CMD" } -# PSK_PRESENT="YES" if at least one protocol versions supports pure-PSK. +# PSK_PRESENT="YES" if at least one protocol versions supports at least +# one PSK key exchange mode. PSK_PRESENT="NO" -# PSK_ONLY="YES" if no key exchange is enabled except pure-PSK. +# PSK_ONLY="YES" if all the available key exchange modes are PSK-based +# (pure-PSK or PSK-ephemeral, possibly both). PSK_ONLY="" for c in $CONFIGS_ENABLED; do case $c in MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_KEY_EXCHANGE_PSK_*_ENABLED) PSK_PRESENT="YES";; MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; esac done