mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 13:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl-opt.sh: Force TLS 1.2 version

Browse Source 
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-03-11 10:46:01 +01:00
parent 92dca39196
commit fd4c6afcb4
1 changed files with 45 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
tests/ssl-opt.sh
View File

@ -1966,22 +1966,20 @@ run_test "TLS: password protected server key, two certificates" \
"$P_CLI" \
0
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 " \
0 \
-c "use CA callback for X.509 CRT verification" \
-S "error" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
run_test "CA callback on server" \
"$P_SRV auth_mode=required" \
"$P_SRV force_version=tls12 auth_mode=required" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
0 \
@ -2557,10 +2555,9 @@ run_test "Single supported algorithm sending: openssl client" \
0
# Tests for certificate verification callback
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Configuration-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=0 debug_level=3" \
"$P_CLI force_version=tls12 context_crt_cb=0 debug_level=3" \
0 \
-S "error" \
-c "Verify requested for " \
@ -2568,10 +2565,9 @@ run_test "Configuration-specific CRT verification callback" \
-C "Use context-specific verification callback" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Context-specific CRT verification callback" \
"$P_SRV debug_level=3" \
"$P_CLI context_crt_cb=1 debug_level=3" \
"$P_CLI force_version=tls12 context_crt_cb=1 debug_level=3" \
0 \
-S "error" \
-c "Verify requested for " \
@ -4406,10 +4402,9 @@ run_test "Max fragment length, DTLS: disabled, larger message" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
-c "Maximum outgoing record payload length is 4096" \
@ -4422,10 +4417,9 @@ run_test "Max fragment length: used by client" \
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=512" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@ -4438,10 +4432,9 @@ run_test "Max fragment length: client 512, server 1024" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=512" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@ -4454,10 +4447,9 @@ run_test "Max fragment length: client 512, server 2048" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 512, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=512" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
0 \
-c "Maximum incoming record payload length is 512" \
-c "Maximum outgoing record payload length is 512" \
@ -4470,9 +4462,8 @@ run_test "Max fragment length: client 512, server 4096" \
requires_max_content_len 1024
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
@ -4486,10 +4477,9 @@ run_test "Max fragment length: client 1024, server 512" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=1024" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
-c "Maximum outgoing record payload length is 1024" \
@ -4502,10 +4492,9 @@ run_test "Max fragment length: client 1024, server 2048" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 1024, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=1024" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
0 \
-c "Maximum incoming record payload length is 1024" \
-c "Maximum outgoing record payload length is 1024" \
@ -4518,9 +4507,8 @@ run_test "Max fragment length: client 1024, server 4096" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
@ -4534,9 +4522,8 @@ run_test "Max fragment length: client 2048, server 512" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
@ -4550,10 +4537,9 @@ run_test "Max fragment length: client 2048, server 1024" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 2048, server 4096" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=2048" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@ -4566,9 +4552,8 @@ run_test "Max fragment length: client 2048, server 4096" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 512" \
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@ -4582,9 +4567,8 @@ run_test "Max fragment length: client 4096, server 512" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 1024" \
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@ -4598,9 +4582,8 @@ run_test "Max fragment length: client 4096, server 1024" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client 4096, server 2048" \
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
-c "Maximum incoming record payload length is 4096" \
@ -4614,9 +4597,8 @@ run_test "Max fragment length: client 4096, server 2048" \
requires_max_content_len 4096
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
-c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
@ -4643,10 +4625,9 @@ run_test "Max fragment length: gnutls server" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, message just fits" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@ -4661,10 +4642,9 @@ run_test "Max fragment length: client, message just fits" \
requires_max_content_len 2048
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Max fragment length: client, larger message" \
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
"$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
-c "Maximum incoming record payload length is 2048" \
-c "Maximum outgoing record payload length is 2048" \
@ -5740,11 +5720,10 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \
@ -5753,11 +5732,10 @@ run_test "Authentication, CA callback: server badcert, client required" \
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
0 \
-c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \
@ -5774,11 +5752,10 @@ run_test "Authentication, CA callback: server badcert, client optional" \
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)" \
@ -5787,11 +5764,10 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p
requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "bad certificate (EC key curve)"\
@ -5823,9 +5799,8 @@ run_test "Authentication, CA callback: client SHA384, server required" \
-c "Supported Signature Algorithm found: 05 "
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
1 \
@ -5847,9 +5822,8 @@ run_test "Authentication, CA callback: client badcert, server required" \
# before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
key_file=data_files/server5.key" \
1 \
@ -5867,9 +5841,8 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
-s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
0 \
@ -5892,7 +5865,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
"$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
0 \
-c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred"
@ -5903,7 +5876,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
"$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
"$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
@ -5914,7 +5887,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
"$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
"$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \
1 \
-c "use CA callback for X.509 CRT verification" \
@ -5924,7 +5897,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
@ -5935,7 +5908,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
1 \
@ -5946,7 +5919,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
0 \
@ -8690,9 +8663,8 @@ run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
# Tests of asynchronous private key support in SSL
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=0" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=0 async_private_delay2=0" \
"$P_CLI" \
0 \
@ -8700,9 +8672,8 @@ run_test "SSL async private: sign, delay=0" \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=1" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1" \
"$P_CLI" \
0 \
@ -8711,9 +8682,8 @@ run_test "SSL async private: sign, delay=1" \
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, delay=2" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=2 async_private_delay2=2" \
"$P_CLI" \
0 \
@ -8725,9 +8695,8 @@ run_test "SSL async private: sign, delay=2" \
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, SNI" \
"$P_SRV debug_level=3 \
"$P_SRV force_version=tls12 debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
@ -8783,7 +8752,7 @@ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
"$P_CLI; [ \$? -eq 1 ] &&
"$P_CLI force_version=tls12; [ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-S "Async sign callback" \
@ -8856,9 +8825,8 @@ run_test "SSL async private: fall back to transparent key" \
-s "Async sign callback: no key matches this certificate."
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in start" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=1" \
"$P_CLI" \
@ -8869,9 +8837,8 @@ run_test "SSL async private: sign, error in start" \
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, cancel after start" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=2" \
"$P_CLI" \
@ -8881,9 +8848,8 @@ run_test "SSL async private: sign, cancel after start" \
-s "Async cancel"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: sign, error in resume" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=3" \
"$P_CLI" \
@ -8929,9 +8895,8 @@ run_test "SSL async private: decrypt, error in resume" \
-s "! mbedtls_ssl_handshake returned"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: cancel after start then operate correctly" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=-2" \
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
@ -8942,9 +8907,8 @@ run_test "SSL async private: cancel after start then operate correctly" \
-s "Successful connection"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: error in resume then operate correctly" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
async_private_error=-3" \
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
@ -8997,9 +8961,8 @@ run_test "SSL async private: sign, error in resume then fall back to transpar
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: client-initiated, sign" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
exchanges=2 renegotiation=1" \
"$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
@ -9009,9 +8972,8 @@ run_test "SSL async private: renegotiation: client-initiated, sign" \
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SSL async private: renegotiation: server-initiated, sign" \
"$P_SRV \
"$P_SRV force_version=tls12 \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI exchanges=2 renegotiation=1" \