mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-15 23:42:41 +00:00
36d1b4a80f
- consistent naming with explicit version - in each section, have a positive case with just the needed bit set, and one with an irrelevant bit set in addition (cli 1.3 only had the former, and cli-auth 1.3 only the later) - when auth_mode optional is supported failing cases should come in pairs: soft+hard, this wasn't the case for cli-auth 1.3. (Note: cli 1.3 currently does not support auth_mode optional.) - failing cases should check that the correct flag is printed and the expected alert is sent. The last (two) points have uncovered a bug in 1.3 code: - In fail (hard) cases the correct alert isn't send, but a more generic one instead. - In fail (soft) cases the issue with the certificate is not reported, actually the certificate is reported as valid. Both share the same root cause: the flags are not updated properly when checking the keyUsage extension. This will be addressed in future commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>