mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 14:48:38 +00:00
Merge remote-tracking branch 'public/pr/710' into development
This commit is contained in:
commit
9873696c34
1 changed files with 136 additions and 0 deletions
136
tests/ssl-opt.sh
136
tests/ssl-opt.sh
|
@ -2652,6 +2652,142 @@ run_test "SNI: CA override with CRL" \
|
|||
-S "! The certificate is not correctly signed by the trusted CA" \
|
||||
-s "The certificate has been revoked (is on a CRL)"
|
||||
|
||||
# Tests for SNI and DTLS
|
||||
|
||||
run_test "SNI: DTLS, no SNI callback" \
|
||||
"$P_SRV debug_level=3 dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
|
||||
"$P_CLI server_name=localhost dtls=1" \
|
||||
0 \
|
||||
-S "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
run_test "SNI: DTLS, matching cert 1" \
|
||||
"$P_SRV debug_level=3 dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||
"$P_CLI server_name=localhost dtls=1" \
|
||||
0 \
|
||||
-s "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
run_test "SNI: DTLS, matching cert 2" \
|
||||
"$P_SRV debug_level=3 dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||
"$P_CLI server_name=polarssl.example dtls=1" \
|
||||
0 \
|
||||
-s "parse ServerName extension" \
|
||||
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
|
||||
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
|
||||
|
||||
run_test "SNI: DTLS, no matching cert" \
|
||||
"$P_SRV debug_level=3 dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
|
||||
"$P_CLI server_name=nonesuch.example dtls=1" \
|
||||
1 \
|
||||
-s "parse ServerName extension" \
|
||||
-s "ssl_sni_wrapper() returned" \
|
||||
-s "mbedtls_ssl_handshake returned" \
|
||||
-c "mbedtls_ssl_handshake returned" \
|
||||
-c "SSL - A fatal alert message was received from our peer"
|
||||
|
||||
run_test "SNI: DTLS, client auth no override: optional" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
|
||||
0 \
|
||||
-S "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got a certificate request" \
|
||||
-C "skip write certificate" \
|
||||
-C "skip write certificate verify" \
|
||||
-S "skip parse certificate verify"
|
||||
|
||||
run_test "SNI: DTLS, client auth override: none -> optional" \
|
||||
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
|
||||
0 \
|
||||
-S "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got a certificate request" \
|
||||
-C "skip write certificate" \
|
||||
-C "skip write certificate verify" \
|
||||
-S "skip parse certificate verify"
|
||||
|
||||
run_test "SNI: DTLS, client auth override: optional -> none" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
|
||||
0 \
|
||||
-s "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got no certificate request" \
|
||||
-c "skip write certificate" \
|
||||
-c "skip write certificate verify" \
|
||||
-s "skip parse certificate verify"
|
||||
|
||||
run_test "SNI: DTLS, CA no override" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
ca_file=data_files/test-ca.crt \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
|
||||
crt_file=data_files/server6.crt key_file=data_files/server6.key" \
|
||||
1 \
|
||||
-S "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got a certificate request" \
|
||||
-C "skip write certificate" \
|
||||
-C "skip write certificate verify" \
|
||||
-S "skip parse certificate verify" \
|
||||
-s "x509_verify_cert() returned" \
|
||||
-s "! The certificate is not correctly signed by the trusted CA" \
|
||||
-S "The certificate has been revoked (is on a CRL)"
|
||||
|
||||
run_test "SNI: DTLS, CA override" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key \
|
||||
ca_file=data_files/test-ca.crt \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
|
||||
crt_file=data_files/server6.crt key_file=data_files/server6.key" \
|
||||
0 \
|
||||
-S "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got a certificate request" \
|
||||
-C "skip write certificate" \
|
||||
-C "skip write certificate verify" \
|
||||
-S "skip parse certificate verify" \
|
||||
-S "x509_verify_cert() returned" \
|
||||
-S "! The certificate is not correctly signed by the trusted CA" \
|
||||
-S "The certificate has been revoked (is on a CRL)"
|
||||
|
||||
run_test "SNI: DTLS, CA override with CRL" \
|
||||
"$P_SRV debug_level=3 auth_mode=optional \
|
||||
crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
|
||||
ca_file=data_files/test-ca.crt \
|
||||
sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
|
||||
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
|
||||
crt_file=data_files/server6.crt key_file=data_files/server6.key" \
|
||||
1 \
|
||||
-S "skip write certificate request" \
|
||||
-C "skip parse certificate request" \
|
||||
-c "got a certificate request" \
|
||||
-C "skip write certificate" \
|
||||
-C "skip write certificate verify" \
|
||||
-S "skip parse certificate verify" \
|
||||
-s "x509_verify_cert() returned" \
|
||||
-S "! The certificate is not correctly signed by the trusted CA" \
|
||||
-s "The certificate has been revoked (is on a CRL)"
|
||||
|
||||
# Tests for non-blocking I/O: exercise a variety of handshake flows
|
||||
|
||||
run_test "Non-blocking I/O: basic handshake" \
|
||||
|
|
Loading…
Reference in a new issue