ECC restart: Use optional verification mode in bad signature test

This way, the verification failure string will still be printed
even if verification callbacks are disabled, allowing to increase
test coverage.

tests/ssl-opt.sh

@@ -6430,22 +6430,19 @@ run_test    "EC restart: TLS, max_ops=1000" \
 
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK
 run_test    "EC restart: TLS, max_ops=1000, badsign" \
             "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \
              crt_file=data_files/server5-badsign.crt \
              key_file=data_files/server5.key" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
-             key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt  \
-             debug_level=1 ec_max_ops=1000" \
-            1 \
+             key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \
+             debug_level=1 ec_max_ops=1000 auth_mode=optional" \
+            0 \
             -c "x509_verify_cert.*4b00" \
-            -C "mbedtls_pk_verify.*4b00" \
-            -C "mbedtls_ecdh_make_public.*4b00" \
-            -C "mbedtls_pk_sign.*4b00" \
+            -c "mbedtls_pk_verify.*4b00" \
+            -c "mbedtls_ecdh_make_public.*4b00" \
+            -c "mbedtls_pk_sign.*4b00" \
             -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "X509 - Certificate verification failed"
 
 requires_config_disabled MBEDTLS_X509_REMOVE_INFO
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE