From 03d77469279e409fa794afcf3cd14db776e6e8d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Aug 2019 16:24:56 +0100 Subject: [PATCH] ECC restart: Use optional verification mode in bad signature test This way, the verification failure string will still be printed even if verification callbacks are disabled, allowing to increase test coverage. --- tests/ssl-opt.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 38bfed728..b0e4515d7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6430,22 +6430,19 @@ run_test "EC restart: TLS, max_ops=1000" \ requires_config_enabled MBEDTLS_ECP_RESTARTABLE requires_config_disabled MBEDTLS_X509_REMOVE_INFO -requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "EC restart: TLS, max_ops=1000, badsign" \ "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \ crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ - debug_level=1 ec_max_ops=1000" \ - 1 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_ECP_RESTARTABLE