mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 04:05:32 +00:00
Merge pull request #3593 from mpg/fix-compat.sh-with-ubuntu-16.04-gnutls-2.16
[backport 2.16] Fix compat.sh with ubuntu 16.04 gnutls
This commit is contained in:
commit
0ac8a78aa7
|
@ -934,7 +934,7 @@ setup_arguments()
|
|||
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
|
||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
|
||||
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
|
||||
if is_dtls "$MODE"; then
|
||||
|
@ -983,39 +983,29 @@ setup_arguments()
|
|||
;;
|
||||
|
||||
"RSA")
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key"
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2-sha256.crt -key data_files/server2.key"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key"
|
||||
|
||||
if [ "X$VERIFY" = "XYES" ]; then
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/server1.crt --x509keyfile data_files/server1.key"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=data_files/cert_sha256.crt key_file=data_files/server1.key"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/cert_sha256.crt -key data_files/server1.key"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --x509certfile data_files/cert_sha256.crt --x509keyfile data_files/server1.key"
|
||||
else
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
|
||||
fi
|
||||
|
||||
# Allow SHA-1. It's disabled by default for security reasons but
|
||||
# our tests still use certificates signed with it.
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
|
||||
;;
|
||||
|
||||
"PSK")
|
||||
# give RSA-PSK-capable server a RSA cert
|
||||
# (should be a separate type, but harder to close with openssl)
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2.crt key_file=data_files/server2.key"
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70 ca_file=none crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key"
|
||||
O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70 -nocert"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
|
||||
G_SERVER_ARGS="$G_SERVER_ARGS --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --pskpasswd data_files/passwd.psk"
|
||||
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
|
||||
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
|
||||
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
|
||||
|
||||
# Allow SHA-1. It's disabled by default for security reasons but
|
||||
# our tests still use certificates signed with it.
|
||||
M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
|
||||
M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue