mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 04:21:04 +00:00
Merge pull request #4696 from yutotakano/fix-ssl-opt.sh-hard-abort-2.x
Backport 2.x: ssl-opt.sh: Skip tests instead of conditional hard abort
This commit is contained in:
commit
1b95b34c4b
141
tests/ssl-opt.sh
141
tests/ssl-opt.sh
|
@ -242,6 +242,17 @@ requires_config_value_at_most() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requires_config_value_equals() {
|
||||||
|
VAL=$( get_config_value_or_default "$1" )
|
||||||
|
if [ -z "$VAL" ]; then
|
||||||
|
# Should never happen
|
||||||
|
echo "Mbed TLS configuration $1 is not defined"
|
||||||
|
exit 1
|
||||||
|
elif [ "$VAL" -ne "$2" ]; then
|
||||||
|
SKIP_NEXT="YES"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# Space-separated list of ciphersuites supported by this build of
|
# Space-separated list of ciphersuites supported by this build of
|
||||||
# Mbed TLS.
|
# Mbed TLS.
|
||||||
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
|
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
|
||||||
|
@ -296,6 +307,12 @@ requires_openssl_with_fallback_scsv() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
|
||||||
|
requires_max_content_len() {
|
||||||
|
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
|
||||||
|
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
|
||||||
|
}
|
||||||
|
|
||||||
# skip next test if GnuTLS isn't available
|
# skip next test if GnuTLS isn't available
|
||||||
requires_gnutls() {
|
requires_gnutls() {
|
||||||
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
||||||
|
@ -374,10 +391,11 @@ requires_not_i686() {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Calculate the input & output maximum content lengths set in the config
|
# Calculate the input & output maximum content lengths set in the config
|
||||||
MAX_CONTENT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
|
MAX_CONTENT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_MAX_CONTENT_LEN" )
|
||||||
MAX_IN_LEN=$( ../scripts/config.py get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
|
||||||
MAX_OUT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
|
||||||
|
|
||||||
|
# Calculate the maximum content length that fits both
|
||||||
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
|
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
|
||||||
MAX_CONTENT_LEN="$MAX_IN_LEN"
|
MAX_CONTENT_LEN="$MAX_IN_LEN"
|
||||||
fi
|
fi
|
||||||
|
@ -2403,8 +2421,12 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation"
|
||||||
-c "ignoring unexpected CID" \
|
-c "ignoring unexpected CID" \
|
||||||
-s "ignoring unexpected CID"
|
-s "ignoring unexpected CID"
|
||||||
|
|
||||||
|
# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
|
||||||
|
# tests check that the buffer contents are reallocated when the message is
|
||||||
|
# larger than the buffer.
|
||||||
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||||
|
requires_max_content_len 513
|
||||||
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
|
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
|
||||||
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
||||||
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
|
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
|
||||||
|
@ -2418,6 +2440,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||||
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||||
|
requires_max_content_len 1025
|
||||||
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
|
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
|
||||||
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
||||||
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
|
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
|
||||||
|
@ -3151,15 +3174,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
|
||||||
|
|
||||||
# Tests for Max Fragment Length extension
|
# Tests for Max Fragment Length extension
|
||||||
|
|
||||||
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
|
|
||||||
printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
|
|
||||||
echo "Using non-default maximum content length $MAX_CONTENT_LEN"
|
|
||||||
fi
|
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: enabled, default" \
|
run_test "Max fragment length: enabled, default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
|
@ -3224,7 +3238,7 @@ run_test "Max fragment length: disabled, larger message" \
|
||||||
-s "1 bytes read"
|
-s "1 bytes read"
|
||||||
|
|
||||||
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length DTLS: disabled, larger message" \
|
run_test "Max fragment length, DTLS: disabled, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||||
1 \
|
1 \
|
||||||
|
@ -3234,6 +3248,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \
|
||||||
-S "Maximum output fragment length is 16384" \
|
-S "Maximum output fragment length is 16384" \
|
||||||
-c "fragment larger than.*maximum "
|
-c "fragment larger than.*maximum "
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: used by client" \
|
run_test "Max fragment length: used by client" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
|
@ -3248,6 +3263,7 @@ run_test "Max fragment length: used by client" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 1024
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 1024" \
|
run_test "Max fragment length: client 512, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
@ -3262,6 +3278,7 @@ run_test "Max fragment length: client 512, server 1024" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 2048" \
|
run_test "Max fragment length: client 512, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
@ -3276,6 +3293,7 @@ run_test "Max fragment length: client 512, server 2048" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 512, server 4096" \
|
run_test "Max fragment length: client 512, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
@ -3290,6 +3308,7 @@ run_test "Max fragment length: client 512, server 4096" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 1024
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 512" \
|
run_test "Max fragment length: client 1024, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
@ -3304,6 +3323,7 @@ run_test "Max fragment length: client 1024, server 512" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 2048" \
|
run_test "Max fragment length: client 1024, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
@ -3318,6 +3338,7 @@ run_test "Max fragment length: client 1024, server 2048" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 1024, server 4096" \
|
run_test "Max fragment length: client 1024, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
@ -3332,6 +3353,7 @@ run_test "Max fragment length: client 1024, server 4096" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 512" \
|
run_test "Max fragment length: client 2048, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
@ -3346,6 +3368,7 @@ run_test "Max fragment length: client 2048, server 512" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 1024" \
|
run_test "Max fragment length: client 2048, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
@ -3360,6 +3383,7 @@ run_test "Max fragment length: client 2048, server 1024" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 2048, server 4096" \
|
run_test "Max fragment length: client 2048, server 4096" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
@ -3374,6 +3398,7 @@ run_test "Max fragment length: client 2048, server 4096" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 512" \
|
run_test "Max fragment length: client 4096, server 512" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||||
|
@ -3388,6 +3413,7 @@ run_test "Max fragment length: client 4096, server 512" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 1024" \
|
run_test "Max fragment length: client 4096, server 1024" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||||
|
@ -3402,6 +3428,7 @@ run_test "Max fragment length: client 4096, server 1024" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client 4096, server 2048" \
|
run_test "Max fragment length: client 4096, server 2048" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||||
|
@ -3416,6 +3443,7 @@ run_test "Max fragment length: client 4096, server 2048" \
|
||||||
-s "server hello, max_fragment_length extension" \
|
-s "server hello, max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: used by server" \
|
run_test "Max fragment length: used by server" \
|
||||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||||
|
@ -3430,6 +3458,7 @@ run_test "Max fragment length: used by server" \
|
||||||
-S "server hello, max_fragment_length extension" \
|
-S "server hello, max_fragment_length extension" \
|
||||||
-C "found max_fragment_length extension"
|
-C "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 4096
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
run_test "Max fragment length: gnutls server" \
|
run_test "Max fragment length: gnutls server" \
|
||||||
|
@ -3441,6 +3470,7 @@ run_test "Max fragment length: gnutls server" \
|
||||||
-c "client hello, adding max_fragment_length extension" \
|
-c "client hello, adding max_fragment_length extension" \
|
||||||
-c "found max_fragment_length extension"
|
-c "found max_fragment_length extension"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client, message just fits" \
|
run_test "Max fragment length: client, message just fits" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
|
@ -3457,6 +3487,7 @@ run_test "Max fragment length: client, message just fits" \
|
||||||
-c "2048 bytes written in 1 fragments" \
|
-c "2048 bytes written in 1 fragments" \
|
||||||
-s "2048 bytes read"
|
-s "2048 bytes read"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: client, larger message" \
|
run_test "Max fragment length: client, larger message" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
|
@ -3474,6 +3505,7 @@ run_test "Max fragment length: client, larger message" \
|
||||||
-s "2048 bytes read" \
|
-s "2048 bytes read" \
|
||||||
-s "297 bytes read"
|
-s "297 bytes read"
|
||||||
|
|
||||||
|
requires_max_content_len 2048
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
run_test "Max fragment length: DTLS client, larger message" \
|
run_test "Max fragment length: DTLS client, larger message" \
|
||||||
"$P_SRV debug_level=3 dtls=1" \
|
"$P_SRV debug_level=3 dtls=1" \
|
||||||
|
@ -3585,6 +3617,7 @@ run_test "Renegotiation: double" \
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
||||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||||
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||||
|
@ -4304,24 +4337,17 @@ run_test "Authentication: client no cert, ssl3" \
|
||||||
-C "! mbedtls_ssl_handshake returned" \
|
-C "! mbedtls_ssl_handshake returned" \
|
||||||
-S "X509 - Certificate verification failed"
|
-S "X509 - Certificate verification failed"
|
||||||
|
|
||||||
# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
|
# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default
|
||||||
# default value (8)
|
# value, defined here as MAX_IM_CA. Some test cases will be skipped if the
|
||||||
|
# library is configured with a different value.
|
||||||
|
|
||||||
MAX_IM_CA='8'
|
MAX_IM_CA='8'
|
||||||
MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
|
|
||||||
|
|
||||||
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
|
|
||||||
cat <<EOF
|
|
||||||
${CONFIG_H} contains a value for the configuration of
|
|
||||||
MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
|
|
||||||
test value of ${MAX_IM_CA}.
|
|
||||||
|
|
||||||
The tests assume this value and if it changes, the tests in this
|
|
||||||
script should also be adjusted.
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# The tests for the max_int tests can pass with any number higher than MAX_IM_CA
|
||||||
|
# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1
|
||||||
|
# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions
|
||||||
|
# are in place so that the semantics are consistent with the test description.
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: server max_int chain, client default" \
|
run_test "Authentication: server max_int chain, client default" \
|
||||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||||
|
@ -4330,6 +4356,7 @@ run_test "Authentication: server max_int chain, client default" \
|
||||||
0 \
|
0 \
|
||||||
-C "X509 - A fatal error occurred"
|
-C "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: server max_int+1 chain, client default" \
|
run_test "Authentication: server max_int+1 chain, client default" \
|
||||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||||
|
@ -4338,6 +4365,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
|
||||||
1 \
|
1 \
|
||||||
-c "X509 - A fatal error occurred"
|
-c "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: server max_int+1 chain, client optional" \
|
run_test "Authentication: server max_int+1 chain, client optional" \
|
||||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||||
|
@ -4347,6 +4375,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
|
||||||
1 \
|
1 \
|
||||||
-c "X509 - A fatal error occurred"
|
-c "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: server max_int+1 chain, client none" \
|
run_test "Authentication: server max_int+1 chain, client none" \
|
||||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||||
|
@ -4356,6 +4385,7 @@ run_test "Authentication: server max_int+1 chain, client none" \
|
||||||
0 \
|
0 \
|
||||||
-C "X509 - A fatal error occurred"
|
-C "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: client max_int+1 chain, server default" \
|
run_test "Authentication: client max_int+1 chain, server default" \
|
||||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
|
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
|
||||||
|
@ -4364,6 +4394,7 @@ run_test "Authentication: client max_int+1 chain, server default" \
|
||||||
0 \
|
0 \
|
||||||
-S "X509 - A fatal error occurred"
|
-S "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: client max_int+1 chain, server optional" \
|
run_test "Authentication: client max_int+1 chain, server optional" \
|
||||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
|
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
|
||||||
|
@ -4372,6 +4403,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \
|
||||||
1 \
|
1 \
|
||||||
-s "X509 - A fatal error occurred"
|
-s "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: client max_int+1 chain, server required" \
|
run_test "Authentication: client max_int+1 chain, server required" \
|
||||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||||
|
@ -4380,6 +4412,7 @@ run_test "Authentication: client max_int+1 chain, server required" \
|
||||||
1 \
|
1 \
|
||||||
-s "X509 - A fatal error occurred"
|
-s "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
run_test "Authentication: client max_int chain, server required" \
|
run_test "Authentication: client max_int chain, server required" \
|
||||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||||
|
@ -4557,6 +4590,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \
|
||||||
-C "! mbedtls_ssl_handshake returned" \
|
-C "! mbedtls_ssl_handshake returned" \
|
||||||
-S "X509 - Certificate verification failed"
|
-S "X509 - Certificate verification failed"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: server max_int chain, client default" \
|
run_test "Authentication, CA callback: server max_int chain, client default" \
|
||||||
|
@ -4567,6 +4601,7 @@ run_test "Authentication, CA callback: server max_int chain, client default"
|
||||||
-c "use CA callback for X.509 CRT verification" \
|
-c "use CA callback for X.509 CRT verification" \
|
||||||
-C "X509 - A fatal error occurred"
|
-C "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
|
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
|
||||||
|
@ -4577,6 +4612,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
|
||||||
-c "use CA callback for X.509 CRT verification" \
|
-c "use CA callback for X.509 CRT verification" \
|
||||||
-c "X509 - A fatal error occurred"
|
-c "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
|
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
|
||||||
|
@ -4588,6 +4624,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
|
||||||
-c "use CA callback for X.509 CRT verification" \
|
-c "use CA callback for X.509 CRT verification" \
|
||||||
-c "X509 - A fatal error occurred"
|
-c "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
|
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
|
||||||
|
@ -4598,6 +4635,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
|
||||||
-s "use CA callback for X.509 CRT verification" \
|
-s "use CA callback for X.509 CRT verification" \
|
||||||
-s "X509 - A fatal error occurred"
|
-s "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
|
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
|
||||||
|
@ -4608,6 +4646,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
|
||||||
-s "use CA callback for X.509 CRT verification" \
|
-s "use CA callback for X.509 CRT verification" \
|
||||||
-s "X509 - A fatal error occurred"
|
-s "X509 - A fatal error occurred"
|
||||||
|
|
||||||
|
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||||
requires_full_size_output_buffer
|
requires_full_size_output_buffer
|
||||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||||
run_test "Authentication, CA callback: client max_int chain, server required" \
|
run_test "Authentication, CA callback: client max_int chain, server required" \
|
||||||
|
@ -6677,8 +6716,8 @@ run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
|
||||||
-c "Read from server: 1 bytes read"
|
-c "Read from server: 1 bytes read"
|
||||||
|
|
||||||
# A test for extensions in SSLv3
|
# A test for extensions in SSLv3
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
|
requires_max_content_len 4096
|
||||||
run_test "SSLv3 with extensions, server side" \
|
run_test "SSLv3 with extensions, server side" \
|
||||||
"$P_SRV min_version=ssl3 debug_level=3" \
|
"$P_SRV min_version=ssl3 debug_level=3" \
|
||||||
"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
|
"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
|
||||||
|
@ -6927,6 +6966,7 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
|
||||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||||
|
|
||||||
# Test for large server packets
|
# Test for large server packets
|
||||||
|
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
|
||||||
run_test "Large server packet SSLv3 StreamCipher" \
|
run_test "Large server packet SSLv3 StreamCipher" \
|
||||||
"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
|
||||||
|
@ -7948,6 +7988,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 4096
|
||||||
run_test "DTLS fragmenting: none (for reference)" \
|
run_test "DTLS fragmenting: none (for reference)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -7968,6 +8009,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: server only (max_frag_len)" \
|
run_test "DTLS fragmenting: server only (max_frag_len)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -7992,6 +8034,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 4096
|
||||||
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
|
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8012,6 +8055,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
|
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8039,6 +8083,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
|
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
|
||||||
-p "$P_PXY mtu=1110" \
|
-p "$P_PXY mtu=1110" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
||||||
|
@ -8060,6 +8105,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
|
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8087,6 +8133,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
|
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
|
||||||
-p "$P_PXY mtu=1110" \
|
-p "$P_PXY mtu=1110" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8107,6 +8154,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU"
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 4096
|
||||||
run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8126,6 +8174,7 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 4096
|
||||||
run_test "DTLS fragmenting: client (MTU)" \
|
run_test "DTLS fragmenting: client (MTU)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8145,6 +8194,7 @@ run_test "DTLS fragmenting: client (MTU)" \
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: server (MTU)" \
|
run_test "DTLS fragmenting: server (MTU)" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8164,6 +8214,7 @@ run_test "DTLS fragmenting: server (MTU)" \
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: both (MTU=1024)" \
|
run_test "DTLS fragmenting: both (MTU=1024)" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8189,6 +8240,7 @@ requires_config_enabled MBEDTLS_SHA256_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: both (MTU=512)" \
|
run_test "DTLS fragmenting: both (MTU=512)" \
|
||||||
-p "$P_PXY mtu=512" \
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8220,6 +8272,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
|
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
|
||||||
-p "$P_PXY mtu=508" \
|
-p "$P_PXY mtu=508" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8244,6 +8297,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
|
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
|
||||||
-p "$P_PXY mtu=508" \
|
-p "$P_PXY mtu=508" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8267,6 +8321,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
|
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8296,6 +8351,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
|
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
|
||||||
-p "$P_PXY mtu=512" \
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8319,6 +8375,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
|
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8345,6 +8402,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
|
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
|
||||||
-p "$P_PXY mtu=512" \
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8381,6 +8439,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
||||||
-p "$P_PXY mtu=1450" \
|
-p "$P_PXY mtu=1450" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8410,6 +8469,7 @@ requires_config_enabled MBEDTLS_SHA256_C
|
||||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
||||||
-p "$P_PXY mtu=512" \
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8442,6 +8502,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
||||||
-p "$P_PXY mtu=512" \
|
-p "$P_PXY mtu=512" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8474,6 +8535,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_CCM_C
|
requires_config_enabled MBEDTLS_CCM_C
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8507,6 +8569,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||||
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8539,6 +8602,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
||||||
-p "$P_PXY mtu=1024" \
|
-p "$P_PXY mtu=1024" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8568,6 +8632,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
client_needs_more_time 2
|
client_needs_more_time 2
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU + 3d" \
|
run_test "DTLS fragmenting: proxy MTU + 3d" \
|
||||||
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8592,6 +8657,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
requires_config_enabled MBEDTLS_AES_C
|
requires_config_enabled MBEDTLS_AES_C
|
||||||
requires_config_enabled MBEDTLS_GCM_C
|
requires_config_enabled MBEDTLS_GCM_C
|
||||||
client_needs_more_time 2
|
client_needs_more_time 2
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
|
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
|
||||||
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||||
|
@ -8617,6 +8683,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
||||||
"$G_SRV -u" \
|
"$G_SRV -u" \
|
||||||
"$P_CLI dtls=1 debug_level=2 \
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
@ -8632,6 +8699,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
|
||||||
"$G_SRV -u" \
|
"$G_SRV -u" \
|
||||||
"$P_CLI dtls=1 debug_level=2 \
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
@ -8655,6 +8723,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
requires_not_i686
|
requires_not_i686
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8671,6 +8740,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
requires_gnutls
|
requires_gnutls
|
||||||
requires_not_i686
|
requires_not_i686
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
|
run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8684,6 +8754,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
|
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
|
||||||
"$O_SRV -dtls1_2 -verify 10" \
|
"$O_SRV -dtls1_2 -verify 10" \
|
||||||
"$P_CLI dtls=1 debug_level=2 \
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
@ -8698,6 +8769,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
|
run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
|
||||||
"$O_SRV -dtls1 -verify 10" \
|
"$O_SRV -dtls1 -verify 10" \
|
||||||
"$P_CLI dtls=1 debug_level=2 \
|
"$P_CLI dtls=1 debug_level=2 \
|
||||||
|
@ -8712,6 +8784,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
|
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8725,6 +8798,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||||
requires_config_enabled MBEDTLS_RSA_C
|
requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
|
run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
crt_file=data_files/server7_int-ca.crt \
|
crt_file=data_files/server7_int-ca.crt \
|
||||||
|
@ -8744,6 +8818,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$G_NEXT_SRV -u" \
|
"$G_NEXT_SRV -u" \
|
||||||
|
@ -8761,6 +8836,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$G_NEXT_SRV -u" \
|
"$G_NEXT_SRV -u" \
|
||||||
|
@ -8778,6 +8854,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
@ -8794,6 +8871,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
@ -8815,6 +8893,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$O_SRV -dtls1_2 -verify 10" \
|
"$O_SRV -dtls1_2 -verify 10" \
|
||||||
|
@ -8832,6 +8911,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$O_SRV -dtls1 -verify 10" \
|
"$O_SRV -dtls1 -verify 10" \
|
||||||
|
@ -8849,6 +8929,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dtls=1 debug_level=2 \
|
"$P_SRV dtls=1 debug_level=2 \
|
||||||
|
@ -8867,6 +8948,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
||||||
requires_config_enabled MBEDTLS_ECDSA_C
|
requires_config_enabled MBEDTLS_ECDSA_C
|
||||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
client_needs_more_time 4
|
client_needs_more_time 4
|
||||||
|
requires_max_content_len 2048
|
||||||
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
|
||||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
|
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
|
||||||
|
@ -9947,6 +10029,7 @@ run_test "export keys functionality" \
|
||||||
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
||||||
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||||
|
requires_max_content_len 16384
|
||||||
run_tests_memory_after_hanshake
|
run_tests_memory_after_hanshake
|
||||||
|
|
||||||
# Final report
|
# Final report
|
||||||
|
|
Loading…
Reference in a new issue