yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-10 19:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply guards to make ssl-opt.sh work with MBEDTLS_X509_REMOVE_INFO

Browse source 
Multiple tests in ssl-opt.sh grep for debug output that's omitted
if MBEDTLS_X509_REMOVE_INFO is defined. This commit modifies ssl-opt.sh
to skip those tests in this case.
This commit is contained in:
Hanno Becker 2019-06-14 17:07:06 +01:00
parent b4d967a0a2
commit 4a156fc854
1 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
tests/ssl-opt.sh
View file

@ -956,6 +956,7 @@ run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
# Tests for SHA-1 support
requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 allow_sha1=0" \
@ -979,6 +980,7 @@ run_test "SHA-256 allowed by default in server certificate" \
0
requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
@ -3148,6 +3150,7 @@ run_test "DER format: with 9 trailing random bytes" \
# Tests for auth_mode
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@ -3158,6 +3161,7 @@ run_test "Authentication: server badcert, client required" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@ -3168,6 +3172,7 @@ run_test "Authentication: server badcert, client optional" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: server goodcert, client optional, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
@ -3179,6 +3184,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: server goodcert, client required, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
@ -3276,6 +3282,7 @@ run_test "Authentication: client has no cert, server required (TLS)" \
-c "! mbedtls_ssl_handshake returned" \
-s "No client certification received from the client, but required by the authentication mode"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@ -3297,6 +3304,7 @@ run_test "Authentication: client badcert, server required" \
# detect that its write end of the connection is closed and abort
# before reading the alert message.
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@ -3314,6 +3322,7 @@ run_test "Authentication: client cert not trusted, server required" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@ -3348,6 +3357,7 @@ run_test "Authentication: client badcert, server none" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=none key_file=none" \
@ -3365,6 +3375,7 @@ run_test "Authentication: client no cert, server optional" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI" \
@ -3513,6 +3524,7 @@ run_test "Authentication: do not send CA list in CertificateRequest" \
0 \
-S "requested DN"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@ -3527,6 +3539,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig
# Tests for certificate selection based on SHA verson
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@ -3537,6 +3550,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@ -3547,6 +3561,7 @@ run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
-C "signed using.*ECDSA with SHA256" \
-c "signed using.*ECDSA with SHA1"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@ -3557,6 +3572,7 @@ run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
-C "signed using.*ECDSA with SHA256" \
-c "signed using.*ECDSA with SHA1"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@ -3568,6 +3584,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
"$P_SRV crt_file=data_files/server6.crt \
key_file=data_files/server6.key \
@ -3581,6 +3598,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
# tests for SNI
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@ -3590,6 +3608,7 @@ run_test "SNI: no SNI callback" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3600,6 +3619,7 @@ run_test "SNI: matching cert 1" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3661,6 +3681,7 @@ run_test "SNI: client auth override: optional -> none" \
-c "skip write certificate verify" \
-s "skip parse certificate verify"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3679,6 +3700,7 @@ run_test "SNI: CA no override" \
-s "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3697,6 +3719,7 @@ run_test "SNI: CA override" \
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3717,6 +3740,7 @@ run_test "SNI: CA override with CRL" \
# Tests for SNI and DTLS
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@ -3726,6 +3750,7 @@ run_test "SNI: DTLS, no SNI callback" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3736,6 +3761,7 @@ run_test "SNI: DTLS, matching cert 1" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3797,6 +3823,7 @@ run_test "SNI: DTLS, client auth override: optional -> none" \
-c "skip write certificate verify" \
-s "skip parse certificate verify"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3833,6 +3860,7 @@ run_test "SNI: DTLS, CA override" \
-S "! The certificate is not correctly signed by the trusted CA" \
-S "The certificate has been revoked (is on a CRL)"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
@ -4270,6 +4298,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@ -4301,6 +4330,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@ -5867,6 +5897,7 @@ run_test "EC restart: TLS, max_ops=1000" \
-c "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV auth_mode=required \
crt_file=data_files/server5-badsign.crt \
@ -5883,6 +5914,7 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
"$P_SRV auth_mode=required \
@ -5900,6 +5932,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
"$P_SRV auth_mode=required \
@ -6459,12 +6492,14 @@ run_test "DTLS client auth: required" \
0 \
-s "Verifying peer X.509 certificate... ok"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "DTLS client auth: optional, client has no cert" \
"$P_SRV dtls=1 auth_mode=optional" \
"$P_CLI dtls=1 crt_file=none key_file=none" \
0 \
-s "! Certificate was missing"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "DTLS client auth: none, client has no cert" \
"$P_SRV dtls=1 auth_mode=none" \
"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \