ssl-opt.sh: Detect use of CRTs using Secp384R1 and potentially skip

This commit modifies ssl-opt.sh to autodetect the use of test certificates server5.* server6.* test-ca2.* using Secp384r1, and skips the corresponding tests if MBEDTLS_ECP_DP_SECP384R1_ENABLED isn't set.
2025-02-24 21:46:50 +00:00 · 2019-09-02 14:34:23 +01:00 · 2019-09-02 14:34:23 +01:00 · 69c6cde728
parent 6b2b22164c
commit 69c6cde728
1 changed files with 23 additions and 0 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -645,6 +645,25 @@ check_cmdline_force_version_compat() {
    fi
 }

+check_cmdline_crt_key_files_compat() {
+
+    # test-ca2.crt
+    if echo "$CMD" | grep -e "test-ca2" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+    # Variants of server5.key and server5.crt
+    if echo "$CMD" | grep -e "server5" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+    # Variants of server6.key and server6.crt
+    if echo "$CMD" | grep -e "server6" > /dev/null; then
+        requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
+    fi
+
+}
+
 # Go through all options that can be hardcoded at compile-time and
 # detect whether the command line configures them in a conflicting
 # way. If so, skip the test. Otherwise, remove the corresponding
@ -655,6 +674,10 @@ check_cmdline_force_version_compat() {
 check_cmdline_compat() {
    CMD="$1"

+    # Check that if we're specifying particular certificate and/or
+    # ECC key files, the corresponding curve is enabled.
+    check_cmdline_crt_key_files_compat
+
    # ExtendedMasterSecret configuration
    check_cmdline_param_compat "extended_ms" \
                               "MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET"