mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-22 03:31:15 +00:00
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
This commit is contained in:
commit
6edfe60e0d
8
ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt
Normal file
8
ChangeLog.d/pw_protected_key_file_ssl_clisrv2.txt
Normal file
|
@ -0,0 +1,8 @@
|
|||
Changes
|
||||
* Add the command line parameter key_pwd to the ssl_client2 and ssl_server2
|
||||
example applications which allows to provide a password for the key file
|
||||
specified through the existing key_file argument. This allows the use of
|
||||
these applications with password-protected key files. Analogously but for
|
||||
ssl_server2 only, add the command line parameter key_pwd2 which allows to
|
||||
set a password for the key file provided through the existing key_file2
|
||||
argument.
|
|
@ -1061,8 +1061,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||
ssl->conf->max_minor_ver ) != 0 )
|
||||
continue;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
|
||||
ciphersuites[i] ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
||||
ciphersuites[i], ciphersuite_info->name ) );
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
|
|
|
@ -927,7 +927,8 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", suite_info->name ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
||||
suite_id, suite_info->name ) );
|
||||
|
||||
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
||||
suite_info->max_minor_ver < ssl->minor_ver )
|
||||
|
|
|
@ -101,6 +101,7 @@ int main( void )
|
|||
#define DFL_CRT_FILE ""
|
||||
#define DFL_KEY_FILE ""
|
||||
#define DFL_KEY_OPAQUE 0
|
||||
#define DFL_KEY_PWD ""
|
||||
#define DFL_PSK ""
|
||||
#define DFL_PSK_OPAQUE 0
|
||||
#define DFL_PSK_IDENTITY "Client_identity"
|
||||
|
@ -173,7 +174,9 @@ int main( void )
|
|||
" use \"none\" to skip loading any top-level CAs.\n" \
|
||||
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||
" default: \"\" (pre-loaded)\n" \
|
||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||
" key_file=%%s default: \"\" (pre-loaded)\n"\
|
||||
" key_pwd=%%s Password for key specified by key_file argument\n"\
|
||||
" default: none\n"
|
||||
#else
|
||||
#define USAGE_IO \
|
||||
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
||||
|
@ -485,6 +488,7 @@ struct options
|
|||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
int ca_callback; /* Use callback for trusted certificate list */
|
||||
#endif
|
||||
const char *key_pwd; /* the password for the client key */
|
||||
const char *psk; /* the pre-shared key */
|
||||
const char *psk_identity; /* the pre-shared key identity */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
|
@ -1249,6 +1253,7 @@ int main( int argc, char *argv[] )
|
|||
opt.crt_file = DFL_CRT_FILE;
|
||||
opt.key_file = DFL_KEY_FILE;
|
||||
opt.key_opaque = DFL_KEY_OPAQUE;
|
||||
opt.key_pwd = DFL_KEY_PWD;
|
||||
opt.psk = DFL_PSK;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
opt.psk_opaque = DFL_PSK_OPAQUE;
|
||||
|
@ -1368,6 +1373,8 @@ int main( int argc, char *argv[] )
|
|||
opt.crt_file = q;
|
||||
else if( strcmp( p, "key_file" ) == 0 )
|
||||
opt.key_file = q;
|
||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||
opt.key_pwd = q;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||
opt.key_opaque = atoi( q );
|
||||
|
@ -2077,7 +2084,7 @@ int main( int argc, char *argv[] )
|
|||
else
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
if( strlen( opt.key_file ) )
|
||||
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
|
||||
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd );
|
||||
else
|
||||
#endif
|
||||
#if defined(MBEDTLS_CERTS_C)
|
||||
|
|
|
@ -122,8 +122,10 @@ int main( void )
|
|||
#define DFL_CA_PATH ""
|
||||
#define DFL_CRT_FILE ""
|
||||
#define DFL_KEY_FILE ""
|
||||
#define DFL_KEY_PWD ""
|
||||
#define DFL_CRT_FILE2 ""
|
||||
#define DFL_KEY_FILE2 ""
|
||||
#define DFL_KEY_PWD2 ""
|
||||
#define DFL_ASYNC_OPERATIONS "-"
|
||||
#define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
|
||||
#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
|
||||
|
@ -216,11 +218,15 @@ int main( void )
|
|||
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||
" default: see note after key_file2\n" \
|
||||
" key_file=%%s default: see note after key_file2\n" \
|
||||
" key_pwd=%%s Password for key specified by key_file argument\n"\
|
||||
" default: none\n" \
|
||||
" crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||
" default: see note after key_file2\n" \
|
||||
" key_file2=%%s default: see note below\n" \
|
||||
" note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
|
||||
" preloaded certificate(s) and key(s) are used if available\n" \
|
||||
" key_pwd2=%%s Password for key specified by key_file2 argument\n"\
|
||||
" default: none\n" \
|
||||
" dhm_file=%%s File containing Diffie-Hellman parameters\n" \
|
||||
" default: preloaded parameters\n"
|
||||
#else
|
||||
|
@ -493,8 +499,6 @@ int main( void )
|
|||
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \
|
||||
" options: 1 (send ca list), 0 (don't send)\n" \
|
||||
USAGE_IO \
|
||||
USAGE_SSL_ASYNC \
|
||||
USAGE_SNI \
|
||||
"\n" \
|
||||
USAGE_PSK \
|
||||
USAGE_CA_CALLBACK \
|
||||
|
@ -519,6 +523,8 @@ int main( void )
|
|||
USAGE_CURVES \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
USAGE_SSL_ASYNC \
|
||||
USAGE_SNI \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
|
@ -570,8 +576,10 @@ struct options
|
|||
const char *ca_path; /* the path with the CA certificate(s) reside */
|
||||
const char *crt_file; /* the file with the server certificate */
|
||||
const char *key_file; /* the file with the server key */
|
||||
const char *key_pwd; /* the password for the server key */
|
||||
const char *crt_file2; /* the file with the 2nd server certificate */
|
||||
const char *key_file2; /* the file with the 2nd server key */
|
||||
const char *key_pwd2; /* the password for the 2nd server key */
|
||||
const char *async_operations; /* supported SSL asynchronous operations */
|
||||
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
||||
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
||||
|
@ -1905,8 +1913,10 @@ int main( int argc, char *argv[] )
|
|||
opt.ca_path = DFL_CA_PATH;
|
||||
opt.crt_file = DFL_CRT_FILE;
|
||||
opt.key_file = DFL_KEY_FILE;
|
||||
opt.key_pwd = DFL_KEY_PWD;
|
||||
opt.crt_file2 = DFL_CRT_FILE2;
|
||||
opt.key_file2 = DFL_KEY_FILE2;
|
||||
opt.key_pwd2 = DFL_KEY_PWD2;
|
||||
opt.async_operations = DFL_ASYNC_OPERATIONS;
|
||||
opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
|
||||
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
||||
|
@ -2026,10 +2036,14 @@ int main( int argc, char *argv[] )
|
|||
opt.crt_file = q;
|
||||
else if( strcmp( p, "key_file" ) == 0 )
|
||||
opt.key_file = q;
|
||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||
opt.key_pwd = q;
|
||||
else if( strcmp( p, "crt_file2" ) == 0 )
|
||||
opt.crt_file2 = q;
|
||||
else if( strcmp( p, "key_file2" ) == 0 )
|
||||
opt.key_file2 = q;
|
||||
else if( strcmp( p, "key_pwd2" ) == 0 )
|
||||
opt.key_pwd2 = q;
|
||||
else if( strcmp( p, "dhm_file" ) == 0 )
|
||||
opt.dhm_file = q;
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
|
@ -2815,7 +2829,8 @@ int main( int argc, char *argv[] )
|
|||
if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
|
||||
{
|
||||
key_cert_init++;
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
|
||||
opt.key_pwd ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
|
||||
goto exit;
|
||||
|
@ -2840,7 +2855,8 @@ int main( int argc, char *argv[] )
|
|||
if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
|
||||
{
|
||||
key_cert_init2++;
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
|
||||
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
|
||||
opt.key_pwd2 ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
|
||||
(unsigned int) -ret );
|
||||
|
|
|
@ -244,6 +244,8 @@ cli2.key.der: cli2.key
|
|||
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += cli2.key.der
|
||||
|
||||
server5_pwd_ec = PolarSSLTest
|
||||
|
||||
server5.crt.der: server5.crt
|
||||
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += server5.crt.der
|
||||
|
@ -252,6 +254,10 @@ server5.key.der: server5.key
|
|||
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += server5.key.der
|
||||
|
||||
server5.key.enc: server5.key
|
||||
$(OPENSSL) ec -aes256 -in $< -out $@ -passout "pass:$(server5_pwd_ec)"
|
||||
all_final += server5.key.enc
|
||||
|
||||
server5-ss-expired.crt: server5.key
|
||||
$(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
|
||||
all_final += server5-ss-expired.crt
|
||||
|
@ -927,6 +933,8 @@ all_final += server1.req.cert_type_empty
|
|||
|
||||
# server2*
|
||||
|
||||
server2_pwd_ec = PolarSSLTest
|
||||
|
||||
server2.req.sha256: server2.key
|
||||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
|
||||
all_intermediate += server2.req.sha256
|
||||
|
@ -943,6 +951,10 @@ server2.key.der: server2.key
|
|||
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||
all_final += server2.key.der
|
||||
|
||||
server2.key.enc: server2.key
|
||||
$(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(server2_pwd_ec)"
|
||||
all_final += server2.key.enc
|
||||
|
||||
# server5*
|
||||
|
||||
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
|
||||
|
|
30
tests/data_files/server2.key.enc
Normal file
30
tests/data_files/server2.key.enc
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,3DDADF5AEA525DD282D9D5E0B978AEE2
|
||||
|
||||
thP0fyNhHEWvVWHpBSGAA4C6wlqWwuCbYTGVs6GW07YNiyvInE/XxtKCrEJ6ORpR
|
||||
tPZ0sTtmRFQgiAW4nSjol6AhnMAYCkt+bl2opihuKHr2IBKpGIytCwYwDB/soMw5
|
||||
/vYuZU3osENnWcv+R1+0PohU6eqo1bVBrk+Mrm+ZSX886uDNxAaqAW9dtsC7fZYV
|
||||
w/uCOlk78rtrJUOTKfh3VEXG1fb/rYAP7bZYwzkmJZRozFPzjhnZZSOssz4xwCwY
|
||||
04oHHrMDFCpbBmlZRLg60c5u0nduQx3SKig9o6gHCDoOYT0Bq64lvZLiPcwN7axV
|
||||
L7+7TJ9u/kALO0CqAltiuz18msaErXIE3pHEGDt5zxgUcLxT4IhhixWfOL09nqjl
|
||||
IltEBn0JAVC3qYsEzFGnr3C2NXLTYIFU8m1qtIyEc8vuhKw7HCgp3W/xw9f2jKZF
|
||||
JivFX80URuBTs2/TWuGBKTmIGLQFWYPKwhyl9HNbbI8q5XdxKNiVxDnZfPU/icef
|
||||
nJ+nM7msrkvXj4SdHO/if+rxQ07T/MHfU8PeqUL2LQAxY4gfBvkKJ/UAjfsHv0B2
|
||||
1WcZAt0yqrJu/ydOkQpwmQ/XCh/dITNYnxXZ0bjtY5fG+QGxA3RvqyfKbQFTi8qg
|
||||
Nx8cxOUD1dZwZ6KrosdSFGkNkZwgIWAbIK4O3TLN5lD42031kx4iiKlxdjw6Q2df
|
||||
MEVL6FqYXf4n5MhGQ5mu5MkEO9IDaz/iBdm2jkkjWaxozNC51r/i+STtsVQnY2f2
|
||||
pubekEnCOoqXN6BjuVLN28XSTLLTlJ5i9tdIMlIFUKfiNpJjOTjYBopZEf5hm3h4
|
||||
ollq6QhW9DIIsVuYgSpvoyLYLl57kvYgk1oGhV0KZyh7IPzRXTjEBiMTO+MZEoH0
|
||||
f3x2RU3LvMagb36zWs6CShV/TwAE08Mwbi7UDWYRHHaeO2bcKoEDGOXiOfsXE9HW
|
||||
OVmAlIheR/W1eVAcszHcSVtXOjlsJ02CeVEcATnJCk6Ug0vc0TspCnwOCvM8+RmE
|
||||
jQ0E6GeT6R/DVHW9XBNFxFxiS6ySd3yo9rKVLdGGPHns+qmlSMTAfYROoR1V8UiQ
|
||||
0Tvd1CfVVBeYCm9UrWUXvGzoC3rstbD7SinGbdSU4wATIPeb+v1Tz/vVhr8AoRLJ
|
||||
JK3jHMKCHH59Wx+tk8JdqAm8fgUK/69A5+gitZlM6sAmnfBJ6Vm8hqACLpjPXDWy
|
||||
LjNDwWGqgWgqDOubY+ZJQwjUGQdPdGbEUF0ABZ6si9wW+RVVGSPAfiFqE4b/QwA/
|
||||
RZh1nm7dc/3elXxwXP60MyEsVddAP691xlDdL9mRpbDMx/JSp/hABFmdPOEtu5EB
|
||||
02DS37+pOdI1kWkFiI4kkccZL04CTWLWh2lxb0RqUqQMeOf6j/WSTJ2In5etbHSB
|
||||
R8IQOsfRINm3fD11SXXKUM7IzMi9VBD7TblN2HR9iXbW7twa8O0MRH805eY+vjsM
|
||||
kcYoOtWSh+OFP9txcwjiXUBmVQDPtb+myGXmchSpMIFNV2tHVvVmUFBSipyAKr98
|
||||
3YI7mvWO0AVWXAqRHYmM3DLjlEXCauXCjgVicC/EUdA5CAO95X/ZQTNwBk8kYjy+
|
||||
-----END RSA PRIVATE KEY-----
|
8
tests/data_files/server5.key.enc
Normal file
8
tests/data_files/server5.key.enc
Normal file
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,69FEA263918128D4DD673B2732E2D7EC
|
||||
|
||||
+Q4P1nVcfGoittxagWHvyBLVPbhjmTA/SZ6W5TB+5scOzgfRlcse4jIII899EQxx
|
||||
HrfhgQwzQ12TgTZ2Y8neI+RsUqFLTLinvd8c/luBKLeDECjjhyBXOJic2dRPUaLQ
|
||||
Nyg3bI0Srr6aq6nETjh8i+dSzE/wjyNzXBMdN3KhOjE=
|
||||
-----END EC PRIVATE KEY-----
|
|
@ -1129,6 +1129,39 @@ run_test "Default, DTLS" \
|
|||
-s "Protocol is DTLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
|
||||
|
||||
run_test "TLS client auth: required" \
|
||||
"$P_SRV auth_mode=required" \
|
||||
"$P_CLI" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS: password protected client key" \
|
||||
"$P_SRV auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
|
||||
0
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS: password protected server key" \
|
||||
"$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
|
||||
"$P_CLI" \
|
||||
0
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS: password protected server key, two certificates" \
|
||||
"$P_SRV \
|
||||
key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \
|
||||
key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \
|
||||
"$P_CLI" \
|
||||
0
|
||||
|
||||
requires_config_enabled MBEDTLS_ZLIB_SUPPORT
|
||||
run_test "Default (compression enabled)" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
@ -5748,12 +5781,12 @@ run_test "PSK callback: wrong key" \
|
|||
|
||||
# Tests for EC J-PAKE
|
||||
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
run_test "ECJPAKE: client not configured" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3" \
|
||||
0 \
|
||||
-C "add ciphersuite: c0ff" \
|
||||
-C "add ciphersuite: 0xc0ff" \
|
||||
-C "adding ecjpake_kkpp extension" \
|
||||
-S "found ecjpake kkpp extension" \
|
||||
-S "skip ecjpake kkpp extension" \
|
||||
|
@ -5762,13 +5795,13 @@ run_test "ECJPAKE: client not configured" \
|
|||
-C "found ecjpake_kkpp extension" \
|
||||
-S "None of the common ciphersuites is usable"
|
||||
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
run_test "ECJPAKE: server not configured" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_CLI debug_level=3 ecjpake_pw=bla \
|
||||
force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
|
||||
1 \
|
||||
-c "add ciphersuite: c0ff" \
|
||||
-c "add ciphersuite: 0xc0ff" \
|
||||
-c "adding ecjpake_kkpp extension" \
|
||||
-s "found ecjpake kkpp extension" \
|
||||
-s "skip ecjpake kkpp extension" \
|
||||
|
@ -5777,13 +5810,13 @@ run_test "ECJPAKE: server not configured" \
|
|||
-C "found ecjpake_kkpp extension" \
|
||||
-s "None of the common ciphersuites is usable"
|
||||
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
run_test "ECJPAKE: working, TLS" \
|
||||
"$P_SRV debug_level=3 ecjpake_pw=bla" \
|
||||
"$P_CLI debug_level=3 ecjpake_pw=bla \
|
||||
force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
|
||||
0 \
|
||||
-c "add ciphersuite: c0ff" \
|
||||
-c "add ciphersuite: 0xc0ff" \
|
||||
-c "adding ecjpake_kkpp extension" \
|
||||
-C "re-using cached ecjpake parameters" \
|
||||
-s "found ecjpake kkpp extension" \
|
||||
|
|
Loading…
Reference in a new issue