mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 23:35:37 +00:00
Add tests for keyUsage with client auth
This commit is contained in:
parent
490047cc44
commit
a9db85df73
|
@ -2724,7 +2724,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
if( pk_can_do( pk, POLARSSL_PK_ECKEY ) &&
|
||||
! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server certificate (EC key curve)" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
|
||||
if( ret == 0 )
|
||||
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||
}
|
||||
|
@ -2735,7 +2735,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
ciphersuite_info,
|
||||
! ssl->endpoint ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "bad server certificate (usage ext.)" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
|
||||
if( ret == 0 )
|
||||
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||
}
|
||||
|
|
|
@ -1031,16 +1031,7 @@ run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
|
|||
-C "Ciphersuite is "
|
||||
|
||||
# Tests for keyUsage in leaf certificates, part 2:
|
||||
# client-side checks
|
||||
|
||||
run_test "keyUsage cli #0 (reference, no extension)" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
-cert data_files/server2.crt" \
|
||||
"$P_CLI debug_level=2" \
|
||||
0 \
|
||||
-C "bad server certificate (usage ext.)" \
|
||||
-C "Processing of the Certificate handshake message failed" \
|
||||
-c "Ciphersuite is TLS-"
|
||||
# client-side checking of server cert
|
||||
|
||||
run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
|
||||
"$O_SRV -key data_files/server2.key \
|
||||
|
@ -1048,7 +1039,7 @@ run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-C "bad server certificate (usage ext.)" \
|
||||
-C "bad certificate (usage extensions)" \
|
||||
-C "Processing of the Certificate handshake message failed" \
|
||||
-c "Ciphersuite is TLS-"
|
||||
|
||||
|
@ -1058,7 +1049,7 @@ run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-C "bad server certificate (usage ext.)" \
|
||||
-C "bad certificate (usage extensions)" \
|
||||
-C "Processing of the Certificate handshake message failed" \
|
||||
-c "Ciphersuite is TLS-"
|
||||
|
||||
|
@ -1068,7 +1059,7 @@ run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-C "bad server certificate (usage ext.)" \
|
||||
-C "bad certificate (usage extensions)" \
|
||||
-C "Processing of the Certificate handshake message failed" \
|
||||
-c "Ciphersuite is TLS-"
|
||||
|
||||
|
@ -1078,7 +1069,7 @@ run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
1 \
|
||||
-c "bad server certificate (usage ext.)" \
|
||||
-c "bad certificate (usage extensions)" \
|
||||
-c "Processing of the Certificate handshake message failed" \
|
||||
-C "Ciphersuite is TLS-"
|
||||
|
||||
|
@ -1088,7 +1079,7 @@ run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-C "bad server certificate (usage ext.)" \
|
||||
-C "bad certificate (usage extensions)" \
|
||||
-C "Processing of the Certificate handshake message failed" \
|
||||
-c "Ciphersuite is TLS-"
|
||||
|
||||
|
@ -1098,10 +1089,53 @@ run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
|
|||
"$P_CLI debug_level=2 \
|
||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||
1 \
|
||||
-c "bad server certificate (usage ext.)" \
|
||||
-c "bad certificate (usage extensions)" \
|
||||
-c "Processing of the Certificate handshake message failed" \
|
||||
-C "Ciphersuite is TLS-"
|
||||
|
||||
# Tests for keyUsage in leaf certificates, part 3:
|
||||
# server-side checking of client cert
|
||||
|
||||
run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
|
||||
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ds.crt" \
|
||||
0 \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
-S "Processing of the Certificate handshake message failed"
|
||||
|
||||
run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
|
||||
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
-S "Processing of the Certificate handshake message failed"
|
||||
|
||||
run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
|
||||
"$P_SRV debug_level=2 auth_mode=required" \
|
||||
"$O_CLI -key data_files/server2.key \
|
||||
-cert data_files/server2.ku-ke.crt" \
|
||||
1 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
-s "Processing of the Certificate handshake message failed"
|
||||
|
||||
run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
|
||||
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
-cert data_files/server5.ku-ds.crt" \
|
||||
0 \
|
||||
-S "bad certificate (usage extensions)" \
|
||||
-S "Processing of the Certificate handshake message failed"
|
||||
|
||||
run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
|
||||
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||
"$O_CLI -key data_files/server5.key \
|
||||
-cert data_files/server5.ku-ka.crt" \
|
||||
0 \
|
||||
-s "bad certificate (usage extensions)" \
|
||||
-S "Processing of the Certificate handshake message failed"
|
||||
|
||||
# Final report
|
||||
|
||||
echo "------------------------------------------------------------------------"
|
||||
|
|
Loading…
Reference in a new issue