From ccdd25cbc50a46e644470ba5f4ffe4aa36f265b4 Mon Sep 17 00:00:00 2001 From: Yuto Takano Date: Fri, 2 Jul 2021 13:05:15 +0100 Subject: [PATCH] Reword and add explanatory comments for MAX_IM_CA tests - Reword the comment on config.h to suggest that `MAX_INTERMEDIATE_CA` may not exist in the config. - Add a comment explaining why the tests are more restrictive than necessary. Signed-off-by: Yuto Takano --- tests/ssl-opt.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 338678e99..0583e1171 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4321,12 +4321,16 @@ run_test "Authentication: client no cert, ssl3" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" -# config.h contains a value for MBEDTLS_X509_MAX_INTERMEDIATE_CA that is -# different from the script's assumed default value (below). -# Relevant tests are skipped if they do not match. +# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default +# value, defined here as MAX_IM_CA. Some test cases will be skipped if the +# library is configured with a different value. MAX_IM_CA='8' +# The tests for the max_int tests can pass with any number higher than MAX_IM_CA +# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 +# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions +# are in place so that the semantics are consistent with the test description. requires_config_value_at_least "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_at_most "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer