From d26bb2090f86ea7068ce8493748cd7eaf5bbb66c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 17 Aug 2018 09:54:10 +0100 Subject: [PATCH] Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1 --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 937a27b76..58defbfcc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -801,6 +801,22 @@ run_test "RC4: both enabled" \ -S "SSL - None of the common ciphersuites is usable" \ -S "SSL - The server has no ciphersuites in common" +# Test empty CA list in CertificateRequest in TLS 1.1 and earlier + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 +run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \ + "$G_SRV"\ + "$P_CLI force_version=tls1_1" \ + 0 + +requires_gnutls +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 +run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ + "$G_SRV"\ + "$P_CLI force_version=tls1" \ + 0 + # Tests for SHA-1 support requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES