From df4ad90a156879ff35383b8c60ba81a0d3b9668c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Apr 2022 15:14:38 +0200 Subject: [PATCH] ssl-opt: check for protocol version support Skip tests that require a specific version of the protocol if that version is disabled at compile time. This commit only partially does the job, mostly covering tests that check the protocol version in client or server logs. It is not intended to be exhaustive; in particular many uses of force_version are not covered (I think they should instead be covered automatically, but this is out of scope of the current commit). Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 54377d12c..88338301d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1123,6 +1123,7 @@ run_test() { } run_test_psa() { + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA-supported ciphersuite: $1" \ "$P_SRV debug_level=3 force_version=tls12" \ @@ -1146,6 +1147,7 @@ run_test_psa() { } run_test_psa_force_curve() { + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSA - ECDH with $1" \ "$P_SRV debug_level=4 force_version=tls12" \ @@ -1382,6 +1384,7 @@ trap cleanup INT TERM HUP # - things work with all ciphersuites active (used with config-full in all.sh) # - the expected (highest security) parameters are selected # ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Default" \ "$P_SRV debug_level=3" \ "$P_CLI" \ @@ -1393,6 +1396,7 @@ run_test "Default" \ -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Default, DTLS" \ "$P_SRV dtls=1" \ "$P_CLI dtls=1" \ @@ -5291,6 +5295,7 @@ run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ # Tests for version negotiation +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Version check: all -> 1.2" \ "$P_SRV" \ "$P_CLI" \ @@ -5300,6 +5305,7 @@ run_test "Version check: all -> 1.2" \ -s "Protocol is TLSv1.2" \ -c "Protocol is TLSv1.2" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 run_test "Version check: cli max 1.1 -> 1.1" \ "$P_SRV" \ "$P_CLI max_version=tls1_1" \ @@ -5309,6 +5315,7 @@ run_test "Version check: cli max 1.1 -> 1.1" \ -s "Protocol is TLSv1.1" \ -c "Protocol is TLSv1.1" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 run_test "Version check: srv max 1.1 -> 1.1" \ "$P_SRV max_version=tls1_1" \ "$P_CLI" \ @@ -5318,6 +5325,7 @@ run_test "Version check: srv max 1.1 -> 1.1" \ -s "Protocol is TLSv1.1" \ -c "Protocol is TLSv1.1" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 run_test "Version check: cli+srv max 1.1 -> 1.1" \ "$P_SRV max_version=tls1_1" \ "$P_CLI max_version=tls1_1" \ @@ -5327,6 +5335,7 @@ run_test "Version check: cli+srv max 1.1 -> 1.1" \ -s "Protocol is TLSv1.1" \ -c "Protocol is TLSv1.1" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \ "$P_SRV min_version=tls1_1" \ "$P_CLI max_version=tls1_1" \ @@ -5336,6 +5345,7 @@ run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \ -s "Protocol is TLSv1.1" \ -c "Protocol is TLSv1.1" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \ "$P_SRV max_version=tls1_1" \ "$P_CLI min_version=tls1_1" \