mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-22 03:11:02 +00:00
ssl-opt: check for protocol version support
Skip tests that require a specific version of the protocol if that version is disabled at compile time. This commit only partially does the job, mostly covering tests that check the protocol version in client or server logs. It is not intended to be exhaustive; in particular many uses of force_version are not covered (I think they should instead be covered automatically, but this is out of scope of the current commit). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
4502671e0b
commit
df4ad90a15
|
@ -1123,6 +1123,7 @@ run_test() {
|
||||||
}
|
}
|
||||||
|
|
||||||
run_test_psa() {
|
run_test_psa() {
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
run_test "PSA-supported ciphersuite: $1" \
|
run_test "PSA-supported ciphersuite: $1" \
|
||||||
"$P_SRV debug_level=3 force_version=tls12" \
|
"$P_SRV debug_level=3 force_version=tls12" \
|
||||||
|
@ -1146,6 +1147,7 @@ run_test_psa() {
|
||||||
}
|
}
|
||||||
|
|
||||||
run_test_psa_force_curve() {
|
run_test_psa_force_curve() {
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||||
run_test "PSA - ECDH with $1" \
|
run_test "PSA - ECDH with $1" \
|
||||||
"$P_SRV debug_level=4 force_version=tls12" \
|
"$P_SRV debug_level=4 force_version=tls12" \
|
||||||
|
@ -1382,6 +1384,7 @@ trap cleanup INT TERM HUP
|
||||||
# - things work with all ciphersuites active (used with config-full in all.sh)
|
# - things work with all ciphersuites active (used with config-full in all.sh)
|
||||||
# - the expected (highest security) parameters are selected
|
# - the expected (highest security) parameters are selected
|
||||||
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
|
# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
run_test "Default" \
|
run_test "Default" \
|
||||||
"$P_SRV debug_level=3" \
|
"$P_SRV debug_level=3" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
|
@ -1393,6 +1396,7 @@ run_test "Default" \
|
||||||
-S "error" \
|
-S "error" \
|
||||||
-C "error"
|
-C "error"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
run_test "Default, DTLS" \
|
run_test "Default, DTLS" \
|
||||||
"$P_SRV dtls=1" \
|
"$P_SRV dtls=1" \
|
||||||
"$P_CLI dtls=1" \
|
"$P_CLI dtls=1" \
|
||||||
|
@ -5291,6 +5295,7 @@ run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
|
||||||
|
|
||||||
# Tests for version negotiation
|
# Tests for version negotiation
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||||
run_test "Version check: all -> 1.2" \
|
run_test "Version check: all -> 1.2" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
|
@ -5300,6 +5305,7 @@ run_test "Version check: all -> 1.2" \
|
||||||
-s "Protocol is TLSv1.2" \
|
-s "Protocol is TLSv1.2" \
|
||||||
-c "Protocol is TLSv1.2"
|
-c "Protocol is TLSv1.2"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
run_test "Version check: cli max 1.1 -> 1.1" \
|
run_test "Version check: cli max 1.1 -> 1.1" \
|
||||||
"$P_SRV" \
|
"$P_SRV" \
|
||||||
"$P_CLI max_version=tls1_1" \
|
"$P_CLI max_version=tls1_1" \
|
||||||
|
@ -5309,6 +5315,7 @@ run_test "Version check: cli max 1.1 -> 1.1" \
|
||||||
-s "Protocol is TLSv1.1" \
|
-s "Protocol is TLSv1.1" \
|
||||||
-c "Protocol is TLSv1.1"
|
-c "Protocol is TLSv1.1"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
run_test "Version check: srv max 1.1 -> 1.1" \
|
run_test "Version check: srv max 1.1 -> 1.1" \
|
||||||
"$P_SRV max_version=tls1_1" \
|
"$P_SRV max_version=tls1_1" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
|
@ -5318,6 +5325,7 @@ run_test "Version check: srv max 1.1 -> 1.1" \
|
||||||
-s "Protocol is TLSv1.1" \
|
-s "Protocol is TLSv1.1" \
|
||||||
-c "Protocol is TLSv1.1"
|
-c "Protocol is TLSv1.1"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
run_test "Version check: cli+srv max 1.1 -> 1.1" \
|
run_test "Version check: cli+srv max 1.1 -> 1.1" \
|
||||||
"$P_SRV max_version=tls1_1" \
|
"$P_SRV max_version=tls1_1" \
|
||||||
"$P_CLI max_version=tls1_1" \
|
"$P_CLI max_version=tls1_1" \
|
||||||
|
@ -5327,6 +5335,7 @@ run_test "Version check: cli+srv max 1.1 -> 1.1" \
|
||||||
-s "Protocol is TLSv1.1" \
|
-s "Protocol is TLSv1.1" \
|
||||||
-c "Protocol is TLSv1.1"
|
-c "Protocol is TLSv1.1"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
|
run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
|
||||||
"$P_SRV min_version=tls1_1" \
|
"$P_SRV min_version=tls1_1" \
|
||||||
"$P_CLI max_version=tls1_1" \
|
"$P_CLI max_version=tls1_1" \
|
||||||
|
@ -5336,6 +5345,7 @@ run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
|
||||||
-s "Protocol is TLSv1.1" \
|
-s "Protocol is TLSv1.1" \
|
||||||
-c "Protocol is TLSv1.1"
|
-c "Protocol is TLSv1.1"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
|
||||||
run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
|
run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
|
||||||
"$P_SRV max_version=tls1_1" \
|
"$P_SRV max_version=tls1_1" \
|
||||||
"$P_CLI min_version=tls1_1" \
|
"$P_CLI min_version=tls1_1" \
|
||||||
|
|
Loading…
Reference in a new issue