From ff434c2ef3ffbac9421eec4a6b77d243d7ee63ae Mon Sep 17 00:00:00 2001
From: Jarno Lamsa <jarno.lamsa@arm.com>
Date: Fri, 25 Oct 2019 12:21:54 +0300
Subject: [PATCH] Add test for enforcing extended master secret

Only add test when both are enforcing. This is configured in baremetal.h
and is checked in the check_cmdline_compat, would render other cases
with baremetal.h to skipped.
---
 tests/ssl-opt.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2d93ca344..5c09e18e7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2375,6 +2375,17 @@ run_test    "Extended Master Secret: client enabled, server SSLv3" \
             -C "session hash for extended master secret" \
             -S "session hash for extended master secret"
 
+run_test    "Extended Master Secret: both enabled, both enforcing, DTLS" \
+            "$P_SRV dtls=1 debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+            "$P_CLI dtls=1 debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+            0 \
+            -c "client hello, adding extended_master_secret extension" \
+            -s "found extended master secret extension" \
+            -s "server hello, adding extended master secret extension" \
+            -c "found extended_master_secret extension" \
+            -c "session hash for extended master secret" \
+            -s "session hash for extended master secret"
+
 # Tests for FALLBACK_SCSV
 
 run_test    "Fallback SCSV: default" \