Fix bug with client auth with DTLS

commit: 08a1d4bce1f2662cc08af43fa1947a1e47ef6bee [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Sep 26 10:35:50 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:39 2014 +0200
tree: bc21a5b5a3db67ecf75e97093002916ebb6aa55a
parent: d0fd1daa6ba541dcb6d85e065fe412abb8083562 [diff] [blame]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2078ccd..10fd04d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -2024,6 +2024,28 @@
             -c "received hello verify request" \
             -S "SSL - The requested feature is not available"
 
+# Tests for various cases of client authentication with DTLS
+# (focused on handshake flows and message parsing)
+
+run_test    "DTLS client auth: required" \
+            "$P_SRV dtls=1 auth_mode=required" \
+            "$P_CLI dtls=1" \
+            0 \
+            -s "Verifying peer X.509 certificate... ok"
+
+run_test    "DTLS client auth: optional, client has no cert" \
+            "$P_SRV dtls=1 auth_mode=optional" \
+            "$P_CLI dtls=1 crt_file=none key_file=none" \
+            0 \
+            -s "! no client certificate sent"
+
+run_test    "DTLS client auth: optional, client has no cert" \
+            "$P_SRV dtls=1 auth_mode=none" \
+            "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
+            0 \
+            -c "skip write certificate$" \
+            -s "! no client certificate sent"
+
 # Tests for receiving fragmented handshake messages with DTLS
 
 requires_gnutls
commit	08a1d4bce1f2662cc08af43fa1947a1e47ef6bee	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Sep 26 10:35:50 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:32:39 2014 +0200
tree	bc21a5b5a3db67ecf75e97093002916ebb6aa55a
parent	d0fd1daa6ba541dcb6d85e065fe412abb8083562 [diff] [blame]