commit 18dd213114cf1c7940ab9e6fd072819a56a5a954
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 14 10:34:53 2024 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Sep 02 12:46:03 2024 +0200
tree c231b103b607d9d4f3a7ff57cdfee234dca62a84
parent 58ab9ba0bd98b992e51390219c39a3c63bdbe5b1

Reorder some tests in ssl-opt.sh

The tests above are required then optional then none. Follow the same
pattern here.

Just moving things around (see git's --color-moved option).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 18a292b..fef8527 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5871,7 +5871,27 @@
             -C "send alert level=2 message=48" \
             -C "X509 - Certificate verification failed"
 
-# TODO: server goodcert, client none, no trusted CA
+requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
+run_test    "Authentication: server goodcert, client required, no trusted CA" \
+            "$P_SRV" \
+            "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
+            1 \
+            -c "x509_verify_cert() returned" \
+            -c "! The certificate is not correctly signed by the trusted CA" \
+            -c "! Certificate verification flags"\
+            -c "! mbedtls_ssl_handshake returned" \
+            -c "SSL - No CA Chain is set, but required to operate"
+
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+run_test    "Authentication: server goodcert, client required, no trusted CA (1.2)" \
+            "$P_SRV force_version=tls12" \
+            "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
+            1 \
+            -c "x509_verify_cert() returned" \
+            -c "! The certificate is not correctly signed by the trusted CA" \
+            -c "! Certificate verification flags"\
+            -c "! mbedtls_ssl_handshake returned" \
+            -c "SSL - No CA Chain is set, but required to operate"
 
 requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
 run_test    "Authentication: server goodcert, client optional, no trusted CA" \
@@ -5897,27 +5917,7 @@
             -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
-requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
-run_test    "Authentication: server goodcert, client required, no trusted CA" \
-            "$P_SRV" \
-            "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
-            1 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! Certificate verification flags"\
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "SSL - No CA Chain is set, but required to operate"
-
-requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
-run_test    "Authentication: server goodcert, client required, no trusted CA (1.2)" \
-            "$P_SRV force_version=tls12" \
-            "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
-            1 \
-            -c "x509_verify_cert() returned" \
-            -c "! The certificate is not correctly signed by the trusted CA" \
-            -c "! Certificate verification flags"\
-            -c "! mbedtls_ssl_handshake returned" \
-            -c "SSL - No CA Chain is set, but required to operate"
+# TODO: server goodcert, client none, no trusted CA
 
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because