update ssl-opt test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 35401e0..7b82f09 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9789,47 +9789,45 @@
-S "Version: TLS1.2" \
-C "Protocol : TLSv1.2"
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \
- "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \
- key_file=none" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"
-
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \
+run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=none \
key_file=none" \
0 \
- -c "=> parse certificate request" \
-c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -s "TLS 1.3" \
+ -c "HTTP/1.0 200 ok"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \
+ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \
+ key_file=none" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\
+ -s "Version: TLS1.3" \
+ -c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \
+run_test "TLS 1.3: Client authentication, no server middlebox compatibility - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
- -c "=> parse certificate request" \
-c "got a certificate request" \
- -c "<= parse certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
@@ -9838,14 +9836,12 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \
+run_test "TLS 1.3: Client authentication, no server middlebox compatibility - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
- -c "=> parse certificate request" \
-c "got a certificate request" \
- -c "<= parse certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
@@ -9853,154 +9849,140 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \
- "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \
- "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \
- "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
-run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \
- "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \
- "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_gnutls_tls1_3
-requires_gnutls_next_no_ticket
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_RSA_C
-run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \
- "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \
- 0 \
- -c "=> parse certificate request" \
- -c "got a certificate request" \
- -c "<= parse certificate request" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
- -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
-
-requires_openssl_tls1_3
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+run_test "TLS 1.3: No client authentication, client has certificate - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \
"$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
- -c "=> parse certificate request" \
-c "got no certificate request" \
- -c "<= parse certificate request"
+ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
-run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \
"$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
- -c "=> parse certificate request" \
-c "got no certificate request" \
- -c "<= parse certificate request"
+ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \
+ key_file=data_files/ecdsa_secp256r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \
+ key_file=data_files/ecdsa_secp256r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \
+ key_file=data_files/ecdsa_secp384r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \
+ key_file=data_files/ecdsa_secp384r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \
+ key_file=data_files/ecdsa_secp521r1.key" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
+ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \
+ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
+ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
+
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
+ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
+ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \
+ 0 \
+ -c "got a certificate request" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
+ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE