TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7985d454c473b1b25d84fb1c30186bdcb3134736^! / . / tests
commit7985d454c473b1b25d84fb1c30186bdcb3134736[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed Sep 04 16:06:10 2024 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Wed Sep 25 18:05:17 2024 +0200
treea94780b8860ba9a81fdb6186efedc297ebada33c
parent2bc5c80c603c785018ff82e62feba37fd14866e4 [diff]
Test ssl_client1

Test ssl_client1 with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.

Clean up compile-time requirements in ssl_client1.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
index 05db6b8..88bee47 100644
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh

@@ -4,3 +4,45 @@
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
 : ${PROGRAMS_DIR:=../programs/ssl}
+
+requires_protocol_version tls12
+run_test    "Sample: ssl_client1, openssl server, TLS 1.2" \
+            -P 4433 \
+            "$O_SRV -tls1_2" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -c "New, TLSv1.2, Cipher is" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version tls12
+run_test    "Sample: ssl_client1, gnutls server, TLS 1.2" \
+            -P 4433 \
+            "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -s "Version: TLS1.2" \
+            -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
+            -S "Error" \
+            -C "error"
+
+requires_protocol_version tls13
+run_test    "Sample: ssl_client1, openssl server, TLS 1.3" \
+            -P 4433 \
+            "$O_SRV -tls1_3" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -c "New, TLSv1.3, Cipher is" \
+            -S "ERROR" \
+            -C "error"
+
+requires_protocol_version tls13
+run_test    "Sample: ssl_client1, gnutls server, TLS 1.3" \
+            -P 4433 \
+            "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \
+            "$PROGRAMS_DIR/ssl_client1" \
+            0 \
+            -s "Version: TLS1.3" \
+            -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
+            -S "Error" \
+            -C "error"

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 364f581..da92fdd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -491,6 +491,16 @@
             requires_certificate_authentication;;
     esac
 
+    case " $CMD_LINE " in
+        *"programs/ssl/ssl_client1 "*)
+            requires_config_enabled MBEDTLS_CTR_DRBG_C
+            requires_config_enabled MBEDTLS_ENTROPY_C
+            requires_config_enabled MBEDTLS_PEM_PARSE_C
+            requires_config_enabled MBEDTLS_SSL_CLI_C
+            requires_certificate_authentication
+            ;;
+    esac
+
     case "$CMD_LINE" in
         *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
         */server5*|\