requires_certificate_authentication: prioritize TLS 1.3
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0dc9b6a..83d6d73 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -326,12 +326,13 @@
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED"
requires_certificate_authentication () {
- if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+ if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
then
+ # TLS 1.3 is negotiated by default, so check whether it supports
+ # certificate-based authentication.
+ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+ else # Only TLS 1.2 is enabled.
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
- elif ! is_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
- then
- SKIP_NEXT="YES"
fi
}