Add test for enforcing extended master secret Only add test when both are enforcing. This is configured in baremetal.h and is checked in the check_cmdline_compat, would render other cases with baremetal.h to skipped.

commit: ff434c2ef3ffbac9421eec4a6b77d243d7ee63ae [log] [tgz]
author: Jarno Lamsa <jarno.lamsa@arm.com> Fri Oct 25 12:21:54 2019 +0300
committer: Jarno Lamsa <jarno.lamsa@arm.com> Wed Oct 30 10:34:54 2019 +0200
tree: d60b71d0123e2eab8a3f7fa0bf971915dba611c0
parent: 5b944b5793bd4c968a1e1cfc75edeffaa9d7dbe3 [diff] [blame]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2d93ca3..5c09e18 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -2375,6 +2375,17 @@
             -C "session hash for extended master secret" \
             -S "session hash for extended master secret"
 
+run_test    "Extended Master Secret: both enabled, both enforcing, DTLS" \
+            "$P_SRV dtls=1 debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+            "$P_CLI dtls=1 debug_level=3 extended_ms=1 enforce_extended_master_secret=1" \
+            0 \
+            -c "client hello, adding extended_master_secret extension" \
+            -s "found extended master secret extension" \
+            -s "server hello, adding extended master secret extension" \
+            -c "found extended_master_secret extension" \
+            -c "session hash for extended master secret" \
+            -s "session hash for extended master secret"
+
 # Tests for FALLBACK_SCSV
 
 run_test    "Fallback SCSV: default" \
commit	ff434c2ef3ffbac9421eec4a6b77d243d7ee63ae	[log] [tgz]
author	Jarno Lamsa <jarno.lamsa@arm.com>	Fri Oct 25 12:21:54 2019 +0300
committer	Jarno Lamsa <jarno.lamsa@arm.com>	Wed Oct 30 10:34:54 2019 +0200
tree	d60b71d0123e2eab8a3f7fa0bf971915dba611c0
parent	5b944b5793bd4c968a1e1cfc75edeffaa9d7dbe3 [diff] [blame]