diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 814496d00..1e3287c46 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -639,6 +639,19 @@ component_test_sslv3 () { if_build_succeeded tests/ssl-opt.sh } +component_test_dtls_only () { + msg "build: Default + DTLS only (ASan build)" # ~ 6 min + scripts/config.pl set MBEDTLS_SSL_PROTO_NO_TLS + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: DTLS only - main suites (inc. selftests) (ASan build)" # ~ 50s + make test + + msg "test: DTLS only - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} + component_test_no_renegotiation () { msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 33aa792dd..da87793ec 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -539,6 +539,15 @@ check_cmdline_param_compat() { fi } +check_cmdline_check_tls_dtls() { + detect_dtls "$CMD" + if [ "$DTLS" = "0" ]; then + requires_config_disabled MBEDTLS_SSL_PROTO_NO_TLS + elif [ "$DTLS" = "1" ]; then + requires_config_enabled MBEDTLS_SSL_PROTO_DTLS + fi +} + check_cmdline_authmode_compat() { __VAL="$( get_config_value_or_default "MBEDTLS_SSL_CONF_AUTHMODE" )" if [ ! -z "$__VAL" ]; then @@ -692,6 +701,9 @@ check_cmdline_compat() { check_cmdline_param_compat "badmac_limit" \ "MBEDTLS_SSL_CONF_BADMAC_LIMIT" + # Skip tests relying on TLS/DTLS in configs that disable it. + check_cmdline_check_tls_dtls + # Authentication mode check_cmdline_authmode_compat @@ -5499,7 +5511,6 @@ run_test "Small client packet TLS 1.2 AEAD shorter tag" \ # Tests for small client packets in DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.0" \ "$P_SRV dtls=1 force_version=dtls1" \ "$P_CLI dtls=1 request_size=1 \ @@ -5507,7 +5518,6 @@ run_test "Small client packet DTLS 1.0" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.0, without EtM" \ "$P_SRV dtls=1 force_version=dtls1 etm=0" \ "$P_CLI dtls=1 request_size=1 \ @@ -5515,7 +5525,6 @@ run_test "Small client packet DTLS 1.0, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small client packet DTLS 1.0, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ @@ -5524,7 +5533,6 @@ run_test "Small client packet DTLS 1.0, truncated hmac" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ @@ -5533,7 +5541,6 @@ run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2" \ "$P_SRV dtls=1 force_version=dtls1_2" \ "$P_CLI dtls=1 request_size=1 \ @@ -5541,7 +5548,6 @@ run_test "Small client packet DTLS 1.2" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small client packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ "$P_CLI dtls=1 request_size=1 \ @@ -5549,7 +5555,6 @@ run_test "Small client packet DTLS 1.2, without EtM" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small client packet DTLS 1.2, truncated hmac" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ @@ -5558,7 +5563,6 @@ run_test "Small client packet DTLS 1.2, truncated hmac" \ 0 \ -s "Read from client: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ @@ -5788,7 +5792,6 @@ run_test "Small server packet TLS 1.2 AEAD shorter tag" \ # Tests for small server packets in DTLS -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.0" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ "$P_CLI dtls=1 \ @@ -5796,7 +5799,6 @@ run_test "Small server packet DTLS 1.0" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.0, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ "$P_CLI dtls=1 \ @@ -5804,7 +5806,6 @@ run_test "Small server packet DTLS 1.0, without EtM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small server packet DTLS 1.0, truncated hmac" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ @@ -5813,7 +5814,6 @@ run_test "Small server packet DTLS 1.0, truncated hmac" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ @@ -5822,7 +5822,6 @@ run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ "$P_CLI dtls=1 \ @@ -5830,7 +5829,6 @@ run_test "Small server packet DTLS 1.2" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS run_test "Small server packet DTLS 1.2, without EtM" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ "$P_CLI dtls=1 \ @@ -5838,7 +5836,6 @@ run_test "Small server packet DTLS 1.2, without EtM" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small server packet DTLS 1.2, truncated hmac" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ @@ -5847,7 +5844,6 @@ run_test "Small server packet DTLS 1.2, truncated hmac" \ 0 \ -c "Read from server: 1 bytes read" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ @@ -7125,7 +7121,6 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ # - all others below 512B # All those tests assume MAX_CONTENT_LEN is at least 2048 -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7147,7 +7142,6 @@ run_test "DTLS fragmenting: none (for reference)" \ -C "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7173,7 +7167,6 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ # the client to not exceed a certain MTU; hence, the following # test can't be replicated with an MTU proxy such as the one # `client-initiated, server only (max_frag_len)` below. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7195,7 +7188,6 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ -c "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7224,7 +7216,6 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ # to the peer. # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7247,7 +7238,6 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), pro -c "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7276,7 +7266,6 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ # to the peer. # The next test checks that no datagrams significantly larger than the # negotiated MFL are sent. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -7299,7 +7288,6 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" -c "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: none (for reference) (MTU)" \ @@ -7320,7 +7308,6 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ -C "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: client (MTU)" \ @@ -7341,7 +7328,6 @@ run_test "DTLS fragmenting: client (MTU)" \ -C "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: server (MTU)" \ @@ -7362,7 +7348,6 @@ run_test "DTLS fragmenting: server (MTU)" \ -c "found fragmented DTLS handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: both (MTU=1024)" \ @@ -7385,7 +7370,6 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ -C "error" # Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7419,7 +7403,6 @@ run_test "DTLS fragmenting: both (MTU=512)" \ # fragmentation and auto-reduction) an extra retransmission might occur, # hence the ratio of 8. not_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7445,7 +7428,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ # Forcing ciphersuite for this test to fit the MTU of 508 with full config. only_with_valgrind -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7473,7 +7455,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ @@ -7501,7 +7482,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ # OTOH the client might resend if the server is to slow to reset after sending # a HelloVerifyRequest, so only check for no retransmission server-side not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7529,7 +7509,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -C "error" not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ @@ -7554,7 +7533,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7592,7 +7570,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ # reco_delay avoids races where the client reconnects before the server has # resumed listening, which would result in a spurious autoreduction. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7622,7 +7599,6 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ # An autoreduction on the client-side might happen if the server is # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7655,7 +7631,6 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ # An autoreduction on the client-side might happen if the server is # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7689,7 +7664,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ # An autoreduction on the client-side might happen if the server is # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7723,7 +7697,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ # An autoreduction on the client-side might happen if the server is # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7758,7 +7731,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ # An autoreduction on the client-side might happen if the server is # slow to reset, therefore omitting '-C "autoreduction"' below. not_with_valgrind # spurious autoreduction due to timeout -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SHA256_C @@ -7790,7 +7762,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -C "error" # Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7816,7 +7787,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ -C "error" # Forcing ciphersuite for this test to fit the MTU of 512 with full config. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA @@ -7845,7 +7815,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # # here and below we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -7861,7 +7830,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -7884,7 +7852,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \ # as the server name in the certificate. This will make the # certifiate validation fail, but passing --insecure makes # GnuTLS continue the connection nonetheless. -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -7901,7 +7868,6 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ -s "fragmenting handshake message" # See previous test for the reason to use --insecure -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -7917,7 +7883,6 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ 0 \ -s "fragmenting handshake message" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -7932,7 +7897,6 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ -c "fragmenting handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -7947,7 +7911,6 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.0" \ -c "fragmenting handshake message" \ -C "error" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -7961,7 +7924,6 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 0 \ -s "fragmenting handshake message" -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -7980,7 +7942,6 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.0" \ # again we just want to test that the we fragment in a way that # pleases other implementations, so we don't need the peer to fragment requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -7998,7 +7959,6 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ -C "error" requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -8016,7 +7976,6 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ -C "error" requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8033,7 +7992,6 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ -s "fragmenting handshake message" requires_gnutls_next -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -8055,7 +8013,6 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ ## They should be re-enabled once a fixed version of OpenSSL is available ## (this should happen in some 1.1.1_ release according to the ticket). skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8073,7 +8030,6 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ -C "error" skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 @@ -8091,7 +8047,6 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ -C "error" skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -8110,7 +8065,6 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ # -nbio is added to prevent s_client from blocking in case of duplicated # messages at the end of the handshake skip_next_test -requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1