Add tests for the CA suppression option

This commit is contained in:
Janos Follath 2017-04-10 14:34:35 +01:00 committed by Simon Butcher
parent 4817e27d4d
commit 89baba2375

View File

@ -1804,6 +1804,23 @@ run_test "Authentication: client badcert, server required" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
key_file=data_files/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
-c "got a certificate request" \
-C "skip write certificate" \
-C "skip write certificate verify" \
-S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \
-s "! The certificate is not correctly signed by the trusted CA" \
-s "! mbedtls_ssl_handshake returned" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
run_test "Authentication: client badcert, server optional" \ run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \ "$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@ -1893,6 +1910,34 @@ run_test "Authentication: client no cert, ssl3" \
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed" -S "X509 - Certificate verification failed"
# Tests for CA list in CertificateRequest messages
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI crt_file=data_files/server6.crt \
key_file=data_files/server6.key" \
0 \
-s "requested DN"
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI crt_file=data_files/server6.crt \
key_file=data_files/server6.key" \
0 \
-S "requested DN"
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
key_file=data_files/server5.key" \
1 \
-S "requested DN" \
-s "x509_verify_cert() returned" \
-s "! The certificate is not correctly signed by the trusted CA" \
-s "! mbedtls_ssl_handshake returned" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
# Tests for certificate selection based on SHA verson # Tests for certificate selection based on SHA verson
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \