yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 03:05:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for keyUsage with client auth

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-04-09 14:53:05 +02:00 committed by Paul Bakker
parent 490047cc44
commit a9db85df73
2 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/ssl_tls.c
View File

@ -2724,7 +2724,7 @@ int ssl_parse_certificate( ssl_context *ssl )
if( pk_can_do( pk, POLARSSL_PK_ECKEY ) &&
! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) )
{
SSL_DEBUG_MSG( 1, ( "bad server certificate (EC key curve)" ) );
SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
if( ret == 0 )
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
}
@ -2735,7 +2735,7 @@ int ssl_parse_certificate( ssl_context *ssl )
ciphersuite_info,
! ssl->endpoint ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad server certificate (usage ext.)" ) );
SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
if( ret == 0 )
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
}

66
tests/ssl-opt.sh
View File

@ -1031,16 +1031,7 @@ run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
-C "Ciphersuite is "
# Tests for keyUsage in leaf certificates, part 2:
# client-side checks
run_test "keyUsage cli #0 (reference, no extension)" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.crt" \
"$P_CLI debug_level=2" \
0 \
-C "bad server certificate (usage ext.)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
# client-side checking of server cert
run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
"$O_SRV -key data_files/server2.key \
@ -1048,7 +1039,7 @@ run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad server certificate (usage ext.)" \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
@ -1058,7 +1049,7 @@ run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad server certificate (usage ext.)" \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
@ -1068,7 +1059,7 @@ run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad server certificate (usage ext.)" \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
@ -1078,7 +1069,7 @@ run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad server certificate (usage ext.)" \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
@ -1088,7 +1079,7 @@ run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-C "bad server certificate (usage ext.)" \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
@ -1098,10 +1089,53 @@ run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
"$P_CLI debug_level=2 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \
-c "bad server certificate (usage ext.)" \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
"$P_SRV debug_level=2 auth_mode=required" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
# Final report
echo "------------------------------------------------------------------------"