mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-01 22:14:24 +01:00
Add tests for keyUsage with client auth
This commit is contained in:
parent
490047cc44
commit
a9db85df73
@ -2724,7 +2724,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||||||
if( pk_can_do( pk, POLARSSL_PK_ECKEY ) &&
|
if( pk_can_do( pk, POLARSSL_PK_ECKEY ) &&
|
||||||
! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) )
|
! ssl_curve_is_acceptable( ssl, pk_ec( *pk )->grp.id ) )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server certificate (EC key curve)" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) );
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||||
}
|
}
|
||||||
@ -2735,7 +2735,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||||||
ciphersuite_info,
|
ciphersuite_info,
|
||||||
! ssl->endpoint ) != 0 )
|
! ssl->endpoint ) != 0 )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "bad server certificate (usage ext.)" ) );
|
SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) );
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
ret = POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE;
|
||||||
}
|
}
|
||||||
|
@ -1031,16 +1031,7 @@ run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
|
|||||||
-C "Ciphersuite is "
|
-C "Ciphersuite is "
|
||||||
|
|
||||||
# Tests for keyUsage in leaf certificates, part 2:
|
# Tests for keyUsage in leaf certificates, part 2:
|
||||||
# client-side checks
|
# client-side checking of server cert
|
||||||
|
|
||||||
run_test "keyUsage cli #0 (reference, no extension)" \
|
|
||||||
"$O_SRV -key data_files/server2.key \
|
|
||||||
-cert data_files/server2.crt" \
|
|
||||||
"$P_CLI debug_level=2" \
|
|
||||||
0 \
|
|
||||||
-C "bad server certificate (usage ext.)" \
|
|
||||||
-C "Processing of the Certificate handshake message failed" \
|
|
||||||
-c "Ciphersuite is TLS-"
|
|
||||||
|
|
||||||
run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
|
run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
|
||||||
"$O_SRV -key data_files/server2.key \
|
"$O_SRV -key data_files/server2.key \
|
||||||
@ -1048,7 +1039,7 @@ run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-C "bad server certificate (usage ext.)" \
|
-C "bad certificate (usage extensions)" \
|
||||||
-C "Processing of the Certificate handshake message failed" \
|
-C "Processing of the Certificate handshake message failed" \
|
||||||
-c "Ciphersuite is TLS-"
|
-c "Ciphersuite is TLS-"
|
||||||
|
|
||||||
@ -1058,7 +1049,7 @@ run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-C "bad server certificate (usage ext.)" \
|
-C "bad certificate (usage extensions)" \
|
||||||
-C "Processing of the Certificate handshake message failed" \
|
-C "Processing of the Certificate handshake message failed" \
|
||||||
-c "Ciphersuite is TLS-"
|
-c "Ciphersuite is TLS-"
|
||||||
|
|
||||||
@ -1068,7 +1059,7 @@ run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-C "bad server certificate (usage ext.)" \
|
-C "bad certificate (usage extensions)" \
|
||||||
-C "Processing of the Certificate handshake message failed" \
|
-C "Processing of the Certificate handshake message failed" \
|
||||||
-c "Ciphersuite is TLS-"
|
-c "Ciphersuite is TLS-"
|
||||||
|
|
||||||
@ -1078,7 +1069,7 @@ run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
1 \
|
1 \
|
||||||
-c "bad server certificate (usage ext.)" \
|
-c "bad certificate (usage extensions)" \
|
||||||
-c "Processing of the Certificate handshake message failed" \
|
-c "Processing of the Certificate handshake message failed" \
|
||||||
-C "Ciphersuite is TLS-"
|
-C "Ciphersuite is TLS-"
|
||||||
|
|
||||||
@ -1088,7 +1079,7 @@ run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
0 \
|
0 \
|
||||||
-C "bad server certificate (usage ext.)" \
|
-C "bad certificate (usage extensions)" \
|
||||||
-C "Processing of the Certificate handshake message failed" \
|
-C "Processing of the Certificate handshake message failed" \
|
||||||
-c "Ciphersuite is TLS-"
|
-c "Ciphersuite is TLS-"
|
||||||
|
|
||||||
@ -1098,10 +1089,53 @@ run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
|
|||||||
"$P_CLI debug_level=2 \
|
"$P_CLI debug_level=2 \
|
||||||
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
1 \
|
1 \
|
||||||
-c "bad server certificate (usage ext.)" \
|
-c "bad certificate (usage extensions)" \
|
||||||
-c "Processing of the Certificate handshake message failed" \
|
-c "Processing of the Certificate handshake message failed" \
|
||||||
-C "Ciphersuite is TLS-"
|
-C "Ciphersuite is TLS-"
|
||||||
|
|
||||||
|
# Tests for keyUsage in leaf certificates, part 3:
|
||||||
|
# server-side checking of client cert
|
||||||
|
|
||||||
|
run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
|
||||||
|
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||||
|
"$O_CLI -key data_files/server2.key \
|
||||||
|
-cert data_files/server2.ku-ds.crt" \
|
||||||
|
0 \
|
||||||
|
-S "bad certificate (usage extensions)" \
|
||||||
|
-S "Processing of the Certificate handshake message failed"
|
||||||
|
|
||||||
|
run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
|
||||||
|
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||||
|
"$O_CLI -key data_files/server2.key \
|
||||||
|
-cert data_files/server2.ku-ke.crt" \
|
||||||
|
0 \
|
||||||
|
-s "bad certificate (usage extensions)" \
|
||||||
|
-S "Processing of the Certificate handshake message failed"
|
||||||
|
|
||||||
|
run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
|
||||||
|
"$P_SRV debug_level=2 auth_mode=required" \
|
||||||
|
"$O_CLI -key data_files/server2.key \
|
||||||
|
-cert data_files/server2.ku-ke.crt" \
|
||||||
|
1 \
|
||||||
|
-s "bad certificate (usage extensions)" \
|
||||||
|
-s "Processing of the Certificate handshake message failed"
|
||||||
|
|
||||||
|
run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
|
||||||
|
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||||
|
"$O_CLI -key data_files/server5.key \
|
||||||
|
-cert data_files/server5.ku-ds.crt" \
|
||||||
|
0 \
|
||||||
|
-S "bad certificate (usage extensions)" \
|
||||||
|
-S "Processing of the Certificate handshake message failed"
|
||||||
|
|
||||||
|
run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
|
||||||
|
"$P_SRV debug_level=2 auth_mode=optional" \
|
||||||
|
"$O_CLI -key data_files/server5.key \
|
||||||
|
-cert data_files/server5.ku-ka.crt" \
|
||||||
|
0 \
|
||||||
|
-s "bad certificate (usage extensions)" \
|
||||||
|
-S "Processing of the Certificate handshake message failed"
|
||||||
|
|
||||||
# Final report
|
# Final report
|
||||||
|
|
||||||
echo "------------------------------------------------------------------------"
|
echo "------------------------------------------------------------------------"
|
||||||
|
Loading…
Reference in New Issue
Block a user