From da782c945898dc428a6791d1732863f683b49060 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Fri, 21 Feb 2014 10:10:20 +0100
Subject: [PATCH] compat.sh: better certificate verification testing

---
 tests/compat.sh | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index 8b5dd6bd6..3c3db2744 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -403,16 +403,20 @@ setup_arguments()
     esac
 
     P_SERVER_ARGS="server_addr=0.0.0.0 force_version=$MODE"
-    P_CLIENT_ARGS="server_name=0.0.0.0 force_version=$MODE"
+    P_CLIENT_ARGS="server_name=localhost force_version=$MODE"
     O_SERVER_ARGS="-www -quiet -cipher NULL,ALL -$MODE"
     O_CLIENT_ARGS="-$MODE"
 
     if [ "X$VERIFY" = "XYES" ];
     then
         P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
-        P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt"
+        P_CLIENT_ARGS="$P_CLIENT_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
         O_SERVER_ARGS="$O_SERVER_ARGS -CAfile data_files/test-ca_cat12.crt -Verify 10"
-        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt"
+        O_CLIENT_ARGS="$O_CLIENT_ARGS -CAfile data_files/test-ca_cat12.crt -verify 10"
+    else
+        # ssl_server2 defaults to optional, but we want to test handshakes
+        # that don't exchange client certificate at all too
+        P_SERVER_ARGS="$P_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=none"
     fi
 
     case $TYPE in
@@ -424,10 +428,10 @@ setup_arguments()
             ;;
 
         "RSA")
-            P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
-            P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
-            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key"
-            O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key"
+            P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key"
+            P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key"
+            O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server2.crt -key data_files/server2.key"
+            O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server1.crt -key data_files/server1.key"
             ;;
 
         "PSK")