Merge pull request #4695 from yutotakano/fix-ssl-opt.sh-hard-abort
ssl-opt.sh: Skip tests instead of conditional hard abort
This commit is contained in:
Gilles Peskine
GitHub
commit
78f6f05778
1 changed files with 102 additions and 32 deletions
134
tests/ssl-opt.sh
134
tests/ssl-opt.sh
|
|
@ -242,6 +242,17 @@ requires_config_value_at_most() {
|
|||
fi
|
||||
}
|
||||
|
||||
requires_config_value_equals() {
|
||||
VAL=$( get_config_value_or_default "$1" )
|
||||
if [ -z "$VAL" ]; then
|
||||
# Should never happen
|
||||
echo "Mbed TLS configuration $1 is not defined"
|
||||
exit 1
|
||||
elif [ "$VAL" -ne "$2" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# Space-separated list of ciphersuites supported by this build of
|
||||
# Mbed TLS.
|
||||
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
|
||||
|
|
@ -287,6 +298,12 @@ requires_openssl_with_fallback_scsv() {
|
|||
fi
|
||||
}
|
||||
|
||||
# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
|
||||
requires_max_content_len() {
|
||||
requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
|
||||
requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
|
||||
}
|
||||
|
||||
# skip next test if GnuTLS isn't available
|
||||
requires_gnutls() {
|
||||
if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
|
||||
|
|
@ -366,9 +383,10 @@ requires_not_i686() {
|
|||
|
||||
# Calculate the input & output maximum content lengths set in the config
|
||||
MAX_CONTENT_LEN=16384
|
||||
MAX_IN_LEN=$( ../scripts/config.py get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
||||
MAX_OUT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
|
||||
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
|
||||
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
|
||||
|
||||
# Calculate the maximum content length that fits both
|
||||
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
|
||||
MAX_CONTENT_LEN="$MAX_IN_LEN"
|
||||
fi
|
||||
|
|
@ -2226,8 +2244,12 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation"
|
|||
-c "ignoring unexpected CID" \
|
||||
-s "ignoring unexpected CID"
|
||||
|
||||
# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
|
||||
# tests check that the buffer contents are reallocated when the message is
|
||||
# larger than the buffer.
|
||||
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
requires_max_content_len 513
|
||||
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
|
||||
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
||||
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
|
||||
|
|
@ -2241,6 +2263,7 @@ run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
|
||||
requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
|
||||
requires_max_content_len 1025
|
||||
run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
|
||||
"$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
|
||||
"$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
|
||||
|
|
@ -2748,20 +2771,6 @@ run_test "Session resume using cache, DTLS: openssl server" \
|
|||
|
||||
# Tests for Max Fragment Length extension
|
||||
|
||||
if [ "$MAX_IN_LEN" -lt "4096" ]; then
|
||||
printf '%s defines MBEDTLS_SSL_IN_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$MAX_OUT_LEN" -lt "4096" ]; then
|
||||
printf '%s defines MBEDTLS_SSL_OUT_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $MAX_CONTENT_LEN -ne 16384 ]; then
|
||||
echo "Using non-default maximum content length $MAX_CONTENT_LEN"
|
||||
fi
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: enabled, default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
|
@ -2826,7 +2835,7 @@ run_test "Max fragment length: disabled, larger message" \
|
|||
-s "1 bytes read"
|
||||
|
||||
requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length DTLS: disabled, larger message" \
|
||||
run_test "Max fragment length, DTLS: disabled, larger message" \
|
||||
"$P_SRV debug_level=3 dtls=1" \
|
||||
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
|
||||
1 \
|
||||
|
|
@ -2836,6 +2845,7 @@ run_test "Max fragment length DTLS: disabled, larger message" \
|
|||
-S "Maximum outgoing record payload length is 16384" \
|
||||
-c "fragment larger than.*maximum "
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: used by client" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
|
@ -2850,6 +2860,7 @@ run_test "Max fragment length: used by client" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 1024
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
|
|
@ -2864,6 +2875,7 @@ run_test "Max fragment length: client 512, server 1024" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
|
|
@ -2878,6 +2890,7 @@ run_test "Max fragment length: client 512, server 2048" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 512, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
|
|
@ -2892,6 +2905,7 @@ run_test "Max fragment length: client 512, server 4096" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 1024
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
|
|
@ -2906,6 +2920,7 @@ run_test "Max fragment length: client 1024, server 512" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
|
|
@ -2920,6 +2935,7 @@ run_test "Max fragment length: client 1024, server 2048" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 1024, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
|
|
@ -2934,6 +2950,7 @@ run_test "Max fragment length: client 1024, server 4096" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
|
|
@ -2948,6 +2965,7 @@ run_test "Max fragment length: client 2048, server 512" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
|
|
@ -2962,6 +2980,7 @@ run_test "Max fragment length: client 2048, server 1024" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 2048, server 4096" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
|
|
@ -2976,6 +2995,7 @@ run_test "Max fragment length: client 2048, server 4096" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 512" \
|
||||
"$P_SRV debug_level=3 max_frag_len=512" \
|
||||
|
|
@ -2990,6 +3010,7 @@ run_test "Max fragment length: client 4096, server 512" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 1024" \
|
||||
"$P_SRV debug_level=3 max_frag_len=1024" \
|
||||
|
|
@ -3004,6 +3025,7 @@ run_test "Max fragment length: client 4096, server 1024" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client 4096, server 2048" \
|
||||
"$P_SRV debug_level=3 max_frag_len=2048" \
|
||||
|
|
@ -3018,6 +3040,7 @@ run_test "Max fragment length: client 4096, server 2048" \
|
|||
-s "server hello, max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: used by server" \
|
||||
"$P_SRV debug_level=3 max_frag_len=4096" \
|
||||
|
|
@ -3032,6 +3055,7 @@ run_test "Max fragment length: used by server" \
|
|||
-S "server hello, max_fragment_length extension" \
|
||||
-C "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 4096
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_gnutls
|
||||
run_test "Max fragment length: gnutls server" \
|
||||
|
|
@ -3043,6 +3067,7 @@ run_test "Max fragment length: gnutls server" \
|
|||
-c "client hello, adding max_fragment_length extension" \
|
||||
-c "found max_fragment_length extension"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client, message just fits" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
|
@ -3059,6 +3084,7 @@ run_test "Max fragment length: client, message just fits" \
|
|||
-c "2048 bytes written in 1 fragments" \
|
||||
-s "2048 bytes read"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: client, larger message" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
|
@ -3076,6 +3102,7 @@ run_test "Max fragment length: client, larger message" \
|
|||
-s "2048 bytes read" \
|
||||
-s "297 bytes read"
|
||||
|
||||
requires_max_content_len 2048
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
run_test "Max fragment length: DTLS client, larger message" \
|
||||
"$P_SRV debug_level=3 dtls=1" \
|
||||
|
|
@ -3187,6 +3214,7 @@ run_test "Renegotiation: double" \
|
|||
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "Renegotiation with max fragment length: client 2048, server 512" \
|
||||
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
|
||||
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
||||
|
|
@ -3871,24 +3899,17 @@ run_test "Authentication: client no cert, openssl server required" \
|
|||
-c "skip write certificate verify" \
|
||||
-c "! mbedtls_ssl_handshake returned"
|
||||
|
||||
# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
|
||||
# default value (8)
|
||||
# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default
|
||||
# value, defined here as MAX_IM_CA. Some test cases will be skipped if the
|
||||
# library is configured with a different value.
|
||||
|
||||
MAX_IM_CA='8'
|
||||
MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
|
||||
|
||||
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
|
||||
cat <<EOF
|
||||
${CONFIG_H} contains a value for the configuration of
|
||||
MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
|
||||
test value of ${MAX_IM_CA}.
|
||||
|
||||
The tests assume this value and if it changes, the tests in this
|
||||
script should also be adjusted.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# The tests for the max_int tests can pass with any number higher than MAX_IM_CA
|
||||
# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1
|
||||
# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions
|
||||
# are in place so that the semantics are consistent with the test description.
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||
|
|
@ -3897,6 +3918,7 @@ run_test "Authentication: server max_int chain, client default" \
|
|||
0 \
|
||||
-C "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
|
@ -3905,6 +3927,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
|
|||
1 \
|
||||
-c "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client optional" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
|
@ -3914,6 +3937,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
|
|||
1 \
|
||||
-c "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: server max_int+1 chain, client none" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
|
|
@ -3923,6 +3947,7 @@ run_test "Authentication: server max_int+1 chain, client none" \
|
|||
0 \
|
||||
-C "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server default" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
|
||||
|
|
@ -3931,6 +3956,7 @@ run_test "Authentication: client max_int+1 chain, server default" \
|
|||
0 \
|
||||
-S "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server optional" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
|
||||
|
|
@ -3939,6 +3965,7 @@ run_test "Authentication: client max_int+1 chain, server optional" \
|
|||
1 \
|
||||
-s "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int+1 chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
|
|
@ -3947,6 +3974,7 @@ run_test "Authentication: client max_int+1 chain, server required" \
|
|||
1 \
|
||||
-s "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
run_test "Authentication: client max_int chain, server required" \
|
||||
"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
|
||||
|
|
@ -4124,6 +4152,7 @@ run_test "Authentication, CA callback: client badcert, server optional" \
|
|||
-C "! mbedtls_ssl_handshake returned" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: server max_int chain, client default" \
|
||||
|
|
@ -4134,6 +4163,7 @@ run_test "Authentication, CA callback: server max_int chain, client default"
|
|||
-c "use CA callback for X.509 CRT verification" \
|
||||
-C "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
|
||||
|
|
@ -4144,6 +4174,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
|
|||
-c "use CA callback for X.509 CRT verification" \
|
||||
-c "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
|
||||
|
|
@ -4155,6 +4186,7 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
|
|||
-c "use CA callback for X.509 CRT verification" \
|
||||
-c "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
|
||||
|
|
@ -4165,6 +4197,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
|
|||
-s "use CA callback for X.509 CRT verification" \
|
||||
-s "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
|
||||
|
|
@ -4175,6 +4208,7 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
|
|||
-s "use CA callback for X.509 CRT verification" \
|
||||
-s "X509 - A fatal error occurred"
|
||||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
run_test "Authentication, CA callback: client max_int chain, server required" \
|
||||
|
|
@ -5724,6 +5758,7 @@ run_test "Large client packet TLS 1.2 AEAD shorter tag" \
|
|||
-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
|
||||
-s "Read from client: $MAX_CONTENT_LEN bytes read"
|
||||
|
||||
# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
|
||||
run_test "Large server packet TLS 1.2 BlockCipher" \
|
||||
"$P_SRV response_size=16384" \
|
||||
"$P_CLI force_version=tls1_2 \
|
||||
|
|
@ -6546,6 +6581,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 4096
|
||||
run_test "DTLS fragmenting: none (for reference)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6566,6 +6602,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: server only (max_frag_len)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6590,6 +6627,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 4096
|
||||
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6610,6 +6648,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6637,6 +6676,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
|
||||
-p "$P_PXY mtu=1110" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
|
||||
|
|
@ -6658,6 +6698,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6685,6 +6726,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
|
||||
-p "$P_PXY mtu=1110" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6705,6 +6747,7 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU"
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 4096
|
||||
run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6724,6 +6767,7 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 4096
|
||||
run_test "DTLS fragmenting: client (MTU)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6743,6 +6787,7 @@ run_test "DTLS fragmenting: client (MTU)" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: server (MTU)" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -6762,6 +6807,7 @@ run_test "DTLS fragmenting: server (MTU)" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: both (MTU=1024)" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6787,6 +6833,7 @@ requires_config_enabled MBEDTLS_SHA256_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: both (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6818,6 +6865,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
|
||||
-p "$P_PXY mtu=508" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6842,6 +6890,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
|
||||
-p "$P_PXY mtu=508" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6865,6 +6914,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6894,6 +6944,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6917,6 +6968,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6943,6 +6995,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -6979,6 +7032,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
||||
-p "$P_PXY mtu=1450" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7008,6 +7062,7 @@ requires_config_enabled MBEDTLS_SHA256_C
|
|||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7040,6 +7095,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7072,6 +7128,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7105,6 +7162,7 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
|||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7137,6 +7195,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7166,6 +7225,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
client_needs_more_time 2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU + 3d" \
|
||||
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7190,6 +7250,7 @@ requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
|||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
client_needs_more_time 2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
|
||||
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
|
||||
|
|
@ -7215,6 +7276,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
|||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_gnutls
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
|
||||
"$G_SRV -u" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
|
|
@ -7238,6 +7300,7 @@ requires_config_enabled MBEDTLS_ECDSA_C
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_gnutls
|
||||
requires_not_i686
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -7251,6 +7314,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
|
||||
"$O_SRV -dtls1_2 -verify 10" \
|
||||
"$P_CLI dtls=1 debug_level=2 \
|
||||
|
|
@ -7265,6 +7329,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
crt_file=data_files/server7_int-ca.crt \
|
||||
|
|
@ -7284,6 +7349,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
|||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$G_NEXT_SRV -u" \
|
||||
|
|
@ -7301,6 +7367,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
|||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
|
|
@ -7322,6 +7389,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
|||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$O_SRV -dtls1_2 -verify 10" \
|
||||
|
|
@ -7339,6 +7407,7 @@ requires_config_enabled MBEDTLS_RSA_C
|
|||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
client_needs_more_time 4
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
|
||||
-p "$P_PXY drop=8 delay=8 duplicate=8" \
|
||||
"$P_SRV dtls=1 debug_level=2 \
|
||||
|
|
@ -8413,6 +8482,7 @@ run_test "export keys functionality" \
|
|||
requires_config_enabled MBEDTLS_MEMORY_DEBUG
|
||||
requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
|
||||
requires_max_content_len 16384
|
||||
run_tests_memory_after_hanshake
|
||||
|
||||
# Final report
|
||||
|
|
|
|||
Loading…
Reference in a new issue