Normalize names in ssl-opt.sh

No numbering: does not add value, and painful to maintain, esp. with branches
This commit is contained in:
Manuel Pégourié-Gonnard 2014-08-30 21:42:40 +02:00
parent 51362961b8
commit 8e03c71b23

View file

@ -371,7 +371,7 @@ run_test "Default" \
# Test for SSLv2 ClientHello
requires_openssl_with_sslv2
run_test "SSLv2 ClientHello #0 (reference)" \
run_test "SSLv2 ClientHello: reference" \
"$P_SRV debug_level=3" \
"$O_CLI -no_ssl2" \
0 \
@ -380,7 +380,7 @@ run_test "SSLv2 ClientHello #0 (reference)" \
# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
requires_openssl_with_sslv2
run_test "SSLv2 ClientHello #1 (actual test)" \
run_test "SSLv2 ClientHello: actual test" \
"$P_SRV debug_level=3" \
"$O_CLI -cipher 'DES-CBC-MD5:ALL'" \
0 \
@ -389,13 +389,13 @@ run_test "SSLv2 ClientHello #1 (actual test)" \
# Tests for Truncated HMAC extension
run_test "Truncated HMAC #0" \
run_test "Truncated HMAC: reference" \
"$P_SRV debug_level=5" \
"$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
-s "dumping 'computed mac' (20 bytes)"
run_test "Truncated HMAC #1" \
run_test "Truncated HMAC: actual test" \
"$P_SRV debug_level=5" \
"$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@ -403,7 +403,7 @@ run_test "Truncated HMAC #1" \
# Tests for Session Tickets
run_test "Session resume using tickets #1 (basic)" \
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=4 tickets=1" \
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
0 \
@ -417,7 +417,7 @@ run_test "Session resume using tickets #1 (basic)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets #2 (cache disabled)" \
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=4 tickets=1 cache_max=0" \
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
0 \
@ -431,7 +431,7 @@ run_test "Session resume using tickets #2 (cache disabled)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using tickets #3 (timeout)" \
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
0 \
@ -445,7 +445,7 @@ run_test "Session resume using tickets #3 (timeout)" \
-S "a session has been resumed" \
-C "a session has been resumed"
run_test "Session resume using tickets #4 (openssl server)" \
run_test "Session resume using tickets: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
0 \
@ -454,7 +454,7 @@ run_test "Session resume using tickets #4 (openssl server)" \
-c "parse new session ticket" \
-c "a session has been resumed"
run_test "Session resume using tickets #5 (openssl client)" \
run_test "Session resume using tickets: openssl client" \
"$P_SRV debug_level=4 tickets=1" \
"( $O_CLI -sess_out $SESSION; \
$O_CLI -sess_in $SESSION; \
@ -468,7 +468,7 @@ run_test "Session resume using tickets #5 (openssl client)" \
# Tests for Session Resume based on session-ID and cache
run_test "Session resume using cache #1 (tickets enabled on client)" \
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=4 tickets=0" \
"$P_CLI debug_level=4 tickets=1 reconnect=1" \
0 \
@ -482,7 +482,7 @@ run_test "Session resume using cache #1 (tickets enabled on client)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache #2 (tickets enabled on server)" \
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=4 tickets=1" \
"$P_CLI debug_level=4 tickets=0 reconnect=1" \
0 \
@ -496,7 +496,7 @@ run_test "Session resume using cache #2 (tickets enabled on server)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache #3 (cache_max=0)" \
run_test "Session resume using cache: cache_max=0" \
"$P_SRV debug_level=4 tickets=0 cache_max=0" \
"$P_CLI debug_level=4 tickets=0 reconnect=1" \
0 \
@ -505,7 +505,7 @@ run_test "Session resume using cache #3 (cache_max=0)" \
-S "a session has been resumed" \
-C "a session has been resumed"
run_test "Session resume using cache #4 (cache_max=1)" \
run_test "Session resume using cache: cache_max=1" \
"$P_SRV debug_level=4 tickets=0 cache_max=1" \
"$P_CLI debug_level=4 tickets=0 reconnect=1" \
0 \
@ -514,7 +514,7 @@ run_test "Session resume using cache #4 (cache_max=1)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache #5 (timemout > delay)" \
run_test "Session resume using cache: timemout > delay" \
"$P_SRV debug_level=4 tickets=0" \
"$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
0 \
@ -523,7 +523,7 @@ run_test "Session resume using cache #5 (timemout > delay)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache #6 (timeout < delay)" \
run_test "Session resume using cache: timeout < delay" \
"$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
"$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
0 \
@ -532,7 +532,7 @@ run_test "Session resume using cache #6 (timeout < delay)" \
-S "a session has been resumed" \
-C "a session has been resumed"
run_test "Session resume using cache #7 (no timeout)" \
run_test "Session resume using cache: no timeout" \
"$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
"$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
0 \
@ -541,7 +541,7 @@ run_test "Session resume using cache #7 (no timeout)" \
-s "a session has been resumed" \
-c "a session has been resumed"
run_test "Session resume using cache #8 (openssl client)" \
run_test "Session resume using cache: openssl client" \
"$P_SRV debug_level=4 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
$O_CLI -sess_in $SESSION; \
@ -553,7 +553,7 @@ run_test "Session resume using cache #8 (openssl client)" \
-S "session successfully restored from ticket" \
-s "a session has been resumed"
run_test "Session resume using cache #9 (openssl server)" \
run_test "Session resume using cache: openssl server" \
"$O_SRV" \
"$P_CLI debug_level=4 tickets=0 reconnect=1" \
0 \
@ -563,7 +563,7 @@ run_test "Session resume using cache #9 (openssl server)" \
# Tests for Max Fragment Length extension
run_test "Max fragment length #1" \
run_test "Max fragment length: not used, reference" \
"$P_SRV debug_level=4" \
"$P_CLI debug_level=4" \
0 \
@ -572,7 +572,7 @@ run_test "Max fragment length #1" \
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
run_test "Max fragment length #2" \
run_test "Max fragment length: used by client" \
"$P_SRV debug_level=4" \
"$P_CLI debug_level=4 max_frag_len=4096" \
0 \
@ -581,7 +581,7 @@ run_test "Max fragment length #2" \
-s "server hello, max_fragment_length extension" \
-c "found max_fragment_length extension"
run_test "Max fragment length #3" \
run_test "Max fragment length: used by server" \
"$P_SRV debug_level=4 max_frag_len=4096" \
"$P_CLI debug_level=4" \
0 \
@ -590,7 +590,8 @@ run_test "Max fragment length #3" \
-S "server hello, max_fragment_length extension" \
-C "found max_fragment_length extension"
run_test "Max fragment length #4 (GnuTLS server)" \
requires_gnutls
run_test "Max fragment length: gnutls server" \
"$G_SRV" \
"$P_CLI debug_level=4 max_frag_len=4096" \
0 \
@ -599,7 +600,7 @@ run_test "Max fragment length #4 (GnuTLS server)" \
# Tests for renegotiation
run_test "Renegotiation #0 (none)" \
run_test "Renegotiation: none, for reference" \
"$P_SRV debug_level=4 exchanges=2" \
"$P_CLI debug_level=4 exchanges=2" \
0 \
@ -612,7 +613,7 @@ run_test "Renegotiation #0 (none)" \
-S "=> renegotiate" \
-S "write hello request"
run_test "Renegotiation #1 (enabled, client-initiated)" \
run_test "Renegotiation: client-initiated" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
0 \
@ -625,7 +626,7 @@ run_test "Renegotiation #1 (enabled, client-initiated)" \
-s "=> renegotiate" \
-S "write hello request"
run_test "Renegotiation #2 (enabled, server-initiated)" \
run_test "Renegotiation: server-initiated" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
0 \
@ -638,7 +639,7 @@ run_test "Renegotiation #2 (enabled, server-initiated)" \
-s "=> renegotiate" \
-s "write hello request"
run_test "Renegotiation #3 (enabled, double)" \
run_test "Renegotiation: double" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
0 \
@ -651,7 +652,7 @@ run_test "Renegotiation #3 (enabled, double)" \
-s "=> renegotiate" \
-s "write hello request"
run_test "Renegotiation #4 (client-initiated, server-rejected)" \
run_test "Renegotiation: client-initiated, server-rejected" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=0" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
1 \
@ -666,7 +667,7 @@ run_test "Renegotiation #4 (client-initiated, server-rejected)" \
-c "SSL - Unexpected message at ServerHello in renegotiation" \
-c "failed"
run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
run_test "Renegotiation: server-initiated, client-rejected, default" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
0 \
@ -681,7 +682,7 @@ run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \
run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=-1" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
@ -698,7 +699,7 @@ run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)"
-S "failed"
# delay 2 for 1 alert record + 1 application data record
run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \
run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=2" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
@ -714,7 +715,7 @@ run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
@ -729,7 +730,7 @@ run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
-s "write hello request" \
-s "SSL - An unexpected message was received from our peer"
run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
"$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
renego_delay=0" \
"$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
@ -745,7 +746,7 @@ run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
-S "SSL - An unexpected message was received from our peer" \
-S "failed"
run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
run_test "Renegotiation: nbio, client-initiated" \
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
0 \
@ -758,7 +759,7 @@ run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
-s "=> renegotiate" \
-S "write hello request"
run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
run_test "Renegotiation: nbio, server-initiated" \
"$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
"$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
0 \
@ -771,7 +772,7 @@ run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
-s "=> renegotiate" \
-s "write hello request"
run_test "Renegotiation #12 (openssl server)" \
run_test "Renegotiation: openssl server, client-initiated" \
"$O_SRV" \
"$P_CLI debug_level=4 exchanges=1 renegotiation=1 renegotiate=1" \
0 \
@ -782,7 +783,7 @@ run_test "Renegotiation #12 (openssl server)" \
-C "error" \
-c "HTTP/1.0 200 [Oo][Kk]"
run_test "Renegotiation #13 (gnutls server)" \
run_test "Renegotiation: gnutls server, client-initiated" \
"$G_SRV" \
"$P_CLI debug_level=4 exchanges=1 renegotiation=1 renegotiate=1" \
0 \
@ -795,7 +796,7 @@ run_test "Renegotiation #13 (gnutls server)" \
# Tests for auth_mode
run_test "Authentication #1 (server badcert, client required)" \
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI debug_level=2 auth_mode=required" \
@ -805,7 +806,7 @@ run_test "Authentication #1 (server badcert, client required)" \
-c "! ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication #2 (server badcert, client optional)" \
run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI debug_level=2 auth_mode=optional" \
@ -815,7 +816,7 @@ run_test "Authentication #2 (server badcert, client optional)" \
-C "! ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication #3 (server badcert, client none)" \
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI debug_level=2 auth_mode=none" \
@ -825,7 +826,7 @@ run_test "Authentication #3 (server badcert, client none)" \
-C "! ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication #4 (client badcert, server required)" \
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=4 auth_mode=required" \
"$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@ -842,7 +843,7 @@ run_test "Authentication #4 (client badcert, server required)" \
-c "! ssl_handshake returned" \
-s "X509 - Certificate verification failed"
run_test "Authentication #5 (client badcert, server optional)" \
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=4 auth_mode=optional" \
"$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@ -859,7 +860,7 @@ run_test "Authentication #5 (client badcert, server optional)" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
run_test "Authentication #6 (client badcert, server none)" \
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=4 auth_mode=none" \
"$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
@ -876,7 +877,7 @@ run_test "Authentication #6 (client badcert, server none)" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
run_test "Authentication #7 (client no cert, server optional)" \
run_test "Authentication: client no cert, server optional" \
"$P_SRV debug_level=4 auth_mode=optional" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
0 \
@ -893,7 +894,7 @@ run_test "Authentication #7 (client no cert, server optional)" \
-C "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
run_test "Authentication #8 (openssl client no cert, server optional)" \
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=4 auth_mode=optional" \
"$O_CLI" \
0 \
@ -903,7 +904,7 @@ run_test "Authentication #8 (openssl client no cert, server optional)" \
-S "! ssl_handshake returned" \
-S "X509 - Certificate verification failed"
run_test "Authentication #9 (client no cert, openssl server optional)" \
run_test "Authentication: client no cert, openssl server optional" \
"$O_SRV -verify 10" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
0 \
@ -913,7 +914,7 @@ run_test "Authentication #9 (client no cert, openssl server optional)" \
-c "skip write certificate verify" \
-C "! ssl_handshake returned"
run_test "Authentication #10 (client no cert, ssl3)" \
run_test "Authentication: client no cert, ssl3" \
"$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
0 \
@ -932,7 +933,7 @@ run_test "Authentication #10 (client no cert, ssl3)" \
# tests for SNI
run_test "SNI #0 (no SNI callback)" \
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
"$P_CLI debug_level=0 server_addr=127.0.0.1 \
@ -942,7 +943,7 @@ run_test "SNI #0 (no SNI callback)" \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
run_test "SNI #1 (matching cert 1)" \
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
@ -953,7 +954,7 @@ run_test "SNI #1 (matching cert 1)" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
run_test "SNI #2 (matching cert 2)" \
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
@ -964,7 +965,7 @@ run_test "SNI #2 (matching cert 2)" \
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
run_test "SNI #3 (no matching cert)" \
run_test "SNI: no matching cert" \
"$P_SRV debug_level=4 server_addr=127.0.0.1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
@ -979,7 +980,7 @@ run_test "SNI #3 (no matching cert)" \
# Tests for non-blocking I/O: exercise a variety of handshake flows
run_test "Non-blocking I/O #1 (basic handshake)" \
run_test "Non-blocking I/O: basic handshake" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0" \
0 \
@ -987,7 +988,7 @@ run_test "Non-blocking I/O #1 (basic handshake)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #2 (client auth)" \
run_test "Non-blocking I/O: client auth" \
"$P_SRV nbio=2 tickets=0 auth_mode=required" \
"$P_CLI nbio=2 tickets=0" \
0 \
@ -995,7 +996,7 @@ run_test "Non-blocking I/O #2 (client auth)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #3 (ticket)" \
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1" \
0 \
@ -1003,7 +1004,7 @@ run_test "Non-blocking I/O #3 (ticket)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #4 (ticket + client auth)" \
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1" \
0 \
@ -1011,7 +1012,7 @@ run_test "Non-blocking I/O #4 (ticket + client auth)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \
run_test "Non-blocking I/O: ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
0 \
@ -1019,7 +1020,7 @@ run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #6 (ticket + resume)" \
run_test "Non-blocking I/O: ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
0 \
@ -1027,7 +1028,7 @@ run_test "Non-blocking I/O #6 (ticket + resume)" \
-C "ssl_handshake returned" \
-c "Read from server: .* bytes read"
run_test "Non-blocking I/O #7 (session-id resume)" \
run_test "Non-blocking I/O: session-id resume" \
"$P_SRV nbio=2 tickets=0 auth_mode=none" \
"$P_CLI nbio=2 tickets=0 reconnect=1" \
0 \
@ -1037,7 +1038,7 @@ run_test "Non-blocking I/O #7 (session-id resume)" \
# Tests for version negotiation
run_test "Version check #1 (all -> 1.2)" \
run_test "Version check: all -> 1.2" \
"$P_SRV" \
"$P_CLI" \
0 \
@ -1046,7 +1047,7 @@ run_test "Version check #1 (all -> 1.2)" \
-s "Protocol is TLSv1.2" \
-c "Protocol is TLSv1.2"
run_test "Version check #2 (cli max 1.1 -> 1.1)" \
run_test "Version check: cli max 1.1 -> 1.1" \
"$P_SRV" \
"$P_CLI max_version=tls1_1" \
0 \
@ -1055,7 +1056,7 @@ run_test "Version check #2 (cli max 1.1 -> 1.1)" \
-s "Protocol is TLSv1.1" \
-c "Protocol is TLSv1.1"
run_test "Version check #3 (srv max 1.1 -> 1.1)" \
run_test "Version check: srv max 1.1 -> 1.1" \
"$P_SRV max_version=tls1_1" \
"$P_CLI" \
0 \
@ -1064,7 +1065,7 @@ run_test "Version check #3 (srv max 1.1 -> 1.1)" \
-s "Protocol is TLSv1.1" \
-c "Protocol is TLSv1.1"
run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \
run_test "Version check: cli+srv max 1.1 -> 1.1" \
"$P_SRV max_version=tls1_1" \
"$P_CLI max_version=tls1_1" \
0 \
@ -1073,7 +1074,7 @@ run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \
-s "Protocol is TLSv1.1" \
-c "Protocol is TLSv1.1"
run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \
run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
"$P_SRV min_version=tls1_1" \
"$P_CLI max_version=tls1_1" \
0 \
@ -1082,7 +1083,7 @@ run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \
-s "Protocol is TLSv1.1" \
-c "Protocol is TLSv1.1"
run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \
run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
"$P_SRV max_version=tls1_1" \
"$P_CLI min_version=tls1_1" \
0 \
@ -1091,7 +1092,7 @@ run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \
-s "Protocol is TLSv1.1" \
-c "Protocol is TLSv1.1"
run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \
run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
"$P_SRV max_version=tls1_1" \
"$P_CLI min_version=tls1_2" \
1 \
@ -1099,7 +1100,7 @@ run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \
-c "ssl_handshake returned" \
-c "SSL - Handshake protocol not within min/max boundaries"
run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \
run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
"$P_SRV min_version=tls1_2" \
"$P_CLI max_version=tls1_1" \
1 \
@ -1111,7 +1112,7 @@ run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \
if grep '^#define POLARSSL_SSL_ALPN' $CONFIG_H >/dev/null; then
run_test "ALPN #0 (none)" \
run_test "ALPN: none" \
"$P_SRV debug_level=4" \
"$P_CLI debug_level=4" \
0 \
@ -1123,7 +1124,7 @@ run_test "ALPN #0 (none)" \
-C "Application Layer Protocol is" \
-S "Application Layer Protocol is"
run_test "ALPN #1 (client only)" \
run_test "ALPN: client only" \
"$P_SRV debug_level=4" \
"$P_CLI debug_level=4 alpn=abc,1234" \
0 \
@ -1135,7 +1136,7 @@ run_test "ALPN #1 (client only)" \
-c "Application Layer Protocol is (none)" \
-S "Application Layer Protocol is"
run_test "ALPN #2 (server only)" \
run_test "ALPN: server only" \
"$P_SRV debug_level=4 alpn=abc,1234" \
"$P_CLI debug_level=4" \
0 \
@ -1147,7 +1148,7 @@ run_test "ALPN #2 (server only)" \
-C "Application Layer Protocol is" \
-s "Application Layer Protocol is (none)"
run_test "ALPN #3 (both, common cli1-srv1)" \
run_test "ALPN: both, common cli1-srv1" \
"$P_SRV debug_level=4 alpn=abc,1234" \
"$P_CLI debug_level=4 alpn=abc,1234" \
0 \
@ -1159,7 +1160,7 @@ run_test "ALPN #3 (both, common cli1-srv1)" \
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
run_test "ALPN #4 (both, common cli2-srv1)" \
run_test "ALPN: both, common cli2-srv1" \
"$P_SRV debug_level=4 alpn=abc,1234" \
"$P_CLI debug_level=4 alpn=1234,abc" \
0 \
@ -1171,7 +1172,7 @@ run_test "ALPN #4 (both, common cli2-srv1)" \
-c "Application Layer Protocol is abc" \
-s "Application Layer Protocol is abc"
run_test "ALPN #5 (both, common cli1-srv2)" \
run_test "ALPN: both, common cli1-srv2" \
"$P_SRV debug_level=4 alpn=abc,1234" \
"$P_CLI debug_level=4 alpn=1234,abcde" \
0 \
@ -1183,7 +1184,7 @@ run_test "ALPN #5 (both, common cli1-srv2)" \
-c "Application Layer Protocol is 1234" \
-s "Application Layer Protocol is 1234"
run_test "ALPN #6 (both, no common)" \
run_test "ALPN: both, no common" \
"$P_SRV debug_level=4 alpn=abc,123" \
"$P_CLI debug_level=4 alpn=1234,abcde" \
1 \
@ -1200,7 +1201,7 @@ fi
# Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection
run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ds.crt" \
"$P_CLI" \
@ -1208,21 +1209,21 @@ run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ke.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
run_test "keyUsage srv #3 (RSA, keyAgreement -> fail)" \
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
"$P_SRV key_file=data_files/server2.key \
crt_file=data_files/server2.ku-ka.crt" \
"$P_CLI" \
1 \
-C "Ciphersuite is "
run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ds.crt" \
"$P_CLI" \
@ -1230,14 +1231,14 @@ run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
run_test "keyUsage srv #5 (ECDSA, keyAgreement -> ECDH-)" \
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDH-"
run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ke.crt" \
"$P_CLI" \
@ -1247,7 +1248,7 @@ run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
# Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert
run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=2 \
@ -1257,7 +1258,7 @@ run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=2 \
@ -1267,7 +1268,7 @@ run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=2 \
@ -1277,7 +1278,7 @@ run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=2 \
@ -1287,7 +1288,7 @@ run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=2 \
@ -1297,7 +1298,7 @@ run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
"$O_SRV -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=2 \
@ -1310,7 +1311,7 @@ run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
# Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert
run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
@ -1318,7 +1319,7 @@ run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@ -1326,7 +1327,7 @@ run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=2 auth_mode=required" \
"$O_CLI -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
@ -1334,7 +1335,7 @@ run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
@ -1342,7 +1343,7 @@ run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
@ -1352,26 +1353,26 @@ run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
run_test "extKeyUsage srv #1 (serverAuth -> OK)" \
run_test "extKeyUsage srv: serverAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
run_test "extKeyUsage srv #2 (serverAuth,clientAuth -> OK)" \
run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
run_test "extKeyUsage srv #3 (codeSign,anyEKU -> OK)" \
run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
"$P_SRV key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cs_any.crt" \
"$P_CLI" \
0
# add psk to leave an option for client to send SERVERQUIT
run_test "extKeyUsage srv #4 (codeSign -> fail)" \
run_test "extKeyUsage srv: codeSign -> fail" \
"$P_SRV psk=abc123 key_file=data_files/server5.key \
crt_file=data_files/server5.eku-cli.crt" \
"$P_CLI psk=badbad" \
@ -1379,7 +1380,7 @@ run_test "extKeyUsage srv #4 (codeSign -> fail)" \
# Tests for extendedKeyUsage, part 2: client-side checking of server cert
run_test "extKeyUsage cli #1 (serverAuth -> OK)" \
run_test "extKeyUsage cli: serverAuth -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-srv.crt" \
"$P_CLI debug_level=2" \
@ -1388,7 +1389,7 @@ run_test "extKeyUsage cli #1 (serverAuth -> OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=2" \
@ -1397,7 +1398,7 @@ run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
"$P_CLI debug_level=2" \
@ -1406,7 +1407,7 @@ run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-"
run_test "extKeyUsage cli #4 (codeSign -> fail)" \
run_test "extKeyUsage cli: codeSign -> fail" \
"$O_SRV -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
"$P_CLI debug_level=2" \
@ -1417,7 +1418,7 @@ run_test "extKeyUsage cli #4 (codeSign -> fail)" \
# Tests for extendedKeyUsage, part 3: server-side checking of client cert
run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.eku-cli.crt" \
@ -1425,7 +1426,7 @@ run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
@ -1433,7 +1434,7 @@ run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
@ -1441,7 +1442,7 @@ run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=2 auth_mode=optional" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
@ -1449,7 +1450,7 @@ run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=2 auth_mode=required" \
"$O_CLI -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
@ -1459,7 +1460,7 @@ run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \
# Tests for DHM parameters loading
run_test "DHM parameters #0 (reference)" \
run_test "DHM parameters: reference" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=3" \
@ -1467,7 +1468,7 @@ run_test "DHM parameters #0 (reference)" \
-c "value of 'DHM: P ' (2048 bits)" \
-c "value of 'DHM: G ' (2048 bits)"
run_test "DHM parameters #1 (other parameters)" \
run_test "DHM parameters: other parameters" \
"$P_SRV dhm_file=data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=3" \
@ -1477,7 +1478,7 @@ run_test "DHM parameters #1 (other parameters)" \
# Tests for PSK callback
run_test "PSK callback #0a (psk, no callback)" \
run_test "PSK callback: psk, no callback" \
"$P_SRV psk=abc123 psk_identity=foo" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
@ -1486,7 +1487,7 @@ run_test "PSK callback #0a (psk, no callback)" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #0b (no psk, no callback)" \
run_test "PSK callback: no psk, no callback" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
@ -1495,7 +1496,7 @@ run_test "PSK callback #0b (no psk, no callback)" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #1 (callback overrides other settings)" \
run_test "PSK callback: callback overrides other settings" \
"$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
@ -1504,7 +1505,7 @@ run_test "PSK callback #1 (callback overrides other settings)" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #2 (first id matches)" \
run_test "PSK callback: first id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead" \
@ -1513,7 +1514,7 @@ run_test "PSK callback #2 (first id matches)" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #3 (second id matches)" \
run_test "PSK callback: second id matches" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
@ -1522,7 +1523,7 @@ run_test "PSK callback #3 (second id matches)" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #4 (no match)" \
run_test "PSK callback: no match" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=ghi psk=beef" \
@ -1531,7 +1532,7 @@ run_test "PSK callback #4 (no match)" \
-s "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback #5 (wrong key)" \
run_test "PSK callback: wrong key" \
"$P_SRV psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=beef" \
@ -1542,25 +1543,25 @@ run_test "PSK callback #5 (wrong key)" \
# Tests for ciphersuites per version
run_test "Per-version suites #1" \
run_test "Per-version suites: SSL3" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=ssl3" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
run_test "Per-version suites #2" \
run_test "Per-version suites: TLS 1.0" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
run_test "Per-version suites #3" \
run_test "Per-version suites: TLS 1.1" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_1" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
run_test "Per-version suites #4" \
run_test "Per-version suites: TLS 1.2" \
"$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls1_2" \
0 \
@ -1568,13 +1569,13 @@ run_test "Per-version suites #4" \
# Tests for ssl_get_bytes_avail()
run_test "ssl_get_bytes_avail #1 (no extra data)" \
run_test "ssl_get_bytes_avail: no extra data" \
"$P_SRV" \
"$P_CLI request_size=100" \
0 \
-s "Read from client: 100 bytes read$"
run_test "ssl_get_bytes_avail #2 (extra data)" \
run_test "ssl_get_bytes_avail: extra data" \
"$P_SRV" \
"$P_CLI request_size=500" \
0 \