Add non support sig alg check and test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-02-18 16:42:24 +08:00
parent 562a0fddf0
commit d66409ae92
2 changed files with 7 additions and 4 deletions

View file

@ -1164,7 +1164,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
if( !mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received list." ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}

View file

@ -9861,7 +9861,7 @@ run_test "TLS 1.3: No client authentication, client has certificate - openssl
key_file=data_files/cli2.key" \
0 \
-c "got no certificate request" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
@ -9871,13 +9871,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \
run_test "TLS 1.3: No client authentication, client has certificate - gnutls" \
"$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \
key_file=data_files/cli2.key" \
0 \
-c "got no certificate request" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"