Address review comments regarding ssl_client2 and ssl tests

2019-04-01 15:11:54 +03:00 · 2019-04-01 15:11:54 +03:00 · f7a7f9ee43
commit f7a7f9ee43
parent 2ee67a66f4
2 changed files with 5 additions and 7 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -470,7 +470,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
     * set of trusted certificates (such as a hashtable) and only
     * return those trusted certificates which satisfy basic
     * parental checks, such as the matching of child `Issuer`
-     * and parent `Subject` field. */
+     * and parent `Subject` field or matching key identifiers. */
    ((void) child);

    first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -947,10 +947,6 @@ run_test    "CA callback on client" \
            "$P_CLI ca_callback=1 debug_level=3 " \
            0 \
            -c "use CA callback for X.509 CRT verification"\
-            -s "Protocol is TLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
-            -s "client hello v3, signature_algorithm ext: 6" \
-            -s "ECDHE curve: secp521r1" \
            -S "error" \
            -C "error"

@ -2602,7 +2598,8 @@ run_test    "DER format: with 9 trailing random bytes" \
            0 \
            -c "Handshake was completed" \

-# Tests for auth_mode
+# Tests for auth_mode, there are duplicated tests using ca callback for authentication
+# When updating these tests, modify the matching authentication tests accordingly

 run_test    "Authentication: server badcert, client required" \
            "$P_SRV crt_file=data_files/server5-badsign.crt \
@ -2981,7 +2978,8 @@ run_test    "Authentication: send CA list in CertificateRequest, client self sig
            -c "! mbedtls_ssl_handshake returned" \
            -s "X509 - Certificate verification failed"

-# Tests for auth_mode, using CA callback
+# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
+# When updating these tests, modify the matching authentication tests accordingly

 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server badcert, client required" \