cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-23 20:48:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls_ssl_set_hostname tests: add tests with CA callback

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2025-02-13 21:46:00 +01:00
parent 856a370628
commit 640512eb90
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
tests/ssl-opt.sh
View File

@ -5952,6 +5952,18 @@ run_test "Authentication: hostname match, client required" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname match, client required, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (wrong), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
@ -6058,6 +6070,19 @@ run_test "Authentication: hostname unset, client required" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client required, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=no debug_level=2" \