cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 03:00:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments regarding ssl_client2 and ssl tests

Browse Source
This commit is contained in:
Jarno Lamsa 2019-04-01 15:11:54 +03:00
parent 2ee67a66f4
commit f7a7f9ee43
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
programs/ssl/ssl_client2.c
View File

@ -470,7 +470,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
* set of trusted certificates (such as a hashtable) and only * set of trusted certificates (such as a hashtable) and only
* return those trusted certificates which satisfy basic * return those trusted certificates which satisfy basic
* parental checks, such as the matching of child `Issuer` * parental checks, such as the matching of child `Issuer`
* and parent `Subject` field. */ * and parent `Subject` field or matching key identifiers. */
((void) child); ((void) child);
first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );

10
tests/ssl-opt.sh
View File

@ -947,10 +947,6 @@ run_test "CA callback on client" \
"$P_CLI ca_callback=1 debug_level=3 " \ "$P_CLI ca_callback=1 debug_level=3 " \
0 \ 0 \
-c "use CA callback for X.509 CRT verification"\ -c "use CA callback for X.509 CRT verification"\
-s "Protocol is TLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
-s "client hello v3, signature_algorithm ext: 6" \
-s "ECDHE curve: secp521r1" \
-S "error" \ -S "error" \
-C "error" -C "error"
@ -2602,7 +2598,8 @@ run_test "DER format: with 9 trailing random bytes" \
0 \ 0 \
-c "Handshake was completed" \ -c "Handshake was completed" \
# Tests for auth_mode # Tests for auth_mode, there are duplicated tests using ca callback for authentication
# When updating these tests, modify the matching authentication tests accordingly
run_test "Authentication: server badcert, client required" \ run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \ "$P_SRV crt_file=data_files/server5-badsign.crt \
@ -2981,7 +2978,8 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
# Tests for auth_mode, using CA callback # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \ run_test "Authentication, CA callback: server badcert, client required" \