Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT

2025-11-04 04:32:24 -05:00 · 2019-02-25 18:01:57 +00:00 · 2019-02-25 18:01:57 +00:00 · fe9aec4cb1
commit fe9aec4cb1
parent a9766c2c23
1 changed files with 0 additions and 11 deletions
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -2956,7 +2956,6 @@ run_test    "Authentication: send CA list in CertificateRequest, client self sig

 # Tests for certificate selection based on SHA verson

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "Certificate hash: client TLS 1.2 -> SHA-2" \
            "$P_SRV crt_file=data_files/server5.crt \
                    key_file=data_files/server5.key \
@ -2967,7 +2966,6 @@ run_test    "Certificate hash: client TLS 1.2 -> SHA-2" \
            -c "signed using.*ECDSA with SHA256" \
            -C "signed using.*ECDSA with SHA1"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "Certificate hash: client TLS 1.1 -> SHA-1" \
            "$P_SRV crt_file=data_files/server5.crt \
                    key_file=data_files/server5.key \
@ -2978,7 +2976,6 @@ run_test    "Certificate hash: client TLS 1.1 -> SHA-1" \
            -C "signed using.*ECDSA with SHA256" \
            -c "signed using.*ECDSA with SHA1"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "Certificate hash: client TLS 1.0 -> SHA-1" \
            "$P_SRV crt_file=data_files/server5.crt \
                    key_file=data_files/server5.key \
@ -2989,7 +2986,6 @@ run_test    "Certificate hash: client TLS 1.0 -> SHA-1" \
            -C "signed using.*ECDSA with SHA256" \
            -c "signed using.*ECDSA with SHA1"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
            "$P_SRV crt_file=data_files/server5.crt \
                    key_file=data_files/server5.key \
@ -3001,7 +2997,6 @@ run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
            -c "signed using.*ECDSA with SHA256" \
            -C "signed using.*ECDSA with SHA1"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
            "$P_SRV crt_file=data_files/server6.crt \
                    key_file=data_files/server6.key \
@ -3015,7 +3010,6 @@ run_test    "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \

 # tests for SNI

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: no SNI callback" \
            "$P_SRV debug_level=3 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@ -3025,7 +3019,6 @@ run_test    "SNI: no SNI callback" \
            -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: matching cert 1" \
            "$P_SRV debug_level=3 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3036,7 +3029,6 @@ run_test    "SNI: matching cert 1" \
            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: matching cert 2" \
            "$P_SRV debug_level=3 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3154,7 +3146,6 @@ run_test    "SNI: CA override with CRL" \

 # Tests for SNI and DTLS

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: DTLS, no SNI callback" \
            "$P_SRV debug_level=3 dtls=1 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@ -3164,7 +3155,6 @@ run_test    "SNI: DTLS, no SNI callback" \
            -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: DTLS, matching cert 1" \
            "$P_SRV debug_level=3 dtls=1 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key \
@ -3175,7 +3165,6 @@ run_test    "SNI: DTLS, matching cert 1" \
            -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
            -c "subject name *: C=NL, O=PolarSSL, CN=localhost"

-requires_config_enabled MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 run_test    "SNI: DTLS, matching cert 2" \
            "$P_SRV debug_level=3 dtls=1 \
             crt_file=data_files/server5.crt key_file=data_files/server5.key \