manually merge 0c6ce2f use x509_crt_verify_info()
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9748d8b..2493278 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1561,7 +1561,7 @@
"$P_CLI debug_level=1 auth_mode=required" \
1 \
-c "x509_verify_cert() returned" \
- -c "! self-signed or not signed by a trusted CA" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
@@ -1571,7 +1571,7 @@
"$P_CLI debug_level=1 auth_mode=optional" \
0 \
-c "x509_verify_cert() returned" \
- -c "! self-signed or not signed by a trusted CA" \
+ -c "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -1581,7 +1581,7 @@
"$P_CLI debug_level=1 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
- -C "! self-signed or not signed by a trusted CA" \
+ -C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
@@ -1597,7 +1597,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \
- -S "! self-signed or not signed by a trusted CA" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
-s "! mbedtls_ssl_handshake returned" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
@@ -1614,7 +1614,7 @@
-C "skip write certificate verify" \
-S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \
- -s "! self-signed or not signed by a trusted CA" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
-S "! mbedtls_ssl_handshake returned" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -1631,7 +1631,7 @@
-c "skip write certificate verify" \
-s "skip parse certificate verify" \
-S "x509_verify_cert() returned" \
- -S "! self-signed or not signed by a trusted CA" \
+ -S "! The certificate is not correctly signed by the trusted CA" \
-S "! mbedtls_ssl_handshake returned" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -1648,7 +1648,7 @@
-S "SSLv3 client has no certificate" \
-c "skip write certificate verify" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! mbedtls_ssl_handshake returned" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -1659,7 +1659,7 @@
0 \
-S "skip write certificate request" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -1685,7 +1685,7 @@
-c "got no certificate to send" \
-s "SSLv3 client has no certificate" \
-s "skip parse certificate verify" \
- -s "! no client certificate sent" \
+ -s "! Certificate was missing" \
-S "! mbedtls_ssl_handshake returned" \
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
@@ -2719,14 +2719,14 @@
"$P_SRV dtls=1 auth_mode=optional" \
"$P_CLI dtls=1 crt_file=none key_file=none" \
0 \
- -s "! no client certificate sent"
+ -s "! Certificate was missing"
-run_test "DTLS client auth: optional, client has no cert" \
+run_test "DTLS client auth: none, client has no cert" \
"$P_SRV dtls=1 auth_mode=none" \
"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
0 \
-c "skip write certificate$" \
- -s "! no client certificate sent"
+ -s "! Certificate verification was skipped"
# Tests for receiving fragmented handshake messages with DTLS