Blame - tests/ssl-opt.sh - mirror/mbed-tls.git

blob: d952f33fd29a3486419c4e45a13d75c7fea4bb7b [file] [log] [blame]

Gilles Peskine	7dc9704	2020-02-26 19:48:43 +0100	[diff] [blame]	1	#!/bin/sh
				2
				3	# ssl-opt.sh
				4	#
				5	# This file is part of mbed TLS (https://tls.mbed.org)
				6	#
				7	# Copyright (c) 2016, ARM Limited, All Rights Reserved
				8	#
				9	# Purpose
				10	#
				11	# Executes tests to prove various TLS/SSL options and extensions.
				12	#
				13	# The goal is not to cover every ciphersuite/version, but instead to cover
				14	# specific options (max fragment length, truncated hmac, etc) or procedures
				15	# (session resumption from cache or ticket, renego, etc).
				16	#
				17	# The tests assume a build with default options, with exceptions expressed
				18	# with a dependency. The tests focus on functionality and do not consider
				19	# performance.
				20	#
				21
				22	set -u
				23
				24	if cd $( dirname $0 ); then :; else
				25	echo "cd $( dirname $0 ) failed" >&2
				26	exit 1
				27	fi
				28
				29	# default values, can be overridden by the environment
				30	: ${P_SRV:=../programs/ssl/ssl_server2}
				31	: ${P_CLI:=../programs/ssl/ssl_client2}
				32	: ${P_PXY:=../programs/test/udp_proxy}
				33	: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
				34	: ${GNUTLS_CLI:=gnutls-cli}
				35	: ${GNUTLS_SERV:=gnutls-serv}
				36	: ${PERL:=perl}
				37
				38	O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
				39	O_CLI="echo 'GET / HTTP/1.0' \| $OPENSSL_CMD s_client"
				40	G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
				41	G_CLI="echo 'GET / HTTP/1.0' \| $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
				42	TCP_CLIENT="$PERL scripts/tcp_client.pl"
				43
				44	# alternative versions of OpenSSL and GnuTLS (no default path)
				45
				46	if [ -n "${OPENSSL_LEGACY:-}" ]; then
				47	O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
				48	O_LEGACY_CLI="echo 'GET / HTTP/1.0' \| $OPENSSL_LEGACY s_client"
				49	else
				50	O_LEGACY_SRV=false
				51	O_LEGACY_CLI=false
				52	fi
				53
				54	if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
				55	G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
				56	else
				57	G_NEXT_SRV=false
				58	fi
				59
				60	if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
				61	G_NEXT_CLI="echo 'GET / HTTP/1.0' \| $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
				62	else
				63	G_NEXT_CLI=false
				64	fi
				65
				66	TESTS=0
				67	FAILS=0
				68	SKIPS=0
				69
				70	CONFIG_H='../include/mbedtls/config.h'
				71
				72	MEMCHECK=0
				73	FILTER='.*'
				74	EXCLUDE='^$'
				75
				76	SHOW_TEST_NUMBER=0
				77	RUN_TEST_NUMBER=''
				78
				79	PRESERVE_LOGS=0
				80
				81	# Pick a "unique" server port in the range 10000-19999, and a proxy
				82	# port which is this plus 10000. Each port number may be independently
				83	# overridden by a command line option.
				84	SRV_PORT=$(($$ % 10000 + 10000))
				85	PXY_PORT=$((SRV_PORT + 10000))
				86
				87	print_usage() {
				88	echo "Usage: $0 [options]"
				89	printf " -h\|--help\tPrint this help.\n"
				90	printf " -m\|--memcheck\tCheck memory leaks and errors.\n"
				91	printf " -f\|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
				92	printf " -e\|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
				93	printf " -n\|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
				94	printf " -s\|--show-numbers\tShow test numbers in front of test names\n"
				95	printf " -p\|--preserve-logs\tPreserve logs of successful tests as well\n"
				96	printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n"
				97	printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
				98	printf " --seed\tInteger seed value to use for this test run\n"
				99	}
				100
				101	get_options() {
				102	while [ $# -gt 0 ]; do
				103	case "$1" in
				104	-f\|--filter)
				105	shift; FILTER=$1
				106	;;
				107	-e\|--exclude)
				108	shift; EXCLUDE=$1
				109	;;
				110	-m\|--memcheck)
				111	MEMCHECK=1
				112	;;
				113	-n\|--number)
				114	shift; RUN_TEST_NUMBER=$1
				115	;;
				116	-s\|--show-numbers)
				117	SHOW_TEST_NUMBER=1
				118	;;
				119	-p\|--preserve-logs)
				120	PRESERVE_LOGS=1
				121	;;
				122	--port)
				123	shift; SRV_PORT=$1
				124	;;
				125	--proxy-port)
				126	shift; PXY_PORT=$1
				127	;;
				128	--seed)
				129	shift; SEED="$1"
				130	;;
				131	-h\|--help)
				132	print_usage
				133	exit 0
				134	;;
				135	*)
				136	echo "Unknown argument: '$1'"
				137	print_usage
				138	exit 1
				139	;;
				140	esac
				141	shift
				142	done
				143	}
				144
				145	# Skip next test; use this macro to skip tests which are legitimate
				146	# in theory and expected to be re-introduced at some point, but
				147	# aren't expected to succeed at the moment due to problems outside
				148	# our control (such as bugs in other TLS implementations).
				149	skip_next_test() {
				150	SKIP_NEXT="YES"
				151	}
				152
				153	# skip next test if the flag is not enabled in config.h
				154	requires_config_enabled() {
				155	if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
				156	SKIP_NEXT="YES"
				157	fi
				158	}
				159
				160	# skip next test if the flag is enabled in config.h
				161	requires_config_disabled() {
				162	if grep "^#define $1" $CONFIG_H > /dev/null; then
				163	SKIP_NEXT="YES"
				164	fi
				165	}
				166
				167	get_config_value_or_default() {
				168	# This function uses the query_config command line option to query the
				169	# required Mbed TLS compile time configuration from the ssl_server2
				170	# program. The command will always return a success value if the
				171	# configuration is defined and the value will be printed to stdout.
				172	#
				173	# Note that if the configuration is not defined or is defined to nothing,
				174	# the output of this function will be an empty string.
				175	${P_SRV} "query_config=${1}"
				176	}
				177
				178	requires_config_value_at_least() {
				179	VAL="$( get_config_value_or_default "$1" )"
				180	if [ -z "$VAL" ]; then
				181	# Should never happen
				182	echo "Mbed TLS configuration $1 is not defined"
				183	exit 1
				184	elif [ "$VAL" -lt "$2" ]; then
				185	SKIP_NEXT="YES"
				186	fi
				187	}
				188
				189	requires_config_value_at_most() {
				190	VAL=$( get_config_value_or_default "$1" )
				191	if [ -z "$VAL" ]; then
				192	# Should never happen
				193	echo "Mbed TLS configuration $1 is not defined"
				194	exit 1
				195	elif [ "$VAL" -gt "$2" ]; then
				196	SKIP_NEXT="YES"
				197	fi
				198	}
				199
				200	requires_ciphersuite_enabled() {
				201	if [ -z "$($P_CLI --help \| grep $1)" ]; then
				202	SKIP_NEXT="YES"
				203	fi
				204	}
				205
				206	# skip next test if OpenSSL doesn't support FALLBACK_SCSV
				207	requires_openssl_with_fallback_scsv() {
				208	if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
				209	if $OPENSSL_CMD s_client -help 2>&1 \| grep fallback_scsv >/dev/null
				210	then
				211	OPENSSL_HAS_FBSCSV="YES"
				212	else
				213	OPENSSL_HAS_FBSCSV="NO"
				214	fi
				215	fi
				216	if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
				217	SKIP_NEXT="YES"
				218	fi
				219	}
				220
				221	# skip next test if GnuTLS isn't available
				222	requires_gnutls() {
				223	if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
				224	if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
				225	GNUTLS_AVAILABLE="YES"
				226	else
				227	GNUTLS_AVAILABLE="NO"
				228	fi
				229	fi
				230	if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
				231	SKIP_NEXT="YES"
				232	fi
				233	}
				234
				235	# skip next test if GnuTLS-next isn't available
				236	requires_gnutls_next() {
				237	if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
				238	if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
				239	GNUTLS_NEXT_AVAILABLE="YES"
				240	else
				241	GNUTLS_NEXT_AVAILABLE="NO"
				242	fi
				243	fi
				244	if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
				245	SKIP_NEXT="YES"
				246	fi
				247	}
				248
				249	# skip next test if OpenSSL-legacy isn't available
				250	requires_openssl_legacy() {
				251	if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
				252	if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
				253	OPENSSL_LEGACY_AVAILABLE="YES"
				254	else
				255	OPENSSL_LEGACY_AVAILABLE="NO"
				256	fi
				257	fi
				258	if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
				259	SKIP_NEXT="YES"
				260	fi
				261	}
				262
				263	# skip next test if IPv6 isn't available on this host
				264	requires_ipv6() {
				265	if [ -z "${HAS_IPV6:-}" ]; then
				266	$P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
				267	SRV_PID=$!
				268	sleep 1
				269	kill $SRV_PID >/dev/null 2>&1
				270	if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
				271	HAS_IPV6="NO"
				272	else
				273	HAS_IPV6="YES"
				274	fi
				275	rm -r $SRV_OUT
				276	fi
				277
				278	if [ "$HAS_IPV6" = "NO" ]; then
				279	SKIP_NEXT="YES"
				280	fi
				281	}
				282
				283	# skip next test if it's i686 or uname is not available
				284	requires_not_i686() {
				285	if [ -z "${IS_I686:-}" ]; then
				286	IS_I686="YES"
				287	if which "uname" >/dev/null 2>&1; then
				288	if [ -z "$(uname -a \| grep i686)" ]; then
				289	IS_I686="NO"
				290	fi
				291	fi
				292	fi
				293	if [ "$IS_I686" = "YES" ]; then
				294	SKIP_NEXT="YES"
				295	fi
				296	}
				297
				298	# Calculate the input & output maximum content lengths set in the config
				299	MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN \|\| echo "16384")
				300	MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN \|\| echo "$MAX_CONTENT_LEN")
				301	MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN \|\| echo "$MAX_CONTENT_LEN")
				302
				303	if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
				304	MAX_CONTENT_LEN="$MAX_IN_LEN"
				305	fi
				306	if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
				307	MAX_CONTENT_LEN="$MAX_OUT_LEN"
				308	fi
				309
				310	# skip the next test if the SSL output buffer is less than 16KB
				311	requires_full_size_output_buffer() {
				312	if [ "$MAX_OUT_LEN" -ne 16384 ]; then
				313	SKIP_NEXT="YES"
				314	fi
				315	}
				316
				317	# skip the next test if valgrind is in use
				318	not_with_valgrind() {
				319	if [ "$MEMCHECK" -gt 0 ]; then
				320	SKIP_NEXT="YES"
				321	fi
				322	}
				323
				324	# skip the next test if valgrind is NOT in use
				325	only_with_valgrind() {
				326	if [ "$MEMCHECK" -eq 0 ]; then
				327	SKIP_NEXT="YES"
				328	fi
				329	}
				330
				331	# multiply the client timeout delay by the given factor for the next test
				332	client_needs_more_time() {
				333	CLI_DELAY_FACTOR=$1
				334	}
				335
				336	# wait for the given seconds after the client finished in the next test
				337	server_needs_more_time() {
				338	SRV_DELAY_SECONDS=$1
				339	}
				340
				341	# print_name <name>
				342	print_name() {
				343	TESTS=$(( $TESTS + 1 ))
				344	LINE=""
				345
				346	if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
				347	LINE="$TESTS "
				348	fi
				349
				350	LINE="$LINE$1"
				351	printf "$LINE "
				352	LEN=$(( 72 - `echo "$LINE" \| wc -c` ))
				353	for i in `seq 1 $LEN`; do printf '.'; done
				354	printf ' '
				355
				356	}
				357
				358	# fail <message>
				359	fail() {
				360	echo "FAIL"
				361	echo " ! $1"
				362
				363	mv $SRV_OUT o-srv-${TESTS}.log
				364	mv $CLI_OUT o-cli-${TESTS}.log
				365	if [ -n "$PXY_CMD" ]; then
				366	mv $PXY_OUT o-pxy-${TESTS}.log
				367	fi
				368	echo " ! outputs saved to o-XXX-${TESTS}.log"
				369
				370	if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
				371	echo " ! server output:"
				372	cat o-srv-${TESTS}.log
				373	echo " ! ========================================================"
				374	echo " ! client output:"
				375	cat o-cli-${TESTS}.log
				376	if [ -n "$PXY_CMD" ]; then
				377	echo " ! ========================================================"
				378	echo " ! proxy output:"
				379	cat o-pxy-${TESTS}.log
				380	fi
				381	echo ""
				382	fi
				383
				384	FAILS=$(( $FAILS + 1 ))
				385	}
				386
				387	# is_polar <cmd_line>
				388	is_polar() {
				389	echo "$1" \| grep 'ssl_server2\\|ssl_client2' > /dev/null
				390	}
				391
				392	# openssl s_server doesn't have -www with DTLS
				393	check_osrv_dtls() {
				394	if echo "$SRV_CMD" \| grep 's_server.*-dtls' >/dev/null; then
				395	NEEDS_INPUT=1
				396	SRV_CMD="$( echo $SRV_CMD \| sed s/-www// )"
				397	else
				398	NEEDS_INPUT=0
				399	fi
				400	}
				401
				402	# provide input to commands that need it
				403	provide_input() {
				404	if [ $NEEDS_INPUT -eq 0 ]; then
				405	return
				406	fi
				407
				408	while true; do
				409	echo "HTTP/1.0 200 OK"
				410	sleep 1
				411	done
				412	}
				413
				414	# has_mem_err <log_file_name>
				415	has_mem_err() {
				416	if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
				417	grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
				418	then
				419	return 1 # false: does not have errors
				420	else
				421	return 0 # true: has errors
				422	fi
				423	}
				424
				425	# Wait for process $2 to be listening on port $1
				426	if type lsof >/dev/null 2>/dev/null; then
				427	wait_server_start() {
				428	START_TIME=$(date +%s)
				429	if [ "$DTLS" -eq 1 ]; then
				430	proto=UDP
				431	else
				432	proto=TCP
				433	fi
				434	# Make a tight loop, server normally takes less than 1s to start.
				435	while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
				436	if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
				437	echo "SERVERSTART TIMEOUT"
				438	echo "SERVERSTART TIMEOUT" >> $SRV_OUT
				439	break
				440	fi
				441	# Linux and *BSD support decimal arguments to sleep. On other
				442	# OSes this may be a tight loop.
				443	sleep 0.1 2>/dev/null \|\| true
				444	done
				445	}
				446	else
				447	echo "Warning: lsof not available, wait_server_start = sleep"
				448	wait_server_start() {
				449	sleep "$START_DELAY"
				450	}
				451	fi
				452
				453	# Given the client or server debug output, parse the unix timestamp that is
				454	# included in the first 4 bytes of the random bytes and check that it's within
				455	# acceptable bounds
				456	check_server_hello_time() {
				457	# Extract the time from the debug (lvl 3) output of the client
				458	SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
				459	# Get the Unix timestamp for now
				460	CUR_TIME=$(date +'%s')
				461	THRESHOLD_IN_SECS=300
				462
				463	# Check if the ServerHello time was printed
				464	if [ -z "$SERVER_HELLO_TIME" ]; then
				465	return 1
				466	fi
				467
				468	# Check the time in ServerHello is within acceptable bounds
				469	if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
				470	# The time in ServerHello is at least 5 minutes before now
				471	return 1
				472	elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
				473	# The time in ServerHello is at least 5 minutes later than now
				474	return 1
				475	else
				476	return 0
				477	fi
				478	}
				479
				480	# wait for client to terminate and set CLI_EXIT
				481	# must be called right after starting the client
				482	wait_client_done() {
				483	CLI_PID=$!
				484
				485	CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
				486	CLI_DELAY_FACTOR=1
				487
				488	( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
				489	DOG_PID=$!
				490
				491	wait $CLI_PID
				492	CLI_EXIT=$?
				493
				494	kill $DOG_PID >/dev/null 2>&1
				495	wait $DOG_PID
				496
				497	echo "EXIT: $CLI_EXIT" >> $CLI_OUT
				498
				499	sleep $SRV_DELAY_SECONDS
				500	SRV_DELAY_SECONDS=0
				501	}
				502
				503	# check if the given command uses dtls and sets global variable DTLS
				504	detect_dtls() {
				505	if echo "$1" \| grep 'dtls=1\\|-dtls1\\|-u' >/dev/null; then
				506	DTLS=1
				507	else
				508	DTLS=0
				509	fi
				510	}
				511
				512	# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
				513	# Options: -s pattern pattern that must be present in server output
				514	# -c pattern pattern that must be present in client output
				515	# -u pattern lines after pattern must be unique in client output
				516	# -f call shell function on client output
				517	# -S pattern pattern that must be absent in server output
				518	# -C pattern pattern that must be absent in client output
				519	# -U pattern lines after pattern must be unique in server output
				520	# -F call shell function on server output
				521	run_test() {
				522	NAME="$1"
				523	shift 1
				524
				525	if echo "$NAME" \| grep "$FILTER" \| grep -v "$EXCLUDE" >/dev/null; then :
				526	else
				527	SKIP_NEXT="NO"
				528	return
				529	fi
				530
				531	print_name "$NAME"
				532
				533	# Do we only run numbered tests?
				534	if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
				535	elif echo ",$RUN_TEST_NUMBER," \| grep ",$TESTS," >/dev/null; then :
				536	else
				537	SKIP_NEXT="YES"
				538	fi
				539
				540	# does this test use a proxy?
				541	if [ "X$1" = "X-p" ]; then
				542	PXY_CMD="$2"
				543	shift 2
				544	else
				545	PXY_CMD=""
				546	fi
				547
				548	# get commands and client output
				549	SRV_CMD="$1"
				550	CLI_CMD="$2"
				551	CLI_EXPECT="$3"
				552	shift 3
				553
				554	# Check if server forces ciphersuite
				555	FORCE_CIPHERSUITE=$(echo "$SRV_CMD" \| sed -n 's/^.force_ciphersuite=$[a-zA-Z0-9\-]$.*$/\1/p')
				556	if [ ! -z "$FORCE_CIPHERSUITE" ]; then
				557	requires_ciphersuite_enabled $FORCE_CIPHERSUITE
				558	fi
				559
				560	# Check if client forces ciphersuite
				561	FORCE_CIPHERSUITE=$(echo "$CLI_CMD" \| sed -n 's/^.force_ciphersuite=$[a-zA-Z0-9\-]$.*$/\1/p')
				562	if [ ! -z "$FORCE_CIPHERSUITE" ]; then
				563	requires_ciphersuite_enabled $FORCE_CIPHERSUITE
				564	fi
				565
				566	# should we skip?
				567	if [ "X$SKIP_NEXT" = "XYES" ]; then
				568	SKIP_NEXT="NO"
				569	echo "SKIP"
				570	SKIPS=$(( $SKIPS + 1 ))
				571	return
				572	fi
				573
				574	# fix client port
				575	if [ -n "$PXY_CMD" ]; then
				576	CLI_CMD=$( echo "$CLI_CMD" \| sed s/+SRV_PORT/$PXY_PORT/g )
				577	else
				578	CLI_CMD=$( echo "$CLI_CMD" \| sed s/+SRV_PORT/$SRV_PORT/g )
				579	fi
				580
				581	# update DTLS variable
				582	detect_dtls "$SRV_CMD"
				583
				584	# prepend valgrind to our commands if active
				585	if [ "$MEMCHECK" -gt 0 ]; then
				586	if is_polar "$SRV_CMD"; then
				587	SRV_CMD="valgrind --leak-check=full $SRV_CMD"
				588	fi
				589	if is_polar "$CLI_CMD"; then
				590	CLI_CMD="valgrind --leak-check=full $CLI_CMD"
				591	fi
				592	fi
				593
				594	TIMES_LEFT=2
				595	while [ $TIMES_LEFT -gt 0 ]; do
				596	TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
				597
				598	# run the commands
				599	if [ -n "$PXY_CMD" ]; then
				600	echo "$PXY_CMD" > $PXY_OUT
				601	$PXY_CMD >> $PXY_OUT 2>&1 &
				602	PXY_PID=$!
				603	# assume proxy starts faster than server
				604	fi
				605
				606	check_osrv_dtls
				607	echo "$SRV_CMD" > $SRV_OUT
				608	provide_input \| $SRV_CMD >> $SRV_OUT 2>&1 &
				609	SRV_PID=$!
				610	wait_server_start "$SRV_PORT" "$SRV_PID"
				611
				612	echo "$CLI_CMD" > $CLI_OUT
				613	eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
				614	wait_client_done
				615
				616	sleep 0.05
				617
				618	# terminate the server (and the proxy)
				619	kill $SRV_PID
				620	wait $SRV_PID
				621
				622	if [ -n "$PXY_CMD" ]; then
				623	kill $PXY_PID >/dev/null 2>&1
				624	wait $PXY_PID
				625	fi
				626
				627	# retry only on timeouts
				628	if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
				629	printf "RETRY "
				630	else
				631	TIMES_LEFT=0
				632	fi
				633	done
				634
				635	# check if the client and server went at least to the handshake stage
				636	# (useful to avoid tests with only negative assertions and non-zero
				637	# expected client exit to incorrectly succeed in case of catastrophic
				638	# failure)
				639	if is_polar "$SRV_CMD"; then
				640	if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
				641	else
				642	fail "server or client failed to reach handshake stage"
				643	return
				644	fi
				645	fi
				646	if is_polar "$CLI_CMD"; then
				647	if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
				648	else
				649	fail "server or client failed to reach handshake stage"
				650	return
				651	fi
				652	fi
				653
				654	# check server exit code
				655	if [ $? != 0 ]; then
				656	fail "server fail"
				657	return
				658	fi
				659
				660	# check client exit code
				661	if [ $ "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 $ -o \
				662	$ "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 $ ]
				663	then
				664	fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
				665	return
				666	fi
				667
				668	# check other assertions
				669	# lines beginning with == are added by valgrind, ignore them
				670	# lines with 'Serious error when reading debug info', are valgrind issues as well
				671	while [ $# -gt 0 ]
				672	do
				673	case $1 in
				674	"-s")
				675	if grep -v '^==' $SRV_OUT \| grep -v 'Serious error when reading debug info' \| grep "$2" >/dev/null; then :; else
				676	fail "pattern '$2' MUST be present in the Server output"
				677	return
				678	fi
				679	;;
				680
				681	"-c")
				682	if grep -v '^==' $CLI_OUT \| grep -v 'Serious error when reading debug info' \| grep "$2" >/dev/null; then :; else
				683	fail "pattern '$2' MUST be present in the Client output"
				684	return
				685	fi
				686	;;
				687
				688	"-S")
				689	if grep -v '^==' $SRV_OUT \| grep -v 'Serious error when reading debug info' \| grep "$2" >/dev/null; then
				690	fail "pattern '$2' MUST NOT be present in the Server output"
				691	return
				692	fi
				693	;;
				694
				695	"-C")
				696	if grep -v '^==' $CLI_OUT \| grep -v 'Serious error when reading debug info' \| grep "$2" >/dev/null; then
				697	fail "pattern '$2' MUST NOT be present in the Client output"
				698	return
				699	fi
				700	;;
				701
				702	# The filtering in the following two options (-u and -U) do the following
				703	# - ignore valgrind output
				704	# - filter out everything but lines right after the pattern occurrences
				705	# - keep one of each non-unique line
				706	# - count how many lines remain
				707	# A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
				708	# if there were no duplicates.
				709	"-U")
				710	if [ $(grep -v '^==' $SRV_OUT \| grep -v 'Serious error when reading debug info' \| grep -A1 "$2" \| grep -v "$2" \| sort \| uniq -d \| wc -l) -gt 1 ]; then
				711	fail "lines following pattern '$2' must be unique in Server output"
				712	return
				713	fi
				714	;;
				715
				716	"-u")
				717	if [ $(grep -v '^==' $CLI_OUT \| grep -v 'Serious error when reading debug info' \| grep -A1 "$2" \| grep -v "$2" \| sort \| uniq -d \| wc -l) -gt 1 ]; then
				718	fail "lines following pattern '$2' must be unique in Client output"
				719	return
				720	fi
				721	;;
				722	"-F")
				723	if ! $2 "$SRV_OUT"; then
				724	fail "function call to '$2' failed on Server output"
				725	return
				726	fi
				727	;;
				728	"-f")
				729	if ! $2 "$CLI_OUT"; then
				730	fail "function call to '$2' failed on Client output"
				731	return
				732	fi
				733	;;
				734
				735	*)
				736	echo "Unknown test: $1" >&2
				737	exit 1
				738	esac
				739	shift 2
				740	done
				741
				742	# check valgrind's results
				743	if [ "$MEMCHECK" -gt 0 ]; then
				744	if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
				745	fail "Server has memory errors"
				746	return
				747	fi
				748	if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
				749	fail "Client has memory errors"
				750	return
				751	fi
				752	fi
				753
				754	# if we're here, everything is ok
				755	echo "PASS"
				756	if [ "$PRESERVE_LOGS" -gt 0 ]; then
				757	mv $SRV_OUT o-srv-${TESTS}.log
				758	mv $CLI_OUT o-cli-${TESTS}.log
				759	if [ -n "$PXY_CMD" ]; then
				760	mv $PXY_OUT o-pxy-${TESTS}.log
				761	fi
				762	fi
				763
				764	rm -f $SRV_OUT $CLI_OUT $PXY_OUT
				765	}
				766
				767	run_test_psa() {
				768	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				769	run_test "PSA-supported ciphersuite: $1" \
				770	"$P_SRV debug_level=2 force_version=tls1_2" \
				771	"$P_CLI debug_level=2 force_version=tls1_2 force_ciphersuite=$1" \
				772	0 \
				773	-c "Successfully setup PSA-based decryption cipher context" \
				774	-c "Successfully setup PSA-based encryption cipher context" \
				775	-c "PSA calc verify" \
				776	-c "calc PSA finished" \
				777	-s "Successfully setup PSA-based decryption cipher context" \
				778	-s "Successfully setup PSA-based encryption cipher context" \
				779	-s "PSA calc verify" \
				780	-s "calc PSA finished" \
				781	-C "Failed to setup PSA-based cipher context"\
				782	-S "Failed to setup PSA-based cipher context"\
				783	-s "Protocol is TLSv1.2" \
				784	-c "Perform PSA-based ECDH computation."\
				785	-c "Perform PSA-based computation of digest of ServerKeyExchange" \
				786	-S "error" \
				787	-C "error"
				788	}
				789
				790	run_test_psa_force_curve() {
				791	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				792	run_test "PSA - ECDH with $1" \
				793	"$P_SRV debug_level=4 force_version=tls1_2" \
				794	"$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
				795	0 \
				796	-c "Successfully setup PSA-based decryption cipher context" \
				797	-c "Successfully setup PSA-based encryption cipher context" \
				798	-c "PSA calc verify" \
				799	-c "calc PSA finished" \
				800	-s "Successfully setup PSA-based decryption cipher context" \
				801	-s "Successfully setup PSA-based encryption cipher context" \
				802	-s "PSA calc verify" \
				803	-s "calc PSA finished" \
				804	-C "Failed to setup PSA-based cipher context"\
				805	-S "Failed to setup PSA-based cipher context"\
				806	-s "Protocol is TLSv1.2" \
				807	-c "Perform PSA-based ECDH computation."\
				808	-c "Perform PSA-based computation of digest of ServerKeyExchange" \
				809	-S "error" \
				810	-C "error"
				811	}
				812
				813	cleanup() {
				814	rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
				815	test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
				816	test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
				817	test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
				818	test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
				819	exit 1
				820	}
				821
				822	#
				823	# MAIN
				824	#
				825
				826	get_options "$@"
				827
				828	# sanity checks, avoid an avalanche of errors
				829	P_SRV_BIN="${P_SRV%%[ ]*}"
				830	P_CLI_BIN="${P_CLI%%[ ]*}"
				831	P_PXY_BIN="${P_PXY%%[ ]*}"
				832	if [ ! -x "$P_SRV_BIN" ]; then
				833	echo "Command '$P_SRV_BIN' is not an executable file"
				834	exit 1
				835	fi
				836	if [ ! -x "$P_CLI_BIN" ]; then
				837	echo "Command '$P_CLI_BIN' is not an executable file"
				838	exit 1
				839	fi
				840	if [ ! -x "$P_PXY_BIN" ]; then
				841	echo "Command '$P_PXY_BIN' is not an executable file"
				842	exit 1
				843	fi
				844	if [ "$MEMCHECK" -gt 0 ]; then
				845	if which valgrind >/dev/null 2>&1; then :; else
				846	echo "Memcheck not possible. Valgrind not found"
				847	exit 1
				848	fi
				849	fi
				850	if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
				851	echo "Command '$OPENSSL_CMD' not found"
				852	exit 1
				853	fi
				854
				855	# used by watchdog
				856	MAIN_PID="$$"
				857
				858	# We use somewhat arbitrary delays for tests:
				859	# - how long do we wait for the server to start (when lsof not available)?
				860	# - how long do we allow for the client to finish?
				861	# (not to check performance, just to avoid waiting indefinitely)
				862	# Things are slower with valgrind, so give extra time here.
				863	#
				864	# Note: without lsof, there is a trade-off between the running time of this
				865	# script and the risk of spurious errors because we didn't wait long enough.
				866	# The watchdog delay on the other hand doesn't affect normal running time of
				867	# the script, only the case where a client or server gets stuck.
				868	if [ "$MEMCHECK" -gt 0 ]; then
				869	START_DELAY=6
				870	DOG_DELAY=60
				871	else
				872	START_DELAY=2
				873	DOG_DELAY=20
				874	fi
				875
				876	# some particular tests need more time:
				877	# - for the client, we multiply the usual watchdog limit by a factor
				878	# - for the server, we sleep for a number of seconds after the client exits
				879	# see client_need_more_time() and server_needs_more_time()
				880	CLI_DELAY_FACTOR=1
				881	SRV_DELAY_SECONDS=0
				882
				883	# fix commands to use this port, force IPv4 while at it
				884	# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
				885	P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
				886	P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
				887	P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
				888	O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
				889	O_CLI="$O_CLI -connect localhost:+SRV_PORT"
				890	G_SRV="$G_SRV -p $SRV_PORT"
				891	G_CLI="$G_CLI -p +SRV_PORT"
				892
				893	if [ -n "${OPENSSL_LEGACY:-}" ]; then
				894	O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
				895	O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
				896	fi
				897
				898	if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
				899	G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
				900	fi
				901
				902	if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
				903	G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
				904	fi
				905
				906	# Allow SHA-1, because many of our test certificates use it
				907	P_SRV="$P_SRV allow_sha1=1"
				908	P_CLI="$P_CLI allow_sha1=1"
				909
				910	# Also pick a unique name for intermediate files
				911	SRV_OUT="srv_out.$$"
				912	CLI_OUT="cli_out.$$"
				913	PXY_OUT="pxy_out.$$"
				914	SESSION="session.$$"
				915
				916	SKIP_NEXT="NO"
				917
				918	trap cleanup INT TERM HUP
				919
				920	# Basic test
				921
				922	# Checks that:
				923	# - things work with all ciphersuites active (used with config-full in all.sh)
				924	# - the expected (highest security) parameters are selected
				925	# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
				926	run_test "Default" \
				927	"$P_SRV debug_level=3" \
				928	"$P_CLI" \
				929	0 \
				930	-s "Protocol is TLSv1.2" \
				931	-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
				932	-s "client hello v3, signature_algorithm ext: 6" \
				933	-s "ECDHE curve: secp521r1" \
				934	-S "error" \
				935	-C "error"
				936
				937	run_test "Default, DTLS" \
				938	"$P_SRV dtls=1" \
				939	"$P_CLI dtls=1" \
				940	0 \
				941	-s "Protocol is DTLSv1.2" \
				942	-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
				943
				944	# Test using an opaque private key for client authentication
				945	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				946	requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
				947	requires_config_enabled MBEDTLS_ECDSA_C
				948	requires_config_enabled MBEDTLS_SHA256_C
				949	run_test "Opaque key for client authentication" \
				950	"$P_SRV auth_mode=required" \
				951	"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
				952	key_file=data_files/server5.key" \
				953	0 \
				954	-c "key type: Opaque" \
				955	-s "Verifying peer X.509 certificate... ok" \
				956	-S "error" \
				957	-C "error"
				958
				959	# Test ciphersuites which we expect to be fully supported by PSA Crypto
				960	# and check that we don't fall back to Mbed TLS' internal crypto primitives.
				961	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
				962	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
				963	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
				964	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
				965	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
				966	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
				967	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
				968	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
				969	run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
				970
				971	requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
				972	run_test_psa_force_curve "secp521r1"
				973	requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
				974	run_test_psa_force_curve "brainpoolP512r1"
				975	requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
				976	run_test_psa_force_curve "secp384r1"
				977	requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
				978	run_test_psa_force_curve "brainpoolP384r1"
				979	requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
				980	run_test_psa_force_curve "secp256r1"
				981	requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
				982	run_test_psa_force_curve "secp256k1"
				983	requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
				984	run_test_psa_force_curve "brainpoolP256r1"
				985	requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
				986	run_test_psa_force_curve "secp224r1"
				987	requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
				988	run_test_psa_force_curve "secp224k1"
				989	requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
				990	run_test_psa_force_curve "secp192r1"
				991	requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
				992	run_test_psa_force_curve "secp192k1"
				993
				994	# Test current time in ServerHello
				995	requires_config_enabled MBEDTLS_HAVE_TIME
				996	run_test "ServerHello contains gmt_unix_time" \
				997	"$P_SRV debug_level=3" \
				998	"$P_CLI debug_level=3" \
				999	0 \
				1000	-f "check_server_hello_time" \
				1001	-F "check_server_hello_time"
				1002
				1003	# Test for uniqueness of IVs in AEAD ciphersuites
				1004	run_test "Unique IV in GCM" \
				1005	"$P_SRV exchanges=20 debug_level=4" \
				1006	"$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
				1007	0 \
				1008	-u "IV used" \
				1009	-U "IV used"
				1010
				1011	# Tests for rc4 option
				1012
				1013	requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
				1014	run_test "RC4: server disabled, client enabled" \
				1015	"$P_SRV" \
				1016	"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1017	1 \
				1018	-s "SSL - The server has no ciphersuites in common"
				1019
				1020	requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
				1021	run_test "RC4: server half, client enabled" \
				1022	"$P_SRV arc4=1" \
				1023	"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1024	1 \
				1025	-s "SSL - The server has no ciphersuites in common"
				1026
				1027	run_test "RC4: server enabled, client disabled" \
				1028	"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1029	"$P_CLI" \
				1030	1 \
				1031	-s "SSL - The server has no ciphersuites in common"
				1032
				1033	run_test "RC4: both enabled" \
				1034	"$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1035	"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1036	0 \
				1037	-S "SSL - None of the common ciphersuites is usable" \
				1038	-S "SSL - The server has no ciphersuites in common"
				1039
				1040	# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
				1041
				1042	requires_gnutls
				1043	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				1044	run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
				1045	"$G_SRV"\
				1046	"$P_CLI force_version=tls1_1" \
				1047	0
				1048
				1049	requires_gnutls
				1050	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
				1051	run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
				1052	"$G_SRV"\
				1053	"$P_CLI force_version=tls1" \
				1054	0
				1055
				1056	# Tests for SHA-1 support
				1057
				1058	requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
				1059	run_test "SHA-1 forbidden by default in server certificate" \
				1060	"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
				1061	"$P_CLI debug_level=2 allow_sha1=0" \
				1062	1 \
				1063	-c "The certificate is signed with an unacceptable hash"
				1064
				1065	requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
				1066	run_test "SHA-1 forbidden by default in server certificate" \
				1067	"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
				1068	"$P_CLI debug_level=2 allow_sha1=0" \
				1069	0
				1070
				1071	run_test "SHA-1 explicitly allowed in server certificate" \
				1072	"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
				1073	"$P_CLI allow_sha1=1" \
				1074	0
				1075
				1076	run_test "SHA-256 allowed by default in server certificate" \
				1077	"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
				1078	"$P_CLI allow_sha1=0" \
				1079	0
				1080
				1081	requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
				1082	run_test "SHA-1 forbidden by default in client certificate" \
				1083	"$P_SRV auth_mode=required allow_sha1=0" \
				1084	"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
				1085	1 \
				1086	-s "The certificate is signed with an unacceptable hash"
				1087
				1088	requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
				1089	run_test "SHA-1 forbidden by default in client certificate" \
				1090	"$P_SRV auth_mode=required allow_sha1=0" \
				1091	"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
				1092	0
				1093
				1094	run_test "SHA-1 explicitly allowed in client certificate" \
				1095	"$P_SRV auth_mode=required allow_sha1=1" \
				1096	"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
				1097	0
				1098
				1099	run_test "SHA-256 allowed by default in client certificate" \
				1100	"$P_SRV auth_mode=required allow_sha1=0" \
				1101	"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
				1102	0
				1103
				1104	# Tests for datagram packing
				1105	run_test "DTLS: multiple records in same datagram, client and server" \
				1106	"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
				1107	"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
				1108	0 \
				1109	-c "next record in same datagram" \
				1110	-s "next record in same datagram"
				1111
				1112	run_test "DTLS: multiple records in same datagram, client only" \
				1113	"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
				1114	"$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
				1115	0 \
				1116	-s "next record in same datagram" \
				1117	-C "next record in same datagram"
				1118
				1119	run_test "DTLS: multiple records in same datagram, server only" \
				1120	"$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
				1121	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				1122	0 \
				1123	-S "next record in same datagram" \
				1124	-c "next record in same datagram"
				1125
				1126	run_test "DTLS: multiple records in same datagram, neither client nor server" \
				1127	"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
				1128	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				1129	0 \
				1130	-S "next record in same datagram" \
				1131	-C "next record in same datagram"
				1132
				1133	# Tests for Truncated HMAC extension
				1134
				1135	run_test "Truncated HMAC: client default, server default" \
				1136	"$P_SRV debug_level=4" \
				1137	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1138	0 \
				1139	-s "dumping 'expected mac' (20 bytes)" \
				1140	-S "dumping 'expected mac' (10 bytes)"
				1141
				1142	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1143	run_test "Truncated HMAC: client disabled, server default" \
				1144	"$P_SRV debug_level=4" \
				1145	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
				1146	0 \
				1147	-s "dumping 'expected mac' (20 bytes)" \
				1148	-S "dumping 'expected mac' (10 bytes)"
				1149
				1150	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1151	run_test "Truncated HMAC: client enabled, server default" \
				1152	"$P_SRV debug_level=4" \
				1153	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1154	0 \
				1155	-s "dumping 'expected mac' (20 bytes)" \
				1156	-S "dumping 'expected mac' (10 bytes)"
				1157
				1158	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1159	run_test "Truncated HMAC: client enabled, server disabled" \
				1160	"$P_SRV debug_level=4 trunc_hmac=0" \
				1161	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1162	0 \
				1163	-s "dumping 'expected mac' (20 bytes)" \
				1164	-S "dumping 'expected mac' (10 bytes)"
				1165
				1166	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1167	run_test "Truncated HMAC: client disabled, server enabled" \
				1168	"$P_SRV debug_level=4 trunc_hmac=1" \
				1169	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
				1170	0 \
				1171	-s "dumping 'expected mac' (20 bytes)" \
				1172	-S "dumping 'expected mac' (10 bytes)"
				1173
				1174	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1175	run_test "Truncated HMAC: client enabled, server enabled" \
				1176	"$P_SRV debug_level=4 trunc_hmac=1" \
				1177	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1178	0 \
				1179	-S "dumping 'expected mac' (20 bytes)" \
				1180	-s "dumping 'expected mac' (10 bytes)"
				1181
				1182	run_test "Truncated HMAC, DTLS: client default, server default" \
				1183	"$P_SRV dtls=1 debug_level=4" \
				1184	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1185	0 \
				1186	-s "dumping 'expected mac' (20 bytes)" \
				1187	-S "dumping 'expected mac' (10 bytes)"
				1188
				1189	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1190	run_test "Truncated HMAC, DTLS: client disabled, server default" \
				1191	"$P_SRV dtls=1 debug_level=4" \
				1192	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
				1193	0 \
				1194	-s "dumping 'expected mac' (20 bytes)" \
				1195	-S "dumping 'expected mac' (10 bytes)"
				1196
				1197	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1198	run_test "Truncated HMAC, DTLS: client enabled, server default" \
				1199	"$P_SRV dtls=1 debug_level=4" \
				1200	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1201	0 \
				1202	-s "dumping 'expected mac' (20 bytes)" \
				1203	-S "dumping 'expected mac' (10 bytes)"
				1204
				1205	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1206	run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
				1207	"$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
				1208	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1209	0 \
				1210	-s "dumping 'expected mac' (20 bytes)" \
				1211	-S "dumping 'expected mac' (10 bytes)"
				1212
				1213	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1214	run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
				1215	"$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
				1216	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
				1217	0 \
				1218	-s "dumping 'expected mac' (20 bytes)" \
				1219	-S "dumping 'expected mac' (10 bytes)"
				1220
				1221	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				1222	run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
				1223	"$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
				1224	"$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
				1225	0 \
				1226	-S "dumping 'expected mac' (20 bytes)" \
				1227	-s "dumping 'expected mac' (10 bytes)"
				1228
				1229	# Tests for Encrypt-then-MAC extension
				1230
				1231	run_test "Encrypt then MAC: default" \
				1232	"$P_SRV debug_level=3 \
				1233	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1234	"$P_CLI debug_level=3" \
				1235	0 \
				1236	-c "client hello, adding encrypt_then_mac extension" \
				1237	-s "found encrypt then mac extension" \
				1238	-s "server hello, adding encrypt then mac extension" \
				1239	-c "found encrypt_then_mac extension" \
				1240	-c "using encrypt then mac" \
				1241	-s "using encrypt then mac"
				1242
				1243	run_test "Encrypt then MAC: client enabled, server disabled" \
				1244	"$P_SRV debug_level=3 etm=0 \
				1245	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1246	"$P_CLI debug_level=3 etm=1" \
				1247	0 \
				1248	-c "client hello, adding encrypt_then_mac extension" \
				1249	-s "found encrypt then mac extension" \
				1250	-S "server hello, adding encrypt then mac extension" \
				1251	-C "found encrypt_then_mac extension" \
				1252	-C "using encrypt then mac" \
				1253	-S "using encrypt then mac"
				1254
				1255	run_test "Encrypt then MAC: client enabled, aead cipher" \
				1256	"$P_SRV debug_level=3 etm=1 \
				1257	force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
				1258	"$P_CLI debug_level=3 etm=1" \
				1259	0 \
				1260	-c "client hello, adding encrypt_then_mac extension" \
				1261	-s "found encrypt then mac extension" \
				1262	-S "server hello, adding encrypt then mac extension" \
				1263	-C "found encrypt_then_mac extension" \
				1264	-C "using encrypt then mac" \
				1265	-S "using encrypt then mac"
				1266
				1267	run_test "Encrypt then MAC: client enabled, stream cipher" \
				1268	"$P_SRV debug_level=3 etm=1 \
				1269	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1270	"$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1271	0 \
				1272	-c "client hello, adding encrypt_then_mac extension" \
				1273	-s "found encrypt then mac extension" \
				1274	-S "server hello, adding encrypt then mac extension" \
				1275	-C "found encrypt_then_mac extension" \
				1276	-C "using encrypt then mac" \
				1277	-S "using encrypt then mac"
				1278
				1279	run_test "Encrypt then MAC: client disabled, server enabled" \
				1280	"$P_SRV debug_level=3 etm=1 \
				1281	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1282	"$P_CLI debug_level=3 etm=0" \
				1283	0 \
				1284	-C "client hello, adding encrypt_then_mac extension" \
				1285	-S "found encrypt then mac extension" \
				1286	-S "server hello, adding encrypt then mac extension" \
				1287	-C "found encrypt_then_mac extension" \
				1288	-C "using encrypt then mac" \
				1289	-S "using encrypt then mac"
				1290
				1291	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				1292	run_test "Encrypt then MAC: client SSLv3, server enabled" \
				1293	"$P_SRV debug_level=3 min_version=ssl3 \
				1294	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1295	"$P_CLI debug_level=3 force_version=ssl3" \
				1296	0 \
				1297	-C "client hello, adding encrypt_then_mac extension" \
				1298	-S "found encrypt then mac extension" \
				1299	-S "server hello, adding encrypt then mac extension" \
				1300	-C "found encrypt_then_mac extension" \
				1301	-C "using encrypt then mac" \
				1302	-S "using encrypt then mac"
				1303
				1304	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				1305	run_test "Encrypt then MAC: client enabled, server SSLv3" \
				1306	"$P_SRV debug_level=3 force_version=ssl3 \
				1307	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				1308	"$P_CLI debug_level=3 min_version=ssl3" \
				1309	0 \
				1310	-c "client hello, adding encrypt_then_mac extension" \
				1311	-S "found encrypt then mac extension" \
				1312	-S "server hello, adding encrypt then mac extension" \
				1313	-C "found encrypt_then_mac extension" \
				1314	-C "using encrypt then mac" \
				1315	-S "using encrypt then mac"
				1316
				1317	# Tests for Extended Master Secret extension
				1318
				1319	run_test "Extended Master Secret: default" \
				1320	"$P_SRV debug_level=3" \
				1321	"$P_CLI debug_level=3" \
				1322	0 \
				1323	-c "client hello, adding extended_master_secret extension" \
				1324	-s "found extended master secret extension" \
				1325	-s "server hello, adding extended master secret extension" \
				1326	-c "found extended_master_secret extension" \
				1327	-c "using extended master secret" \
				1328	-s "using extended master secret"
				1329
				1330	run_test "Extended Master Secret: client enabled, server disabled" \
				1331	"$P_SRV debug_level=3 extended_ms=0" \
				1332	"$P_CLI debug_level=3 extended_ms=1" \
				1333	0 \
				1334	-c "client hello, adding extended_master_secret extension" \
				1335	-s "found extended master secret extension" \
				1336	-S "server hello, adding extended master secret extension" \
				1337	-C "found extended_master_secret extension" \
				1338	-C "using extended master secret" \
				1339	-S "using extended master secret"
				1340
				1341	run_test "Extended Master Secret: client disabled, server enabled" \
				1342	"$P_SRV debug_level=3 extended_ms=1" \
				1343	"$P_CLI debug_level=3 extended_ms=0" \
				1344	0 \
				1345	-C "client hello, adding extended_master_secret extension" \
				1346	-S "found extended master secret extension" \
				1347	-S "server hello, adding extended master secret extension" \
				1348	-C "found extended_master_secret extension" \
				1349	-C "using extended master secret" \
				1350	-S "using extended master secret"
				1351
				1352	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				1353	run_test "Extended Master Secret: client SSLv3, server enabled" \
				1354	"$P_SRV debug_level=3 min_version=ssl3" \
				1355	"$P_CLI debug_level=3 force_version=ssl3" \
				1356	0 \
				1357	-C "client hello, adding extended_master_secret extension" \
				1358	-S "found extended master secret extension" \
				1359	-S "server hello, adding extended master secret extension" \
				1360	-C "found extended_master_secret extension" \
				1361	-C "using extended master secret" \
				1362	-S "using extended master secret"
				1363
				1364	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				1365	run_test "Extended Master Secret: client enabled, server SSLv3" \
				1366	"$P_SRV debug_level=3 force_version=ssl3" \
				1367	"$P_CLI debug_level=3 min_version=ssl3" \
				1368	0 \
				1369	-c "client hello, adding extended_master_secret extension" \
				1370	-S "found extended master secret extension" \
				1371	-S "server hello, adding extended master secret extension" \
				1372	-C "found extended_master_secret extension" \
				1373	-C "using extended master secret" \
				1374	-S "using extended master secret"
				1375
				1376	# Tests for FALLBACK_SCSV
				1377
				1378	run_test "Fallback SCSV: default" \
				1379	"$P_SRV debug_level=2" \
				1380	"$P_CLI debug_level=3 force_version=tls1_1" \
				1381	0 \
				1382	-C "adding FALLBACK_SCSV" \
				1383	-S "received FALLBACK_SCSV" \
				1384	-S "inapropriate fallback" \
				1385	-C "is a fatal alert message (msg 86)"
				1386
				1387	run_test "Fallback SCSV: explicitly disabled" \
				1388	"$P_SRV debug_level=2" \
				1389	"$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
				1390	0 \
				1391	-C "adding FALLBACK_SCSV" \
				1392	-S "received FALLBACK_SCSV" \
				1393	-S "inapropriate fallback" \
				1394	-C "is a fatal alert message (msg 86)"
				1395
				1396	run_test "Fallback SCSV: enabled" \
				1397	"$P_SRV debug_level=2" \
				1398	"$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
				1399	1 \
				1400	-c "adding FALLBACK_SCSV" \
				1401	-s "received FALLBACK_SCSV" \
				1402	-s "inapropriate fallback" \
				1403	-c "is a fatal alert message (msg 86)"
				1404
				1405	run_test "Fallback SCSV: enabled, max version" \
				1406	"$P_SRV debug_level=2" \
				1407	"$P_CLI debug_level=3 fallback=1" \
				1408	0 \
				1409	-c "adding FALLBACK_SCSV" \
				1410	-s "received FALLBACK_SCSV" \
				1411	-S "inapropriate fallback" \
				1412	-C "is a fatal alert message (msg 86)"
				1413
				1414	requires_openssl_with_fallback_scsv
				1415	run_test "Fallback SCSV: default, openssl server" \
				1416	"$O_SRV" \
				1417	"$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
				1418	0 \
				1419	-C "adding FALLBACK_SCSV" \
				1420	-C "is a fatal alert message (msg 86)"
				1421
				1422	requires_openssl_with_fallback_scsv
				1423	run_test "Fallback SCSV: enabled, openssl server" \
				1424	"$O_SRV" \
				1425	"$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
				1426	1 \
				1427	-c "adding FALLBACK_SCSV" \
				1428	-c "is a fatal alert message (msg 86)"
				1429
				1430	requires_openssl_with_fallback_scsv
				1431	run_test "Fallback SCSV: disabled, openssl client" \
				1432	"$P_SRV debug_level=2" \
				1433	"$O_CLI -tls1_1" \
				1434	0 \
				1435	-S "received FALLBACK_SCSV" \
				1436	-S "inapropriate fallback"
				1437
				1438	requires_openssl_with_fallback_scsv
				1439	run_test "Fallback SCSV: enabled, openssl client" \
				1440	"$P_SRV debug_level=2" \
				1441	"$O_CLI -tls1_1 -fallback_scsv" \
				1442	1 \
				1443	-s "received FALLBACK_SCSV" \
				1444	-s "inapropriate fallback"
				1445
				1446	requires_openssl_with_fallback_scsv
				1447	run_test "Fallback SCSV: enabled, max version, openssl client" \
				1448	"$P_SRV debug_level=2" \
				1449	"$O_CLI -fallback_scsv" \
				1450	0 \
				1451	-s "received FALLBACK_SCSV" \
				1452	-S "inapropriate fallback"
				1453
				1454	# Test sending and receiving empty application data records
				1455
				1456	run_test "Encrypt then MAC: empty application data record" \
				1457	"$P_SRV auth_mode=none debug_level=4 etm=1" \
				1458	"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
				1459	0 \
				1460	-S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
				1461	-s "dumping 'input payload after decrypt' (0 bytes)" \
				1462	-c "0 bytes written in 1 fragments"
				1463
				1464	run_test "Default, no Encrypt then MAC: empty application data record" \
				1465	"$P_SRV auth_mode=none debug_level=4 etm=0" \
				1466	"$P_CLI auth_mode=none etm=0 request_size=0" \
				1467	0 \
				1468	-s "dumping 'input payload after decrypt' (0 bytes)" \
				1469	-c "0 bytes written in 1 fragments"
				1470
				1471	run_test "Encrypt then MAC, DTLS: empty application data record" \
				1472	"$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
				1473	"$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
				1474	0 \
				1475	-S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
				1476	-s "dumping 'input payload after decrypt' (0 bytes)" \
				1477	-c "0 bytes written in 1 fragments"
				1478
				1479	run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
				1480	"$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
				1481	"$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
				1482	0 \
				1483	-s "dumping 'input payload after decrypt' (0 bytes)" \
				1484	-c "0 bytes written in 1 fragments"
				1485
				1486	## ClientHello generated with
				1487	## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
				1488	## then manually twiddling the ciphersuite list.
				1489	## The ClientHello content is spelled out below as a hex string as
				1490	## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
				1491	## The expected response is an inappropriate_fallback alert.
				1492	requires_openssl_with_fallback_scsv
				1493	run_test "Fallback SCSV: beginning of list" \
				1494	"$P_SRV debug_level=2" \
				1495	"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
				1496	0 \
				1497	-s "received FALLBACK_SCSV" \
				1498	-s "inapropriate fallback"
				1499
				1500	requires_openssl_with_fallback_scsv
				1501	run_test "Fallback SCSV: end of list" \
				1502	"$P_SRV debug_level=2" \
				1503	"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
				1504	0 \
				1505	-s "received FALLBACK_SCSV" \
				1506	-s "inapropriate fallback"
				1507
				1508	## Here the expected response is a valid ServerHello prefix, up to the random.
				1509	requires_openssl_with_fallback_scsv
				1510	run_test "Fallback SCSV: not in list" \
				1511	"$P_SRV debug_level=2" \
				1512	"$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
				1513	0 \
				1514	-S "received FALLBACK_SCSV" \
				1515	-S "inapropriate fallback"
				1516
				1517	# Tests for CBC 1/n-1 record splitting
				1518
				1519	run_test "CBC Record splitting: TLS 1.2, no splitting" \
				1520	"$P_SRV" \
				1521	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1522	request_size=123 force_version=tls1_2" \
				1523	0 \
				1524	-s "Read from client: 123 bytes read" \
				1525	-S "Read from client: 1 bytes read" \
				1526	-S "122 bytes read"
				1527
				1528	run_test "CBC Record splitting: TLS 1.1, no splitting" \
				1529	"$P_SRV" \
				1530	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1531	request_size=123 force_version=tls1_1" \
				1532	0 \
				1533	-s "Read from client: 123 bytes read" \
				1534	-S "Read from client: 1 bytes read" \
				1535	-S "122 bytes read"
				1536
				1537	run_test "CBC Record splitting: TLS 1.0, splitting" \
				1538	"$P_SRV" \
				1539	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1540	request_size=123 force_version=tls1" \
				1541	0 \
				1542	-S "Read from client: 123 bytes read" \
				1543	-s "Read from client: 1 bytes read" \
				1544	-s "122 bytes read"
				1545
				1546	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				1547	run_test "CBC Record splitting: SSLv3, splitting" \
				1548	"$P_SRV min_version=ssl3" \
				1549	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1550	request_size=123 force_version=ssl3" \
				1551	0 \
				1552	-S "Read from client: 123 bytes read" \
				1553	-s "Read from client: 1 bytes read" \
				1554	-s "122 bytes read"
				1555
				1556	run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
				1557	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				1558	"$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				1559	request_size=123 force_version=tls1" \
				1560	0 \
				1561	-s "Read from client: 123 bytes read" \
				1562	-S "Read from client: 1 bytes read" \
				1563	-S "122 bytes read"
				1564
				1565	run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
				1566	"$P_SRV" \
				1567	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1568	request_size=123 force_version=tls1 recsplit=0" \
				1569	0 \
				1570	-s "Read from client: 123 bytes read" \
				1571	-S "Read from client: 1 bytes read" \
				1572	-S "122 bytes read"
				1573
				1574	run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
				1575	"$P_SRV nbio=2" \
				1576	"$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
				1577	request_size=123 force_version=tls1" \
				1578	0 \
				1579	-S "Read from client: 123 bytes read" \
				1580	-s "Read from client: 1 bytes read" \
				1581	-s "122 bytes read"
				1582
				1583	# Tests for Session Tickets
				1584
				1585	run_test "Session resume using tickets: basic" \
				1586	"$P_SRV debug_level=3 tickets=1" \
				1587	"$P_CLI debug_level=3 tickets=1 reconnect=1" \
				1588	0 \
				1589	-c "client hello, adding session ticket extension" \
				1590	-s "found session ticket extension" \
				1591	-s "server hello, adding session ticket extension" \
				1592	-c "found session_ticket extension" \
				1593	-c "parse new session ticket" \
				1594	-S "session successfully restored from cache" \
				1595	-s "session successfully restored from ticket" \
				1596	-s "a session has been resumed" \
				1597	-c "a session has been resumed"
				1598
				1599	run_test "Session resume using tickets: cache disabled" \
				1600	"$P_SRV debug_level=3 tickets=1 cache_max=0" \
				1601	"$P_CLI debug_level=3 tickets=1 reconnect=1" \
				1602	0 \
				1603	-c "client hello, adding session ticket extension" \
				1604	-s "found session ticket extension" \
				1605	-s "server hello, adding session ticket extension" \
				1606	-c "found session_ticket extension" \
				1607	-c "parse new session ticket" \
				1608	-S "session successfully restored from cache" \
				1609	-s "session successfully restored from ticket" \
				1610	-s "a session has been resumed" \
				1611	-c "a session has been resumed"
				1612
				1613	run_test "Session resume using tickets: timeout" \
				1614	"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
				1615	"$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
				1616	0 \
				1617	-c "client hello, adding session ticket extension" \
				1618	-s "found session ticket extension" \
				1619	-s "server hello, adding session ticket extension" \
				1620	-c "found session_ticket extension" \
				1621	-c "parse new session ticket" \
				1622	-S "session successfully restored from cache" \
				1623	-S "session successfully restored from ticket" \
				1624	-S "a session has been resumed" \
				1625	-C "a session has been resumed"
				1626
				1627	run_test "Session resume using tickets: openssl server" \
				1628	"$O_SRV" \
				1629	"$P_CLI debug_level=3 tickets=1 reconnect=1" \
				1630	0 \
				1631	-c "client hello, adding session ticket extension" \
				1632	-c "found session_ticket extension" \
				1633	-c "parse new session ticket" \
				1634	-c "a session has been resumed"
				1635
				1636	run_test "Session resume using tickets: openssl client" \
				1637	"$P_SRV debug_level=3 tickets=1" \
				1638	"( $O_CLI -sess_out $SESSION; \
				1639	$O_CLI -sess_in $SESSION; \
				1640	rm -f $SESSION )" \
				1641	0 \
				1642	-s "found session ticket extension" \
				1643	-s "server hello, adding session ticket extension" \
				1644	-S "session successfully restored from cache" \
				1645	-s "session successfully restored from ticket" \
				1646	-s "a session has been resumed"
				1647
				1648	# Tests for Session Tickets with DTLS
				1649
				1650	run_test "Session resume using tickets, DTLS: basic" \
				1651	"$P_SRV debug_level=3 dtls=1 tickets=1" \
				1652	"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
				1653	0 \
				1654	-c "client hello, adding session ticket extension" \
				1655	-s "found session ticket extension" \
				1656	-s "server hello, adding session ticket extension" \
				1657	-c "found session_ticket extension" \
				1658	-c "parse new session ticket" \
				1659	-S "session successfully restored from cache" \
				1660	-s "session successfully restored from ticket" \
				1661	-s "a session has been resumed" \
				1662	-c "a session has been resumed"
				1663
				1664	run_test "Session resume using tickets, DTLS: cache disabled" \
				1665	"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
				1666	"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
				1667	0 \
				1668	-c "client hello, adding session ticket extension" \
				1669	-s "found session ticket extension" \
				1670	-s "server hello, adding session ticket extension" \
				1671	-c "found session_ticket extension" \
				1672	-c "parse new session ticket" \
				1673	-S "session successfully restored from cache" \
				1674	-s "session successfully restored from ticket" \
				1675	-s "a session has been resumed" \
				1676	-c "a session has been resumed"
				1677
				1678	run_test "Session resume using tickets, DTLS: timeout" \
				1679	"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
				1680	"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
				1681	0 \
				1682	-c "client hello, adding session ticket extension" \
				1683	-s "found session ticket extension" \
				1684	-s "server hello, adding session ticket extension" \
				1685	-c "found session_ticket extension" \
				1686	-c "parse new session ticket" \
				1687	-S "session successfully restored from cache" \
				1688	-S "session successfully restored from ticket" \
				1689	-S "a session has been resumed" \
				1690	-C "a session has been resumed"
				1691
				1692	run_test "Session resume using tickets, DTLS: openssl server" \
				1693	"$O_SRV -dtls1" \
				1694	"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
				1695	0 \
				1696	-c "client hello, adding session ticket extension" \
				1697	-c "found session_ticket extension" \
				1698	-c "parse new session ticket" \
				1699	-c "a session has been resumed"
				1700
				1701	run_test "Session resume using tickets, DTLS: openssl client" \
				1702	"$P_SRV dtls=1 debug_level=3 tickets=1" \
				1703	"( $O_CLI -dtls1 -sess_out $SESSION; \
				1704	$O_CLI -dtls1 -sess_in $SESSION; \
				1705	rm -f $SESSION )" \
				1706	0 \
				1707	-s "found session ticket extension" \
				1708	-s "server hello, adding session ticket extension" \
				1709	-S "session successfully restored from cache" \
				1710	-s "session successfully restored from ticket" \
				1711	-s "a session has been resumed"
				1712
				1713	# Tests for Session Resume based on session-ID and cache
				1714
				1715	run_test "Session resume using cache: tickets enabled on client" \
				1716	"$P_SRV debug_level=3 tickets=0" \
				1717	"$P_CLI debug_level=3 tickets=1 reconnect=1" \
				1718	0 \
				1719	-c "client hello, adding session ticket extension" \
				1720	-s "found session ticket extension" \
				1721	-S "server hello, adding session ticket extension" \
				1722	-C "found session_ticket extension" \
				1723	-C "parse new session ticket" \
				1724	-s "session successfully restored from cache" \
				1725	-S "session successfully restored from ticket" \
				1726	-s "a session has been resumed" \
				1727	-c "a session has been resumed"
				1728
				1729	run_test "Session resume using cache: tickets enabled on server" \
				1730	"$P_SRV debug_level=3 tickets=1" \
				1731	"$P_CLI debug_level=3 tickets=0 reconnect=1" \
				1732	0 \
				1733	-C "client hello, adding session ticket extension" \
				1734	-S "found session ticket extension" \
				1735	-S "server hello, adding session ticket extension" \
				1736	-C "found session_ticket extension" \
				1737	-C "parse new session ticket" \
				1738	-s "session successfully restored from cache" \
				1739	-S "session successfully restored from ticket" \
				1740	-s "a session has been resumed" \
				1741	-c "a session has been resumed"
				1742
				1743	run_test "Session resume using cache: cache_max=0" \
				1744	"$P_SRV debug_level=3 tickets=0 cache_max=0" \
				1745	"$P_CLI debug_level=3 tickets=0 reconnect=1" \
				1746	0 \
				1747	-S "session successfully restored from cache" \
				1748	-S "session successfully restored from ticket" \
				1749	-S "a session has been resumed" \
				1750	-C "a session has been resumed"
				1751
				1752	run_test "Session resume using cache: cache_max=1" \
				1753	"$P_SRV debug_level=3 tickets=0 cache_max=1" \
				1754	"$P_CLI debug_level=3 tickets=0 reconnect=1" \
				1755	0 \
				1756	-s "session successfully restored from cache" \
				1757	-S "session successfully restored from ticket" \
				1758	-s "a session has been resumed" \
				1759	-c "a session has been resumed"
				1760
				1761	run_test "Session resume using cache: timeout > delay" \
				1762	"$P_SRV debug_level=3 tickets=0" \
				1763	"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
				1764	0 \
				1765	-s "session successfully restored from cache" \
				1766	-S "session successfully restored from ticket" \
				1767	-s "a session has been resumed" \
				1768	-c "a session has been resumed"
				1769
				1770	run_test "Session resume using cache: timeout < delay" \
				1771	"$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
				1772	"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
				1773	0 \
				1774	-S "session successfully restored from cache" \
				1775	-S "session successfully restored from ticket" \
				1776	-S "a session has been resumed" \
				1777	-C "a session has been resumed"
				1778
				1779	run_test "Session resume using cache: no timeout" \
				1780	"$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
				1781	"$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
				1782	0 \
				1783	-s "session successfully restored from cache" \
				1784	-S "session successfully restored from ticket" \
				1785	-s "a session has been resumed" \
				1786	-c "a session has been resumed"
				1787
				1788	run_test "Session resume using cache: openssl client" \
				1789	"$P_SRV debug_level=3 tickets=0" \
				1790	"( $O_CLI -sess_out $SESSION; \
				1791	$O_CLI -sess_in $SESSION; \
				1792	rm -f $SESSION )" \
				1793	0 \
				1794	-s "found session ticket extension" \
				1795	-S "server hello, adding session ticket extension" \
				1796	-s "session successfully restored from cache" \
				1797	-S "session successfully restored from ticket" \
				1798	-s "a session has been resumed"
				1799
				1800	run_test "Session resume using cache: openssl server" \
				1801	"$O_SRV" \
				1802	"$P_CLI debug_level=3 tickets=0 reconnect=1" \
				1803	0 \
				1804	-C "found session_ticket extension" \
				1805	-C "parse new session ticket" \
				1806	-c "a session has been resumed"
				1807
				1808	# Tests for Session Resume based on session-ID and cache, DTLS
				1809
				1810	run_test "Session resume using cache, DTLS: tickets enabled on client" \
				1811	"$P_SRV dtls=1 debug_level=3 tickets=0" \
				1812	"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
				1813	0 \
				1814	-c "client hello, adding session ticket extension" \
				1815	-s "found session ticket extension" \
				1816	-S "server hello, adding session ticket extension" \
				1817	-C "found session_ticket extension" \
				1818	-C "parse new session ticket" \
				1819	-s "session successfully restored from cache" \
				1820	-S "session successfully restored from ticket" \
				1821	-s "a session has been resumed" \
				1822	-c "a session has been resumed"
				1823
				1824	run_test "Session resume using cache, DTLS: tickets enabled on server" \
				1825	"$P_SRV dtls=1 debug_level=3 tickets=1" \
				1826	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
				1827	0 \
				1828	-C "client hello, adding session ticket extension" \
				1829	-S "found session ticket extension" \
				1830	-S "server hello, adding session ticket extension" \
				1831	-C "found session_ticket extension" \
				1832	-C "parse new session ticket" \
				1833	-s "session successfully restored from cache" \
				1834	-S "session successfully restored from ticket" \
				1835	-s "a session has been resumed" \
				1836	-c "a session has been resumed"
				1837
				1838	run_test "Session resume using cache, DTLS: cache_max=0" \
				1839	"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
				1840	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
				1841	0 \
				1842	-S "session successfully restored from cache" \
				1843	-S "session successfully restored from ticket" \
				1844	-S "a session has been resumed" \
				1845	-C "a session has been resumed"
				1846
				1847	run_test "Session resume using cache, DTLS: cache_max=1" \
				1848	"$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
				1849	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
				1850	0 \
				1851	-s "session successfully restored from cache" \
				1852	-S "session successfully restored from ticket" \
				1853	-s "a session has been resumed" \
				1854	-c "a session has been resumed"
				1855
				1856	run_test "Session resume using cache, DTLS: timeout > delay" \
				1857	"$P_SRV dtls=1 debug_level=3 tickets=0" \
				1858	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
				1859	0 \
				1860	-s "session successfully restored from cache" \
				1861	-S "session successfully restored from ticket" \
				1862	-s "a session has been resumed" \
				1863	-c "a session has been resumed"
				1864
				1865	run_test "Session resume using cache, DTLS: timeout < delay" \
				1866	"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
				1867	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
				1868	0 \
				1869	-S "session successfully restored from cache" \
				1870	-S "session successfully restored from ticket" \
				1871	-S "a session has been resumed" \
				1872	-C "a session has been resumed"
				1873
				1874	run_test "Session resume using cache, DTLS: no timeout" \
				1875	"$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
				1876	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
				1877	0 \
				1878	-s "session successfully restored from cache" \
				1879	-S "session successfully restored from ticket" \
				1880	-s "a session has been resumed" \
				1881	-c "a session has been resumed"
				1882
				1883	run_test "Session resume using cache, DTLS: openssl client" \
				1884	"$P_SRV dtls=1 debug_level=3 tickets=0" \
				1885	"( $O_CLI -dtls1 -sess_out $SESSION; \
				1886	$O_CLI -dtls1 -sess_in $SESSION; \
				1887	rm -f $SESSION )" \
				1888	0 \
				1889	-s "found session ticket extension" \
				1890	-S "server hello, adding session ticket extension" \
				1891	-s "session successfully restored from cache" \
				1892	-S "session successfully restored from ticket" \
				1893	-s "a session has been resumed"
				1894
				1895	run_test "Session resume using cache, DTLS: openssl server" \
				1896	"$O_SRV -dtls1" \
				1897	"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
				1898	0 \
				1899	-C "found session_ticket extension" \
				1900	-C "parse new session ticket" \
				1901	-c "a session has been resumed"
				1902
				1903	# Tests for Max Fragment Length extension
				1904
				1905	if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
				1906	printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
				1907	exit 1
				1908	fi
				1909
				1910	if [ $MAX_CONTENT_LEN -ne 16384 ]; then
				1911	printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
				1912	fi
				1913
				1914	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1915	run_test "Max fragment length: enabled, default" \
				1916	"$P_SRV debug_level=3" \
				1917	"$P_CLI debug_level=3" \
				1918	0 \
				1919	-c "Maximum fragment length is $MAX_CONTENT_LEN" \
				1920	-s "Maximum fragment length is $MAX_CONTENT_LEN" \
				1921	-C "client hello, adding max_fragment_length extension" \
				1922	-S "found max fragment length extension" \
				1923	-S "server hello, max_fragment_length extension" \
				1924	-C "found max_fragment_length extension"
				1925
				1926	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1927	run_test "Max fragment length: enabled, default, larger message" \
				1928	"$P_SRV debug_level=3" \
				1929	"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
				1930	0 \
				1931	-c "Maximum fragment length is $MAX_CONTENT_LEN" \
				1932	-s "Maximum fragment length is $MAX_CONTENT_LEN" \
				1933	-C "client hello, adding max_fragment_length extension" \
				1934	-S "found max fragment length extension" \
				1935	-S "server hello, max_fragment_length extension" \
				1936	-C "found max_fragment_length extension" \
				1937	-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
				1938	-s "$MAX_CONTENT_LEN bytes read" \
				1939	-s "1 bytes read"
				1940
				1941	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1942	run_test "Max fragment length, DTLS: enabled, default, larger message" \
				1943	"$P_SRV debug_level=3 dtls=1" \
				1944	"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
				1945	1 \
				1946	-c "Maximum fragment length is $MAX_CONTENT_LEN" \
				1947	-s "Maximum fragment length is $MAX_CONTENT_LEN" \
				1948	-C "client hello, adding max_fragment_length extension" \
				1949	-S "found max fragment length extension" \
				1950	-S "server hello, max_fragment_length extension" \
				1951	-C "found max_fragment_length extension" \
				1952	-c "fragment larger than.*maximum "
				1953
				1954	# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
				1955	# (session fragment length will be 16384 regardless of mbedtls
				1956	# content length configuration.)
				1957
				1958	requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1959	run_test "Max fragment length: disabled, larger message" \
				1960	"$P_SRV debug_level=3" \
				1961	"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
				1962	0 \
				1963	-C "Maximum fragment length is 16384" \
				1964	-S "Maximum fragment length is 16384" \
				1965	-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
				1966	-s "$MAX_CONTENT_LEN bytes read" \
				1967	-s "1 bytes read"
				1968
				1969	requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1970	run_test "Max fragment length DTLS: disabled, larger message" \
				1971	"$P_SRV debug_level=3 dtls=1" \
				1972	"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
				1973	1 \
				1974	-C "Maximum fragment length is 16384" \
				1975	-S "Maximum fragment length is 16384" \
				1976	-c "fragment larger than.*maximum "
				1977
				1978	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1979	run_test "Max fragment length: used by client" \
				1980	"$P_SRV debug_level=3" \
				1981	"$P_CLI debug_level=3 max_frag_len=4096" \
				1982	0 \
				1983	-c "Maximum fragment length is 4096" \
				1984	-s "Maximum fragment length is 4096" \
				1985	-c "client hello, adding max_fragment_length extension" \
				1986	-s "found max fragment length extension" \
				1987	-s "server hello, max_fragment_length extension" \
				1988	-c "found max_fragment_length extension"
				1989
				1990	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				1991	run_test "Max fragment length: used by server" \
				1992	"$P_SRV debug_level=3 max_frag_len=4096" \
				1993	"$P_CLI debug_level=3" \
				1994	0 \
				1995	-c "Maximum fragment length is $MAX_CONTENT_LEN" \
				1996	-s "Maximum fragment length is 4096" \
				1997	-C "client hello, adding max_fragment_length extension" \
				1998	-S "found max fragment length extension" \
				1999	-S "server hello, max_fragment_length extension" \
				2000	-C "found max_fragment_length extension"
				2001
				2002	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				2003	requires_gnutls
				2004	run_test "Max fragment length: gnutls server" \
				2005	"$G_SRV" \
				2006	"$P_CLI debug_level=3 max_frag_len=4096" \
				2007	0 \
				2008	-c "Maximum fragment length is 4096" \
				2009	-c "client hello, adding max_fragment_length extension" \
				2010	-c "found max_fragment_length extension"
				2011
				2012	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				2013	run_test "Max fragment length: client, message just fits" \
				2014	"$P_SRV debug_level=3" \
				2015	"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
				2016	0 \
				2017	-c "Maximum fragment length is 2048" \
				2018	-s "Maximum fragment length is 2048" \
				2019	-c "client hello, adding max_fragment_length extension" \
				2020	-s "found max fragment length extension" \
				2021	-s "server hello, max_fragment_length extension" \
				2022	-c "found max_fragment_length extension" \
				2023	-c "2048 bytes written in 1 fragments" \
				2024	-s "2048 bytes read"
				2025
				2026	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				2027	run_test "Max fragment length: client, larger message" \
				2028	"$P_SRV debug_level=3" \
				2029	"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
				2030	0 \
				2031	-c "Maximum fragment length is 2048" \
				2032	-s "Maximum fragment length is 2048" \
				2033	-c "client hello, adding max_fragment_length extension" \
				2034	-s "found max fragment length extension" \
				2035	-s "server hello, max_fragment_length extension" \
				2036	-c "found max_fragment_length extension" \
				2037	-c "2345 bytes written in 2 fragments" \
				2038	-s "2048 bytes read" \
				2039	-s "297 bytes read"
				2040
				2041	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				2042	run_test "Max fragment length: DTLS client, larger message" \
				2043	"$P_SRV debug_level=3 dtls=1" \
				2044	"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
				2045	1 \
				2046	-c "Maximum fragment length is 2048" \
				2047	-s "Maximum fragment length is 2048" \
				2048	-c "client hello, adding max_fragment_length extension" \
				2049	-s "found max fragment length extension" \
				2050	-s "server hello, max_fragment_length extension" \
				2051	-c "found max_fragment_length extension" \
				2052	-c "fragment larger than.*maximum"
				2053
				2054	# Tests for renegotiation
				2055
				2056	# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
				2057	run_test "Renegotiation: none, for reference" \
				2058	"$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
				2059	"$P_CLI debug_level=3 exchanges=2" \
				2060	0 \
				2061	-C "client hello, adding renegotiation extension" \
				2062	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2063	-S "found renegotiation extension" \
				2064	-s "server hello, secure renegotiation extension" \
				2065	-c "found renegotiation extension" \
				2066	-C "=> renegotiate" \
				2067	-S "=> renegotiate" \
				2068	-S "write hello request"
				2069
				2070	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2071	run_test "Renegotiation: client-initiated" \
				2072	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
				2073	"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
				2074	0 \
				2075	-c "client hello, adding renegotiation extension" \
				2076	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2077	-s "found renegotiation extension" \
				2078	-s "server hello, secure renegotiation extension" \
				2079	-c "found renegotiation extension" \
				2080	-c "=> renegotiate" \
				2081	-s "=> renegotiate" \
				2082	-S "write hello request"
				2083
				2084	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2085	run_test "Renegotiation: server-initiated" \
				2086	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
				2087	"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
				2088	0 \
				2089	-c "client hello, adding renegotiation extension" \
				2090	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2091	-s "found renegotiation extension" \
				2092	-s "server hello, secure renegotiation extension" \
				2093	-c "found renegotiation extension" \
				2094	-c "=> renegotiate" \
				2095	-s "=> renegotiate" \
				2096	-s "write hello request"
				2097
				2098	# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
				2099	# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
				2100	# algorithm stronger than SHA-1 is enabled in config.h
				2101	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2102	run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
				2103	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
				2104	"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
				2105	0 \
				2106	-c "client hello, adding renegotiation extension" \
				2107	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2108	-s "found renegotiation extension" \
				2109	-s "server hello, secure renegotiation extension" \
				2110	-c "found renegotiation extension" \
				2111	-c "=> renegotiate" \
				2112	-s "=> renegotiate" \
				2113	-S "write hello request" \
				2114	-S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
				2115
				2116	# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
				2117	# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
				2118	# algorithm stronger than SHA-1 is enabled in config.h
				2119	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2120	run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
				2121	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
				2122	"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
				2123	0 \
				2124	-c "client hello, adding renegotiation extension" \
				2125	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2126	-s "found renegotiation extension" \
				2127	-s "server hello, secure renegotiation extension" \
				2128	-c "found renegotiation extension" \
				2129	-c "=> renegotiate" \
				2130	-s "=> renegotiate" \
				2131	-s "write hello request" \
				2132	-S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
				2133
				2134	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2135	run_test "Renegotiation: double" \
				2136	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
				2137	"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
				2138	0 \
				2139	-c "client hello, adding renegotiation extension" \
				2140	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2141	-s "found renegotiation extension" \
				2142	-s "server hello, secure renegotiation extension" \
				2143	-c "found renegotiation extension" \
				2144	-c "=> renegotiate" \
				2145	-s "=> renegotiate" \
				2146	-s "write hello request"
				2147
				2148	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2149	run_test "Renegotiation: client-initiated, server-rejected" \
				2150	"$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
				2151	"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
				2152	1 \
				2153	-c "client hello, adding renegotiation extension" \
				2154	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2155	-S "found renegotiation extension" \
				2156	-s "server hello, secure renegotiation extension" \
				2157	-c "found renegotiation extension" \
				2158	-c "=> renegotiate" \
				2159	-S "=> renegotiate" \
				2160	-S "write hello request" \
				2161	-c "SSL - Unexpected message at ServerHello in renegotiation" \
				2162	-c "failed"
				2163
				2164	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2165	run_test "Renegotiation: server-initiated, client-rejected, default" \
				2166	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
				2167	"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
				2168	0 \
				2169	-C "client hello, adding renegotiation extension" \
				2170	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2171	-S "found renegotiation extension" \
				2172	-s "server hello, secure renegotiation extension" \
				2173	-c "found renegotiation extension" \
				2174	-C "=> renegotiate" \
				2175	-S "=> renegotiate" \
				2176	-s "write hello request" \
				2177	-S "SSL - An unexpected message was received from our peer" \
				2178	-S "failed"
				2179
				2180	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2181	run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
				2182	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
				2183	renego_delay=-1 auth_mode=optional" \
				2184	"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
				2185	0 \
				2186	-C "client hello, adding renegotiation extension" \
				2187	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2188	-S "found renegotiation extension" \
				2189	-s "server hello, secure renegotiation extension" \
				2190	-c "found renegotiation extension" \
				2191	-C "=> renegotiate" \
				2192	-S "=> renegotiate" \
				2193	-s "write hello request" \
				2194	-S "SSL - An unexpected message was received from our peer" \
				2195	-S "failed"
				2196
				2197	# delay 2 for 1 alert record + 1 application data record
				2198	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2199	run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
				2200	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
				2201	renego_delay=2 auth_mode=optional" \
				2202	"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
				2203	0 \
				2204	-C "client hello, adding renegotiation extension" \
				2205	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2206	-S "found renegotiation extension" \
				2207	-s "server hello, secure renegotiation extension" \
				2208	-c "found renegotiation extension" \
				2209	-C "=> renegotiate" \
				2210	-S "=> renegotiate" \
				2211	-s "write hello request" \
				2212	-S "SSL - An unexpected message was received from our peer" \
				2213	-S "failed"
				2214
				2215	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2216	run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
				2217	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
				2218	renego_delay=0 auth_mode=optional" \
				2219	"$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
				2220	0 \
				2221	-C "client hello, adding renegotiation extension" \
				2222	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2223	-S "found renegotiation extension" \
				2224	-s "server hello, secure renegotiation extension" \
				2225	-c "found renegotiation extension" \
				2226	-C "=> renegotiate" \
				2227	-S "=> renegotiate" \
				2228	-s "write hello request" \
				2229	-s "SSL - An unexpected message was received from our peer"
				2230
				2231	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2232	run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
				2233	"$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
				2234	renego_delay=0 auth_mode=optional" \
				2235	"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
				2236	0 \
				2237	-c "client hello, adding renegotiation extension" \
				2238	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2239	-s "found renegotiation extension" \
				2240	-s "server hello, secure renegotiation extension" \
				2241	-c "found renegotiation extension" \
				2242	-c "=> renegotiate" \
				2243	-s "=> renegotiate" \
				2244	-s "write hello request" \
				2245	-S "SSL - An unexpected message was received from our peer" \
				2246	-S "failed"
				2247
				2248	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2249	run_test "Renegotiation: periodic, just below period" \
				2250	"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
				2251	"$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
				2252	0 \
				2253	-C "client hello, adding renegotiation extension" \
				2254	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2255	-S "found renegotiation extension" \
				2256	-s "server hello, secure renegotiation extension" \
				2257	-c "found renegotiation extension" \
				2258	-S "record counter limit reached: renegotiate" \
				2259	-C "=> renegotiate" \
				2260	-S "=> renegotiate" \
				2261	-S "write hello request" \
				2262	-S "SSL - An unexpected message was received from our peer" \
				2263	-S "failed"
				2264
				2265	# one extra exchange to be able to complete renego
				2266	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2267	run_test "Renegotiation: periodic, just above period" \
				2268	"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
				2269	"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
				2270	0 \
				2271	-c "client hello, adding renegotiation extension" \
				2272	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2273	-s "found renegotiation extension" \
				2274	-s "server hello, secure renegotiation extension" \
				2275	-c "found renegotiation extension" \
				2276	-s "record counter limit reached: renegotiate" \
				2277	-c "=> renegotiate" \
				2278	-s "=> renegotiate" \
				2279	-s "write hello request" \
				2280	-S "SSL - An unexpected message was received from our peer" \
				2281	-S "failed"
				2282
				2283	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2284	run_test "Renegotiation: periodic, two times period" \
				2285	"$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
				2286	"$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
				2287	0 \
				2288	-c "client hello, adding renegotiation extension" \
				2289	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2290	-s "found renegotiation extension" \
				2291	-s "server hello, secure renegotiation extension" \
				2292	-c "found renegotiation extension" \
				2293	-s "record counter limit reached: renegotiate" \
				2294	-c "=> renegotiate" \
				2295	-s "=> renegotiate" \
				2296	-s "write hello request" \
				2297	-S "SSL - An unexpected message was received from our peer" \
				2298	-S "failed"
				2299
				2300	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2301	run_test "Renegotiation: periodic, above period, disabled" \
				2302	"$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
				2303	"$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
				2304	0 \
				2305	-C "client hello, adding renegotiation extension" \
				2306	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2307	-S "found renegotiation extension" \
				2308	-s "server hello, secure renegotiation extension" \
				2309	-c "found renegotiation extension" \
				2310	-S "record counter limit reached: renegotiate" \
				2311	-C "=> renegotiate" \
				2312	-S "=> renegotiate" \
				2313	-S "write hello request" \
				2314	-S "SSL - An unexpected message was received from our peer" \
				2315	-S "failed"
				2316
				2317	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2318	run_test "Renegotiation: nbio, client-initiated" \
				2319	"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
				2320	"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
				2321	0 \
				2322	-c "client hello, adding renegotiation extension" \
				2323	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2324	-s "found renegotiation extension" \
				2325	-s "server hello, secure renegotiation extension" \
				2326	-c "found renegotiation extension" \
				2327	-c "=> renegotiate" \
				2328	-s "=> renegotiate" \
				2329	-S "write hello request"
				2330
				2331	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2332	run_test "Renegotiation: nbio, server-initiated" \
				2333	"$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
				2334	"$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
				2335	0 \
				2336	-c "client hello, adding renegotiation extension" \
				2337	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2338	-s "found renegotiation extension" \
				2339	-s "server hello, secure renegotiation extension" \
				2340	-c "found renegotiation extension" \
				2341	-c "=> renegotiate" \
				2342	-s "=> renegotiate" \
				2343	-s "write hello request"
				2344
				2345	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2346	run_test "Renegotiation: openssl server, client-initiated" \
				2347	"$O_SRV -www" \
				2348	"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
				2349	0 \
				2350	-c "client hello, adding renegotiation extension" \
				2351	-c "found renegotiation extension" \
				2352	-c "=> renegotiate" \
				2353	-C "ssl_hanshake() returned" \
				2354	-C "error" \
				2355	-c "HTTP/1.0 200 [Oo][Kk]"
				2356
				2357	requires_gnutls
				2358	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2359	run_test "Renegotiation: gnutls server strict, client-initiated" \
				2360	"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
				2361	"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
				2362	0 \
				2363	-c "client hello, adding renegotiation extension" \
				2364	-c "found renegotiation extension" \
				2365	-c "=> renegotiate" \
				2366	-C "ssl_hanshake() returned" \
				2367	-C "error" \
				2368	-c "HTTP/1.0 200 [Oo][Kk]"
				2369
				2370	requires_gnutls
				2371	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2372	run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
				2373	"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
				2374	"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
				2375	1 \
				2376	-c "client hello, adding renegotiation extension" \
				2377	-C "found renegotiation extension" \
				2378	-c "=> renegotiate" \
				2379	-c "mbedtls_ssl_handshake() returned" \
				2380	-c "error" \
				2381	-C "HTTP/1.0 200 [Oo][Kk]"
				2382
				2383	requires_gnutls
				2384	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2385	run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
				2386	"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
				2387	"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
				2388	allow_legacy=0" \
				2389	1 \
				2390	-c "client hello, adding renegotiation extension" \
				2391	-C "found renegotiation extension" \
				2392	-c "=> renegotiate" \
				2393	-c "mbedtls_ssl_handshake() returned" \
				2394	-c "error" \
				2395	-C "HTTP/1.0 200 [Oo][Kk]"
				2396
				2397	requires_gnutls
				2398	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2399	run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
				2400	"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
				2401	"$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
				2402	allow_legacy=1" \
				2403	0 \
				2404	-c "client hello, adding renegotiation extension" \
				2405	-C "found renegotiation extension" \
				2406	-c "=> renegotiate" \
				2407	-C "ssl_hanshake() returned" \
				2408	-C "error" \
				2409	-c "HTTP/1.0 200 [Oo][Kk]"
				2410
				2411	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2412	run_test "Renegotiation: DTLS, client-initiated" \
				2413	"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
				2414	"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
				2415	0 \
				2416	-c "client hello, adding renegotiation extension" \
				2417	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2418	-s "found renegotiation extension" \
				2419	-s "server hello, secure renegotiation extension" \
				2420	-c "found renegotiation extension" \
				2421	-c "=> renegotiate" \
				2422	-s "=> renegotiate" \
				2423	-S "write hello request"
				2424
				2425	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2426	run_test "Renegotiation: DTLS, server-initiated" \
				2427	"$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
				2428	"$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
				2429	read_timeout=1000 max_resend=2" \
				2430	0 \
				2431	-c "client hello, adding renegotiation extension" \
				2432	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2433	-s "found renegotiation extension" \
				2434	-s "server hello, secure renegotiation extension" \
				2435	-c "found renegotiation extension" \
				2436	-c "=> renegotiate" \
				2437	-s "=> renegotiate" \
				2438	-s "write hello request"
				2439
				2440	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2441	run_test "Renegotiation: DTLS, renego_period overflow" \
				2442	"$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
				2443	"$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
				2444	0 \
				2445	-c "client hello, adding renegotiation extension" \
				2446	-s "received TLS_EMPTY_RENEGOTIATION_INFO" \
				2447	-s "found renegotiation extension" \
				2448	-s "server hello, secure renegotiation extension" \
				2449	-s "record counter limit reached: renegotiate" \
				2450	-c "=> renegotiate" \
				2451	-s "=> renegotiate" \
				2452	-s "write hello request"
				2453
				2454	requires_gnutls
				2455	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				2456	run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
				2457	"$G_SRV -u --mtu 4096" \
				2458	"$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
				2459	0 \
				2460	-c "client hello, adding renegotiation extension" \
				2461	-c "found renegotiation extension" \
				2462	-c "=> renegotiate" \
				2463	-C "mbedtls_ssl_handshake returned" \
				2464	-C "error" \
				2465	-s "Extra-header:"
				2466
				2467	# Test for the "secure renegotation" extension only (no actual renegotiation)
				2468
				2469	requires_gnutls
				2470	run_test "Renego ext: gnutls server strict, client default" \
				2471	"$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
				2472	"$P_CLI debug_level=3" \
				2473	0 \
				2474	-c "found renegotiation extension" \
				2475	-C "error" \
				2476	-c "HTTP/1.0 200 [Oo][Kk]"
				2477
				2478	requires_gnutls
				2479	run_test "Renego ext: gnutls server unsafe, client default" \
				2480	"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
				2481	"$P_CLI debug_level=3" \
				2482	0 \
				2483	-C "found renegotiation extension" \
				2484	-C "error" \
				2485	-c "HTTP/1.0 200 [Oo][Kk]"
				2486
				2487	requires_gnutls
				2488	run_test "Renego ext: gnutls server unsafe, client break legacy" \
				2489	"$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
				2490	"$P_CLI debug_level=3 allow_legacy=-1" \
				2491	1 \
				2492	-C "found renegotiation extension" \
				2493	-c "error" \
				2494	-C "HTTP/1.0 200 [Oo][Kk]"
				2495
				2496	requires_gnutls
				2497	run_test "Renego ext: gnutls client strict, server default" \
				2498	"$P_SRV debug_level=3" \
				2499	"$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
				2500	0 \
				2501	-s "received TLS_EMPTY_RENEGOTIATION_INFO\\|found renegotiation extension" \
				2502	-s "server hello, secure renegotiation extension"
				2503
				2504	requires_gnutls
				2505	run_test "Renego ext: gnutls client unsafe, server default" \
				2506	"$P_SRV debug_level=3" \
				2507	"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
				2508	0 \
				2509	-S "received TLS_EMPTY_RENEGOTIATION_INFO\\|found renegotiation extension" \
				2510	-S "server hello, secure renegotiation extension"
				2511
				2512	requires_gnutls
				2513	run_test "Renego ext: gnutls client unsafe, server break legacy" \
				2514	"$P_SRV debug_level=3 allow_legacy=-1" \
				2515	"$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
				2516	1 \
				2517	-S "received TLS_EMPTY_RENEGOTIATION_INFO\\|found renegotiation extension" \
				2518	-S "server hello, secure renegotiation extension"
				2519
				2520	# Tests for silently dropping trailing extra bytes in .der certificates
				2521
				2522	requires_gnutls
				2523	run_test "DER format: no trailing bytes" \
				2524	"$P_SRV crt_file=data_files/server5-der0.crt \
				2525	key_file=data_files/server5.key" \
				2526	"$G_CLI localhost" \
				2527	0 \
				2528	-c "Handshake was completed" \
				2529
				2530	requires_gnutls
				2531	run_test "DER format: with a trailing zero byte" \
				2532	"$P_SRV crt_file=data_files/server5-der1a.crt \
				2533	key_file=data_files/server5.key" \
				2534	"$G_CLI localhost" \
				2535	0 \
				2536	-c "Handshake was completed" \
				2537
				2538	requires_gnutls
				2539	run_test "DER format: with a trailing random byte" \
				2540	"$P_SRV crt_file=data_files/server5-der1b.crt \
				2541	key_file=data_files/server5.key" \
				2542	"$G_CLI localhost" \
				2543	0 \
				2544	-c "Handshake was completed" \
				2545
				2546	requires_gnutls
				2547	run_test "DER format: with 2 trailing random bytes" \
				2548	"$P_SRV crt_file=data_files/server5-der2.crt \
				2549	key_file=data_files/server5.key" \
				2550	"$G_CLI localhost" \
				2551	0 \
				2552	-c "Handshake was completed" \
				2553
				2554	requires_gnutls
				2555	run_test "DER format: with 4 trailing random bytes" \
				2556	"$P_SRV crt_file=data_files/server5-der4.crt \
				2557	key_file=data_files/server5.key" \
				2558	"$G_CLI localhost" \
				2559	0 \
				2560	-c "Handshake was completed" \
				2561
				2562	requires_gnutls
				2563	run_test "DER format: with 8 trailing random bytes" \
				2564	"$P_SRV crt_file=data_files/server5-der8.crt \
				2565	key_file=data_files/server5.key" \
				2566	"$G_CLI localhost" \
				2567	0 \
				2568	-c "Handshake was completed" \
				2569
				2570	requires_gnutls
				2571	run_test "DER format: with 9 trailing random bytes" \
				2572	"$P_SRV crt_file=data_files/server5-der9.crt \
				2573	key_file=data_files/server5.key" \
				2574	"$G_CLI localhost" \
				2575	0 \
				2576	-c "Handshake was completed" \
				2577
				2578	# Tests for auth_mode
				2579
				2580	run_test "Authentication: server badcert, client required" \
				2581	"$P_SRV crt_file=data_files/server5-badsign.crt \
				2582	key_file=data_files/server5.key" \
				2583	"$P_CLI debug_level=1 auth_mode=required" \
				2584	1 \
				2585	-c "x509_verify_cert() returned" \
				2586	-c "! The certificate is not correctly signed by the trusted CA" \
				2587	-c "! mbedtls_ssl_handshake returned" \
				2588	-c "X509 - Certificate verification failed"
				2589
				2590	run_test "Authentication: server badcert, client optional" \
				2591	"$P_SRV crt_file=data_files/server5-badsign.crt \
				2592	key_file=data_files/server5.key" \
				2593	"$P_CLI debug_level=1 auth_mode=optional" \
				2594	0 \
				2595	-c "x509_verify_cert() returned" \
				2596	-c "! The certificate is not correctly signed by the trusted CA" \
				2597	-C "! mbedtls_ssl_handshake returned" \
				2598	-C "X509 - Certificate verification failed"
				2599
				2600	run_test "Authentication: server goodcert, client optional, no trusted CA" \
				2601	"$P_SRV" \
				2602	"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
				2603	0 \
				2604	-c "x509_verify_cert() returned" \
				2605	-c "! The certificate is not correctly signed by the trusted CA" \
				2606	-c "! Certificate verification flags"\
				2607	-C "! mbedtls_ssl_handshake returned" \
				2608	-C "X509 - Certificate verification failed" \
				2609	-C "SSL - No CA Chain is set, but required to operate"
				2610
				2611	run_test "Authentication: server goodcert, client required, no trusted CA" \
				2612	"$P_SRV" \
				2613	"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
				2614	1 \
				2615	-c "x509_verify_cert() returned" \
				2616	-c "! The certificate is not correctly signed by the trusted CA" \
				2617	-c "! Certificate verification flags"\
				2618	-c "! mbedtls_ssl_handshake returned" \
				2619	-c "SSL - No CA Chain is set, but required to operate"
				2620
				2621	# The purpose of the next two tests is to test the client's behaviour when receiving a server
				2622	# certificate with an unsupported elliptic curve. This should usually not happen because
				2623	# the client informs the server about the supported curves - it does, though, in the
				2624	# corner case of a static ECDH suite, because the server doesn't check the curve on that
				2625	# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
				2626	# different means to have the server ignoring the client's supported curve list.
				2627
				2628	requires_config_enabled MBEDTLS_ECP_C
				2629	run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
				2630	"$P_SRV debug_level=1 key_file=data_files/server5.key \
				2631	crt_file=data_files/server5.ku-ka.crt" \
				2632	"$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \
				2633	1 \
				2634	-c "bad certificate (EC key curve)"\
				2635	-c "! Certificate verification flags"\
				2636	-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
				2637
				2638	requires_config_enabled MBEDTLS_ECP_C
				2639	run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
				2640	"$P_SRV debug_level=1 key_file=data_files/server5.key \
				2641	crt_file=data_files/server5.ku-ka.crt" \
				2642	"$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \
				2643	1 \
				2644	-c "bad certificate (EC key curve)"\
				2645	-c "! Certificate verification flags"\
				2646	-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
				2647
				2648	run_test "Authentication: server badcert, client none" \
				2649	"$P_SRV crt_file=data_files/server5-badsign.crt \
				2650	key_file=data_files/server5.key" \
				2651	"$P_CLI debug_level=1 auth_mode=none" \
				2652	0 \
				2653	-C "x509_verify_cert() returned" \
				2654	-C "! The certificate is not correctly signed by the trusted CA" \
				2655	-C "! mbedtls_ssl_handshake returned" \
				2656	-C "X509 - Certificate verification failed"
				2657
				2658	run_test "Authentication: client SHA256, server required" \
				2659	"$P_SRV auth_mode=required" \
				2660	"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
				2661	key_file=data_files/server6.key \
				2662	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
				2663	0 \
				2664	-c "Supported Signature Algorithm found: 4," \
				2665	-c "Supported Signature Algorithm found: 5,"
				2666
				2667	run_test "Authentication: client SHA384, server required" \
				2668	"$P_SRV auth_mode=required" \
				2669	"$P_CLI debug_level=3 crt_file=data_files/server6.crt \
				2670	key_file=data_files/server6.key \
				2671	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
				2672	0 \
				2673	-c "Supported Signature Algorithm found: 4," \
				2674	-c "Supported Signature Algorithm found: 5,"
				2675
				2676	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				2677	run_test "Authentication: client has no cert, server required (SSLv3)" \
				2678	"$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
				2679	"$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
				2680	key_file=data_files/server5.key" \
				2681	1 \
				2682	-S "skip write certificate request" \
				2683	-C "skip parse certificate request" \
				2684	-c "got a certificate request" \
				2685	-c "got no certificate to send" \
				2686	-S "x509_verify_cert() returned" \
				2687	-s "client has no certificate" \
				2688	-s "! mbedtls_ssl_handshake returned" \
				2689	-c "! mbedtls_ssl_handshake returned" \
				2690	-s "No client certification received from the client, but required by the authentication mode"
				2691
				2692	run_test "Authentication: client has no cert, server required (TLS)" \
				2693	"$P_SRV debug_level=3 auth_mode=required" \
				2694	"$P_CLI debug_level=3 crt_file=none \
				2695	key_file=data_files/server5.key" \
				2696	1 \
				2697	-S "skip write certificate request" \
				2698	-C "skip parse certificate request" \
				2699	-c "got a certificate request" \
				2700	-c "= write certificate$" \
				2701	-C "skip write certificate$" \
				2702	-S "x509_verify_cert() returned" \
				2703	-s "client has no certificate" \
				2704	-s "! mbedtls_ssl_handshake returned" \
				2705	-c "! mbedtls_ssl_handshake returned" \
				2706	-s "No client certification received from the client, but required by the authentication mode"
				2707
				2708	run_test "Authentication: client badcert, server required" \
				2709	"$P_SRV debug_level=3 auth_mode=required" \
				2710	"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
				2711	key_file=data_files/server5.key" \
				2712	1 \
				2713	-S "skip write certificate request" \
				2714	-C "skip parse certificate request" \
				2715	-c "got a certificate request" \
				2716	-C "skip write certificate" \
				2717	-C "skip write certificate verify" \
				2718	-S "skip parse certificate verify" \
				2719	-s "x509_verify_cert() returned" \
				2720	-s "! The certificate is not correctly signed by the trusted CA" \
				2721	-s "! mbedtls_ssl_handshake returned" \
				2722	-s "send alert level=2 message=48" \
				2723	-c "! mbedtls_ssl_handshake returned" \
				2724	-s "X509 - Certificate verification failed"
				2725	# We don't check that the client receives the alert because it might
				2726	# detect that its write end of the connection is closed and abort
				2727	# before reading the alert message.
				2728
				2729	run_test "Authentication: client cert not trusted, server required" \
				2730	"$P_SRV debug_level=3 auth_mode=required" \
				2731	"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
				2732	key_file=data_files/server5.key" \
				2733	1 \
				2734	-S "skip write certificate request" \
				2735	-C "skip parse certificate request" \
				2736	-c "got a certificate request" \
				2737	-C "skip write certificate" \
				2738	-C "skip write certificate verify" \
				2739	-S "skip parse certificate verify" \
				2740	-s "x509_verify_cert() returned" \
				2741	-s "! The certificate is not correctly signed by the trusted CA" \
				2742	-s "! mbedtls_ssl_handshake returned" \
				2743	-c "! mbedtls_ssl_handshake returned" \
				2744	-s "X509 - Certificate verification failed"
				2745
				2746	run_test "Authentication: client badcert, server optional" \
				2747	"$P_SRV debug_level=3 auth_mode=optional" \
				2748	"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
				2749	key_file=data_files/server5.key" \
				2750	0 \
				2751	-S "skip write certificate request" \
				2752	-C "skip parse certificate request" \
				2753	-c "got a certificate request" \
				2754	-C "skip write certificate" \
				2755	-C "skip write certificate verify" \
				2756	-S "skip parse certificate verify" \
				2757	-s "x509_verify_cert() returned" \
				2758	-s "! The certificate is not correctly signed by the trusted CA" \
				2759	-S "! mbedtls_ssl_handshake returned" \
				2760	-C "! mbedtls_ssl_handshake returned" \
				2761	-S "X509 - Certificate verification failed"
				2762
				2763	run_test "Authentication: client badcert, server none" \
				2764	"$P_SRV debug_level=3 auth_mode=none" \
				2765	"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
				2766	key_file=data_files/server5.key" \
				2767	0 \
				2768	-s "skip write certificate request" \
				2769	-C "skip parse certificate request" \
				2770	-c "got no certificate request" \
				2771	-c "skip write certificate" \
				2772	-c "skip write certificate verify" \
				2773	-s "skip parse certificate verify" \
				2774	-S "x509_verify_cert() returned" \
				2775	-S "! The certificate is not correctly signed by the trusted CA" \
				2776	-S "! mbedtls_ssl_handshake returned" \
				2777	-C "! mbedtls_ssl_handshake returned" \
				2778	-S "X509 - Certificate verification failed"
				2779
				2780	run_test "Authentication: client no cert, server optional" \
				2781	"$P_SRV debug_level=3 auth_mode=optional" \
				2782	"$P_CLI debug_level=3 crt_file=none key_file=none" \
				2783	0 \
				2784	-S "skip write certificate request" \
				2785	-C "skip parse certificate request" \
				2786	-c "got a certificate request" \
				2787	-C "skip write certificate$" \
				2788	-C "got no certificate to send" \
				2789	-S "SSLv3 client has no certificate" \
				2790	-c "skip write certificate verify" \
				2791	-s "skip parse certificate verify" \
				2792	-s "! Certificate was missing" \
				2793	-S "! mbedtls_ssl_handshake returned" \
				2794	-C "! mbedtls_ssl_handshake returned" \
				2795	-S "X509 - Certificate verification failed"
				2796
				2797	run_test "Authentication: openssl client no cert, server optional" \
				2798	"$P_SRV debug_level=3 auth_mode=optional" \
				2799	"$O_CLI" \
				2800	0 \
				2801	-S "skip write certificate request" \
				2802	-s "skip parse certificate verify" \
				2803	-s "! Certificate was missing" \
				2804	-S "! mbedtls_ssl_handshake returned" \
				2805	-S "X509 - Certificate verification failed"
				2806
				2807	run_test "Authentication: client no cert, openssl server optional" \
				2808	"$O_SRV -verify 10" \
				2809	"$P_CLI debug_level=3 crt_file=none key_file=none" \
				2810	0 \
				2811	-C "skip parse certificate request" \
				2812	-c "got a certificate request" \
				2813	-C "skip write certificate$" \
				2814	-c "skip write certificate verify" \
				2815	-C "! mbedtls_ssl_handshake returned"
				2816
				2817	run_test "Authentication: client no cert, openssl server required" \
				2818	"$O_SRV -Verify 10" \
				2819	"$P_CLI debug_level=3 crt_file=none key_file=none" \
				2820	1 \
				2821	-C "skip parse certificate request" \
				2822	-c "got a certificate request" \
				2823	-C "skip write certificate$" \
				2824	-c "skip write certificate verify" \
				2825	-c "! mbedtls_ssl_handshake returned"
				2826
				2827	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				2828	run_test "Authentication: client no cert, ssl3" \
				2829	"$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
				2830	"$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
				2831	0 \
				2832	-S "skip write certificate request" \
				2833	-C "skip parse certificate request" \
				2834	-c "got a certificate request" \
				2835	-C "skip write certificate$" \
				2836	-c "skip write certificate verify" \
				2837	-c "got no certificate to send" \
				2838	-s "SSLv3 client has no certificate" \
				2839	-s "skip parse certificate verify" \
				2840	-s "! Certificate was missing" \
				2841	-S "! mbedtls_ssl_handshake returned" \
				2842	-C "! mbedtls_ssl_handshake returned" \
				2843	-S "X509 - Certificate verification failed"
				2844
				2845	# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
				2846	# default value (8)
				2847
				2848	MAX_IM_CA='8'
				2849	MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
				2850
				2851	if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
				2852	printf "The ${CONFIG_H} file contains a value for the configuration of\n"
				2853	printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
				2854	printf "test value of ${MAX_IM_CA}. \n"
				2855	printf "\n"
				2856	printf "The tests assume this value and if it changes, the tests in this\n"
				2857	printf "script should also be adjusted.\n"
				2858	printf "\n"
				2859
				2860	exit 1
				2861	fi
				2862
				2863	requires_full_size_output_buffer
				2864	run_test "Authentication: server max_int chain, client default" \
				2865	"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
				2866	key_file=data_files/dir-maxpath/09.key" \
				2867	"$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
				2868	0 \
				2869	-C "X509 - A fatal error occurred"
				2870
				2871	requires_full_size_output_buffer
				2872	run_test "Authentication: server max_int+1 chain, client default" \
				2873	"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
				2874	key_file=data_files/dir-maxpath/10.key" \
				2875	"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
				2876	1 \
				2877	-c "X509 - A fatal error occurred"
				2878
				2879	requires_full_size_output_buffer
				2880	run_test "Authentication: server max_int+1 chain, client optional" \
				2881	"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
				2882	key_file=data_files/dir-maxpath/10.key" \
				2883	"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
				2884	auth_mode=optional" \
				2885	1 \
				2886	-c "X509 - A fatal error occurred"
				2887
				2888	requires_full_size_output_buffer
				2889	run_test "Authentication: server max_int+1 chain, client none" \
				2890	"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
				2891	key_file=data_files/dir-maxpath/10.key" \
				2892	"$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
				2893	auth_mode=none" \
				2894	0 \
				2895	-C "X509 - A fatal error occurred"
				2896
				2897	requires_full_size_output_buffer
				2898	run_test "Authentication: client max_int+1 chain, server default" \
				2899	"$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
				2900	"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
				2901	key_file=data_files/dir-maxpath/10.key" \
				2902	0 \
				2903	-S "X509 - A fatal error occurred"
				2904
				2905	requires_full_size_output_buffer
				2906	run_test "Authentication: client max_int+1 chain, server optional" \
				2907	"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
				2908	"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
				2909	key_file=data_files/dir-maxpath/10.key" \
				2910	1 \
				2911	-s "X509 - A fatal error occurred"
				2912
				2913	requires_full_size_output_buffer
				2914	run_test "Authentication: client max_int+1 chain, server required" \
				2915	"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
				2916	"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
				2917	key_file=data_files/dir-maxpath/10.key" \
				2918	1 \
				2919	-s "X509 - A fatal error occurred"
				2920
				2921	requires_full_size_output_buffer
				2922	run_test "Authentication: client max_int chain, server required" \
				2923	"$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
				2924	"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
				2925	key_file=data_files/dir-maxpath/09.key" \
				2926	0 \
				2927	-S "X509 - A fatal error occurred"
				2928
				2929	# Tests for CA list in CertificateRequest messages
				2930
				2931	run_test "Authentication: send CA list in CertificateRequest (default)" \
				2932	"$P_SRV debug_level=3 auth_mode=required" \
				2933	"$P_CLI crt_file=data_files/server6.crt \
				2934	key_file=data_files/server6.key" \
				2935	0 \
				2936	-s "requested DN"
				2937
				2938	run_test "Authentication: do not send CA list in CertificateRequest" \
				2939	"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
				2940	"$P_CLI crt_file=data_files/server6.crt \
				2941	key_file=data_files/server6.key" \
				2942	0 \
				2943	-S "requested DN"
				2944
				2945	run_test "Authentication: send CA list in CertificateRequest, client self signed" \
				2946	"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
				2947	"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
				2948	key_file=data_files/server5.key" \
				2949	1 \
				2950	-S "requested DN" \
				2951	-s "x509_verify_cert() returned" \
				2952	-s "! The certificate is not correctly signed by the trusted CA" \
				2953	-s "! mbedtls_ssl_handshake returned" \
				2954	-c "! mbedtls_ssl_handshake returned" \
				2955	-s "X509 - Certificate verification failed"
				2956
				2957	# Tests for certificate selection based on SHA verson
				2958
				2959	run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
				2960	"$P_SRV crt_file=data_files/server5.crt \
				2961	key_file=data_files/server5.key \
				2962	crt_file2=data_files/server5-sha1.crt \
				2963	key_file2=data_files/server5.key" \
				2964	"$P_CLI force_version=tls1_2" \
				2965	0 \
				2966	-c "signed using.*ECDSA with SHA256" \
				2967	-C "signed using.*ECDSA with SHA1"
				2968
				2969	run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
				2970	"$P_SRV crt_file=data_files/server5.crt \
				2971	key_file=data_files/server5.key \
				2972	crt_file2=data_files/server5-sha1.crt \
				2973	key_file2=data_files/server5.key" \
				2974	"$P_CLI force_version=tls1_1" \
				2975	0 \
				2976	-C "signed using.*ECDSA with SHA256" \
				2977	-c "signed using.*ECDSA with SHA1"
				2978
				2979	run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
				2980	"$P_SRV crt_file=data_files/server5.crt \
				2981	key_file=data_files/server5.key \
				2982	crt_file2=data_files/server5-sha1.crt \
				2983	key_file2=data_files/server5.key" \
				2984	"$P_CLI force_version=tls1" \
				2985	0 \
				2986	-C "signed using.*ECDSA with SHA256" \
				2987	-c "signed using.*ECDSA with SHA1"
				2988
				2989	run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
				2990	"$P_SRV crt_file=data_files/server5.crt \
				2991	key_file=data_files/server5.key \
				2992	crt_file2=data_files/server6.crt \
				2993	key_file2=data_files/server6.key" \
				2994	"$P_CLI force_version=tls1_1" \
				2995	0 \
				2996	-c "serial number.*09" \
				2997	-c "signed using.*ECDSA with SHA256" \
				2998	-C "signed using.*ECDSA with SHA1"
				2999
				3000	run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
				3001	"$P_SRV crt_file=data_files/server6.crt \
				3002	key_file=data_files/server6.key \
				3003	crt_file2=data_files/server5.crt \
				3004	key_file2=data_files/server5.key" \
				3005	"$P_CLI force_version=tls1_1" \
				3006	0 \
				3007	-c "serial number.*0A" \
				3008	-c "signed using.*ECDSA with SHA256" \
				3009	-C "signed using.*ECDSA with SHA1"
				3010
				3011	# tests for SNI
				3012
				3013	run_test "SNI: no SNI callback" \
				3014	"$P_SRV debug_level=3 \
				3015	crt_file=data_files/server5.crt key_file=data_files/server5.key" \
				3016	"$P_CLI server_name=localhost" \
				3017	0 \
				3018	-S "parse ServerName extension" \
				3019	-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
				3020	-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
				3021
				3022	run_test "SNI: matching cert 1" \
				3023	"$P_SRV debug_level=3 \
				3024	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3025	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3026	"$P_CLI server_name=localhost" \
				3027	0 \
				3028	-s "parse ServerName extension" \
				3029	-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
				3030	-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
				3031
				3032	run_test "SNI: matching cert 2" \
				3033	"$P_SRV debug_level=3 \
				3034	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3035	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3036	"$P_CLI server_name=polarssl.example" \
				3037	0 \
				3038	-s "parse ServerName extension" \
				3039	-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
				3040	-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
				3041
				3042	run_test "SNI: no matching cert" \
				3043	"$P_SRV debug_level=3 \
				3044	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3045	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3046	"$P_CLI server_name=nonesuch.example" \
				3047	1 \
				3048	-s "parse ServerName extension" \
				3049	-s "ssl_sni_wrapper() returned" \
				3050	-s "mbedtls_ssl_handshake returned" \
				3051	-c "mbedtls_ssl_handshake returned" \
				3052	-c "SSL - A fatal alert message was received from our peer"
				3053
				3054	run_test "SNI: client auth no override: optional" \
				3055	"$P_SRV debug_level=3 auth_mode=optional \
				3056	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3057	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
				3058	"$P_CLI debug_level=3 server_name=localhost" \
				3059	0 \
				3060	-S "skip write certificate request" \
				3061	-C "skip parse certificate request" \
				3062	-c "got a certificate request" \
				3063	-C "skip write certificate" \
				3064	-C "skip write certificate verify" \
				3065	-S "skip parse certificate verify"
				3066
				3067	run_test "SNI: client auth override: none -> optional" \
				3068	"$P_SRV debug_level=3 auth_mode=none \
				3069	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3070	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
				3071	"$P_CLI debug_level=3 server_name=localhost" \
				3072	0 \
				3073	-S "skip write certificate request" \
				3074	-C "skip parse certificate request" \
				3075	-c "got a certificate request" \
				3076	-C "skip write certificate" \
				3077	-C "skip write certificate verify" \
				3078	-S "skip parse certificate verify"
				3079
				3080	run_test "SNI: client auth override: optional -> none" \
				3081	"$P_SRV debug_level=3 auth_mode=optional \
				3082	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3083	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
				3084	"$P_CLI debug_level=3 server_name=localhost" \
				3085	0 \
				3086	-s "skip write certificate request" \
				3087	-C "skip parse certificate request" \
				3088	-c "got no certificate request" \
				3089	-c "skip write certificate" \
				3090	-c "skip write certificate verify" \
				3091	-s "skip parse certificate verify"
				3092
				3093	run_test "SNI: CA no override" \
				3094	"$P_SRV debug_level=3 auth_mode=optional \
				3095	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3096	ca_file=data_files/test-ca.crt \
				3097	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
				3098	"$P_CLI debug_level=3 server_name=localhost \
				3099	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3100	1 \
				3101	-S "skip write certificate request" \
				3102	-C "skip parse certificate request" \
				3103	-c "got a certificate request" \
				3104	-C "skip write certificate" \
				3105	-C "skip write certificate verify" \
				3106	-S "skip parse certificate verify" \
				3107	-s "x509_verify_cert() returned" \
				3108	-s "! The certificate is not correctly signed by the trusted CA" \
				3109	-S "The certificate has been revoked (is on a CRL)"
				3110
				3111	run_test "SNI: CA override" \
				3112	"$P_SRV debug_level=3 auth_mode=optional \
				3113	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3114	ca_file=data_files/test-ca.crt \
				3115	sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
				3116	"$P_CLI debug_level=3 server_name=localhost \
				3117	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3118	0 \
				3119	-S "skip write certificate request" \
				3120	-C "skip parse certificate request" \
				3121	-c "got a certificate request" \
				3122	-C "skip write certificate" \
				3123	-C "skip write certificate verify" \
				3124	-S "skip parse certificate verify" \
				3125	-S "x509_verify_cert() returned" \
				3126	-S "! The certificate is not correctly signed by the trusted CA" \
				3127	-S "The certificate has been revoked (is on a CRL)"
				3128
				3129	run_test "SNI: CA override with CRL" \
				3130	"$P_SRV debug_level=3 auth_mode=optional \
				3131	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3132	ca_file=data_files/test-ca.crt \
				3133	sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
				3134	"$P_CLI debug_level=3 server_name=localhost \
				3135	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3136	1 \
				3137	-S "skip write certificate request" \
				3138	-C "skip parse certificate request" \
				3139	-c "got a certificate request" \
				3140	-C "skip write certificate" \
				3141	-C "skip write certificate verify" \
				3142	-S "skip parse certificate verify" \
				3143	-s "x509_verify_cert() returned" \
				3144	-S "! The certificate is not correctly signed by the trusted CA" \
				3145	-s "The certificate has been revoked (is on a CRL)"
				3146
				3147	# Tests for SNI and DTLS
				3148
				3149	run_test "SNI: DTLS, no SNI callback" \
				3150	"$P_SRV debug_level=3 dtls=1 \
				3151	crt_file=data_files/server5.crt key_file=data_files/server5.key" \
				3152	"$P_CLI server_name=localhost dtls=1" \
				3153	0 \
				3154	-S "parse ServerName extension" \
				3155	-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
				3156	-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
				3157
				3158	run_test "SNI: DTLS, matching cert 1" \
				3159	"$P_SRV debug_level=3 dtls=1 \
				3160	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3161	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3162	"$P_CLI server_name=localhost dtls=1" \
				3163	0 \
				3164	-s "parse ServerName extension" \
				3165	-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
				3166	-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
				3167
				3168	run_test "SNI: DTLS, matching cert 2" \
				3169	"$P_SRV debug_level=3 dtls=1 \
				3170	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3171	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3172	"$P_CLI server_name=polarssl.example dtls=1" \
				3173	0 \
				3174	-s "parse ServerName extension" \
				3175	-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
				3176	-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
				3177
				3178	run_test "SNI: DTLS, no matching cert" \
				3179	"$P_SRV debug_level=3 dtls=1 \
				3180	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3181	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				3182	"$P_CLI server_name=nonesuch.example dtls=1" \
				3183	1 \
				3184	-s "parse ServerName extension" \
				3185	-s "ssl_sni_wrapper() returned" \
				3186	-s "mbedtls_ssl_handshake returned" \
				3187	-c "mbedtls_ssl_handshake returned" \
				3188	-c "SSL - A fatal alert message was received from our peer"
				3189
				3190	run_test "SNI: DTLS, client auth no override: optional" \
				3191	"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
				3192	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3193	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
				3194	"$P_CLI debug_level=3 server_name=localhost dtls=1" \
				3195	0 \
				3196	-S "skip write certificate request" \
				3197	-C "skip parse certificate request" \
				3198	-c "got a certificate request" \
				3199	-C "skip write certificate" \
				3200	-C "skip write certificate verify" \
				3201	-S "skip parse certificate verify"
				3202
				3203	run_test "SNI: DTLS, client auth override: none -> optional" \
				3204	"$P_SRV debug_level=3 auth_mode=none dtls=1 \
				3205	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3206	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
				3207	"$P_CLI debug_level=3 server_name=localhost dtls=1" \
				3208	0 \
				3209	-S "skip write certificate request" \
				3210	-C "skip parse certificate request" \
				3211	-c "got a certificate request" \
				3212	-C "skip write certificate" \
				3213	-C "skip write certificate verify" \
				3214	-S "skip parse certificate verify"
				3215
				3216	run_test "SNI: DTLS, client auth override: optional -> none" \
				3217	"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
				3218	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3219	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
				3220	"$P_CLI debug_level=3 server_name=localhost dtls=1" \
				3221	0 \
				3222	-s "skip write certificate request" \
				3223	-C "skip parse certificate request" \
				3224	-c "got no certificate request" \
				3225	-c "skip write certificate" \
				3226	-c "skip write certificate verify" \
				3227	-s "skip parse certificate verify"
				3228
				3229	run_test "SNI: DTLS, CA no override" \
				3230	"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
				3231	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3232	ca_file=data_files/test-ca.crt \
				3233	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
				3234	"$P_CLI debug_level=3 server_name=localhost dtls=1 \
				3235	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3236	1 \
				3237	-S "skip write certificate request" \
				3238	-C "skip parse certificate request" \
				3239	-c "got a certificate request" \
				3240	-C "skip write certificate" \
				3241	-C "skip write certificate verify" \
				3242	-S "skip parse certificate verify" \
				3243	-s "x509_verify_cert() returned" \
				3244	-s "! The certificate is not correctly signed by the trusted CA" \
				3245	-S "The certificate has been revoked (is on a CRL)"
				3246
				3247	run_test "SNI: DTLS, CA override" \
				3248	"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
				3249	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				3250	ca_file=data_files/test-ca.crt \
				3251	sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
				3252	"$P_CLI debug_level=3 server_name=localhost dtls=1 \
				3253	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3254	0 \
				3255	-S "skip write certificate request" \
				3256	-C "skip parse certificate request" \
				3257	-c "got a certificate request" \
				3258	-C "skip write certificate" \
				3259	-C "skip write certificate verify" \
				3260	-S "skip parse certificate verify" \
				3261	-S "x509_verify_cert() returned" \
				3262	-S "! The certificate is not correctly signed by the trusted CA" \
				3263	-S "The certificate has been revoked (is on a CRL)"
				3264
				3265	run_test "SNI: DTLS, CA override with CRL" \
				3266	"$P_SRV debug_level=3 auth_mode=optional \
				3267	crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
				3268	ca_file=data_files/test-ca.crt \
				3269	sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
				3270	"$P_CLI debug_level=3 server_name=localhost dtls=1 \
				3271	crt_file=data_files/server6.crt key_file=data_files/server6.key" \
				3272	1 \
				3273	-S "skip write certificate request" \
				3274	-C "skip parse certificate request" \
				3275	-c "got a certificate request" \
				3276	-C "skip write certificate" \
				3277	-C "skip write certificate verify" \
				3278	-S "skip parse certificate verify" \
				3279	-s "x509_verify_cert() returned" \
				3280	-S "! The certificate is not correctly signed by the trusted CA" \
				3281	-s "The certificate has been revoked (is on a CRL)"
				3282
				3283	# Tests for non-blocking I/O: exercise a variety of handshake flows
				3284
				3285	run_test "Non-blocking I/O: basic handshake" \
				3286	"$P_SRV nbio=2 tickets=0 auth_mode=none" \
				3287	"$P_CLI nbio=2 tickets=0" \
				3288	0 \
				3289	-S "mbedtls_ssl_handshake returned" \
				3290	-C "mbedtls_ssl_handshake returned" \
				3291	-c "Read from server: .* bytes read"
				3292
				3293	run_test "Non-blocking I/O: client auth" \
				3294	"$P_SRV nbio=2 tickets=0 auth_mode=required" \
				3295	"$P_CLI nbio=2 tickets=0" \
				3296	0 \
				3297	-S "mbedtls_ssl_handshake returned" \
				3298	-C "mbedtls_ssl_handshake returned" \
				3299	-c "Read from server: .* bytes read"
				3300
				3301	run_test "Non-blocking I/O: ticket" \
				3302	"$P_SRV nbio=2 tickets=1 auth_mode=none" \
				3303	"$P_CLI nbio=2 tickets=1" \
				3304	0 \
				3305	-S "mbedtls_ssl_handshake returned" \
				3306	-C "mbedtls_ssl_handshake returned" \
				3307	-c "Read from server: .* bytes read"
				3308
				3309	run_test "Non-blocking I/O: ticket + client auth" \
				3310	"$P_SRV nbio=2 tickets=1 auth_mode=required" \
				3311	"$P_CLI nbio=2 tickets=1" \
				3312	0 \
				3313	-S "mbedtls_ssl_handshake returned" \
				3314	-C "mbedtls_ssl_handshake returned" \
				3315	-c "Read from server: .* bytes read"
				3316
				3317	run_test "Non-blocking I/O: ticket + client auth + resume" \
				3318	"$P_SRV nbio=2 tickets=1 auth_mode=required" \
				3319	"$P_CLI nbio=2 tickets=1 reconnect=1" \
				3320	0 \
				3321	-S "mbedtls_ssl_handshake returned" \
				3322	-C "mbedtls_ssl_handshake returned" \
				3323	-c "Read from server: .* bytes read"
				3324
				3325	run_test "Non-blocking I/O: ticket + resume" \
				3326	"$P_SRV nbio=2 tickets=1 auth_mode=none" \
				3327	"$P_CLI nbio=2 tickets=1 reconnect=1" \
				3328	0 \
				3329	-S "mbedtls_ssl_handshake returned" \
				3330	-C "mbedtls_ssl_handshake returned" \
				3331	-c "Read from server: .* bytes read"
				3332
				3333	run_test "Non-blocking I/O: session-id resume" \
				3334	"$P_SRV nbio=2 tickets=0 auth_mode=none" \
				3335	"$P_CLI nbio=2 tickets=0 reconnect=1" \
				3336	0 \
				3337	-S "mbedtls_ssl_handshake returned" \
				3338	-C "mbedtls_ssl_handshake returned" \
				3339	-c "Read from server: .* bytes read"
				3340
				3341	# Tests for event-driven I/O: exercise a variety of handshake flows
				3342
				3343	run_test "Event-driven I/O: basic handshake" \
				3344	"$P_SRV event=1 tickets=0 auth_mode=none" \
				3345	"$P_CLI event=1 tickets=0" \
				3346	0 \
				3347	-S "mbedtls_ssl_handshake returned" \
				3348	-C "mbedtls_ssl_handshake returned" \
				3349	-c "Read from server: .* bytes read"
				3350
				3351	run_test "Event-driven I/O: client auth" \
				3352	"$P_SRV event=1 tickets=0 auth_mode=required" \
				3353	"$P_CLI event=1 tickets=0" \
				3354	0 \
				3355	-S "mbedtls_ssl_handshake returned" \
				3356	-C "mbedtls_ssl_handshake returned" \
				3357	-c "Read from server: .* bytes read"
				3358
				3359	run_test "Event-driven I/O: ticket" \
				3360	"$P_SRV event=1 tickets=1 auth_mode=none" \
				3361	"$P_CLI event=1 tickets=1" \
				3362	0 \
				3363	-S "mbedtls_ssl_handshake returned" \
				3364	-C "mbedtls_ssl_handshake returned" \
				3365	-c "Read from server: .* bytes read"
				3366
				3367	run_test "Event-driven I/O: ticket + client auth" \
				3368	"$P_SRV event=1 tickets=1 auth_mode=required" \
				3369	"$P_CLI event=1 tickets=1" \
				3370	0 \
				3371	-S "mbedtls_ssl_handshake returned" \
				3372	-C "mbedtls_ssl_handshake returned" \
				3373	-c "Read from server: .* bytes read"
				3374
				3375	run_test "Event-driven I/O: ticket + client auth + resume" \
				3376	"$P_SRV event=1 tickets=1 auth_mode=required" \
				3377	"$P_CLI event=1 tickets=1 reconnect=1" \
				3378	0 \
				3379	-S "mbedtls_ssl_handshake returned" \
				3380	-C "mbedtls_ssl_handshake returned" \
				3381	-c "Read from server: .* bytes read"
				3382
				3383	run_test "Event-driven I/O: ticket + resume" \
				3384	"$P_SRV event=1 tickets=1 auth_mode=none" \
				3385	"$P_CLI event=1 tickets=1 reconnect=1" \
				3386	0 \
				3387	-S "mbedtls_ssl_handshake returned" \
				3388	-C "mbedtls_ssl_handshake returned" \
				3389	-c "Read from server: .* bytes read"
				3390
				3391	run_test "Event-driven I/O: session-id resume" \
				3392	"$P_SRV event=1 tickets=0 auth_mode=none" \
				3393	"$P_CLI event=1 tickets=0 reconnect=1" \
				3394	0 \
				3395	-S "mbedtls_ssl_handshake returned" \
				3396	-C "mbedtls_ssl_handshake returned" \
				3397	-c "Read from server: .* bytes read"
				3398
				3399	run_test "Event-driven I/O, DTLS: basic handshake" \
				3400	"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
				3401	"$P_CLI dtls=1 event=1 tickets=0" \
				3402	0 \
				3403	-c "Read from server: .* bytes read"
				3404
				3405	run_test "Event-driven I/O, DTLS: client auth" \
				3406	"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
				3407	"$P_CLI dtls=1 event=1 tickets=0" \
				3408	0 \
				3409	-c "Read from server: .* bytes read"
				3410
				3411	run_test "Event-driven I/O, DTLS: ticket" \
				3412	"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
				3413	"$P_CLI dtls=1 event=1 tickets=1" \
				3414	0 \
				3415	-c "Read from server: .* bytes read"
				3416
				3417	run_test "Event-driven I/O, DTLS: ticket + client auth" \
				3418	"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
				3419	"$P_CLI dtls=1 event=1 tickets=1" \
				3420	0 \
				3421	-c "Read from server: .* bytes read"
				3422
				3423	run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
				3424	"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
				3425	"$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
				3426	0 \
				3427	-c "Read from server: .* bytes read"
				3428
				3429	run_test "Event-driven I/O, DTLS: ticket + resume" \
				3430	"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
				3431	"$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
				3432	0 \
				3433	-c "Read from server: .* bytes read"
				3434
				3435	run_test "Event-driven I/O, DTLS: session-id resume" \
				3436	"$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
				3437	"$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
				3438	0 \
				3439	-c "Read from server: .* bytes read"
				3440
				3441	# This test demonstrates the need for the mbedtls_ssl_check_pending function.
				3442	# During session resumption, the client will send its ApplicationData record
				3443	# within the same datagram as the Finished messages. In this situation, the
				3444	# server MUST NOT idle on the underlying transport after handshake completion,
				3445	# because the ApplicationData request has already been queued internally.
				3446	run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
				3447	-p "$P_PXY pack=50" \
				3448	"$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
				3449	"$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
				3450	0 \
				3451	-c "Read from server: .* bytes read"
				3452
				3453	# Tests for version negotiation
				3454
				3455	run_test "Version check: all -> 1.2" \
				3456	"$P_SRV" \
				3457	"$P_CLI" \
				3458	0 \
				3459	-S "mbedtls_ssl_handshake returned" \
				3460	-C "mbedtls_ssl_handshake returned" \
				3461	-s "Protocol is TLSv1.2" \
				3462	-c "Protocol is TLSv1.2"
				3463
				3464	run_test "Version check: cli max 1.1 -> 1.1" \
				3465	"$P_SRV" \
				3466	"$P_CLI max_version=tls1_1" \
				3467	0 \
				3468	-S "mbedtls_ssl_handshake returned" \
				3469	-C "mbedtls_ssl_handshake returned" \
				3470	-s "Protocol is TLSv1.1" \
				3471	-c "Protocol is TLSv1.1"
				3472
				3473	run_test "Version check: srv max 1.1 -> 1.1" \
				3474	"$P_SRV max_version=tls1_1" \
				3475	"$P_CLI" \
				3476	0 \
				3477	-S "mbedtls_ssl_handshake returned" \
				3478	-C "mbedtls_ssl_handshake returned" \
				3479	-s "Protocol is TLSv1.1" \
				3480	-c "Protocol is TLSv1.1"
				3481
				3482	run_test "Version check: cli+srv max 1.1 -> 1.1" \
				3483	"$P_SRV max_version=tls1_1" \
				3484	"$P_CLI max_version=tls1_1" \
				3485	0 \
				3486	-S "mbedtls_ssl_handshake returned" \
				3487	-C "mbedtls_ssl_handshake returned" \
				3488	-s "Protocol is TLSv1.1" \
				3489	-c "Protocol is TLSv1.1"
				3490
				3491	run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
				3492	"$P_SRV min_version=tls1_1" \
				3493	"$P_CLI max_version=tls1_1" \
				3494	0 \
				3495	-S "mbedtls_ssl_handshake returned" \
				3496	-C "mbedtls_ssl_handshake returned" \
				3497	-s "Protocol is TLSv1.1" \
				3498	-c "Protocol is TLSv1.1"
				3499
				3500	run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
				3501	"$P_SRV max_version=tls1_1" \
				3502	"$P_CLI min_version=tls1_1" \
				3503	0 \
				3504	-S "mbedtls_ssl_handshake returned" \
				3505	-C "mbedtls_ssl_handshake returned" \
				3506	-s "Protocol is TLSv1.1" \
				3507	-c "Protocol is TLSv1.1"
				3508
				3509	run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
				3510	"$P_SRV max_version=tls1_1" \
				3511	"$P_CLI min_version=tls1_2" \
				3512	1 \
				3513	-s "mbedtls_ssl_handshake returned" \
				3514	-c "mbedtls_ssl_handshake returned" \
				3515	-c "SSL - Handshake protocol not within min/max boundaries"
				3516
				3517	run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
				3518	"$P_SRV min_version=tls1_2" \
				3519	"$P_CLI max_version=tls1_1" \
				3520	1 \
				3521	-s "mbedtls_ssl_handshake returned" \
				3522	-c "mbedtls_ssl_handshake returned" \
				3523	-s "SSL - Handshake protocol not within min/max boundaries"
				3524
				3525	# Tests for ALPN extension
				3526
				3527	run_test "ALPN: none" \
				3528	"$P_SRV debug_level=3" \
				3529	"$P_CLI debug_level=3" \
				3530	0 \
				3531	-C "client hello, adding alpn extension" \
				3532	-S "found alpn extension" \
				3533	-C "got an alert message, type: \\[2:120]" \
				3534	-S "server hello, adding alpn extension" \
				3535	-C "found alpn extension " \
				3536	-C "Application Layer Protocol is" \
				3537	-S "Application Layer Protocol is"
				3538
				3539	run_test "ALPN: client only" \
				3540	"$P_SRV debug_level=3" \
				3541	"$P_CLI debug_level=3 alpn=abc,1234" \
				3542	0 \
				3543	-c "client hello, adding alpn extension" \
				3544	-s "found alpn extension" \
				3545	-C "got an alert message, type: \\[2:120]" \
				3546	-S "server hello, adding alpn extension" \
				3547	-C "found alpn extension " \
				3548	-c "Application Layer Protocol is (none)" \
				3549	-S "Application Layer Protocol is"
				3550
				3551	run_test "ALPN: server only" \
				3552	"$P_SRV debug_level=3 alpn=abc,1234" \
				3553	"$P_CLI debug_level=3" \
				3554	0 \
				3555	-C "client hello, adding alpn extension" \
				3556	-S "found alpn extension" \
				3557	-C "got an alert message, type: \\[2:120]" \
				3558	-S "server hello, adding alpn extension" \
				3559	-C "found alpn extension " \
				3560	-C "Application Layer Protocol is" \
				3561	-s "Application Layer Protocol is (none)"
				3562
				3563	run_test "ALPN: both, common cli1-srv1" \
				3564	"$P_SRV debug_level=3 alpn=abc,1234" \
				3565	"$P_CLI debug_level=3 alpn=abc,1234" \
				3566	0 \
				3567	-c "client hello, adding alpn extension" \
				3568	-s "found alpn extension" \
				3569	-C "got an alert message, type: \\[2:120]" \
				3570	-s "server hello, adding alpn extension" \
				3571	-c "found alpn extension" \
				3572	-c "Application Layer Protocol is abc" \
				3573	-s "Application Layer Protocol is abc"
				3574
				3575	run_test "ALPN: both, common cli2-srv1" \
				3576	"$P_SRV debug_level=3 alpn=abc,1234" \
				3577	"$P_CLI debug_level=3 alpn=1234,abc" \
				3578	0 \
				3579	-c "client hello, adding alpn extension" \
				3580	-s "found alpn extension" \
				3581	-C "got an alert message, type: \\[2:120]" \
				3582	-s "server hello, adding alpn extension" \
				3583	-c "found alpn extension" \
				3584	-c "Application Layer Protocol is abc" \
				3585	-s "Application Layer Protocol is abc"
				3586
				3587	run_test "ALPN: both, common cli1-srv2" \
				3588	"$P_SRV debug_level=3 alpn=abc,1234" \
				3589	"$P_CLI debug_level=3 alpn=1234,abcde" \
				3590	0 \
				3591	-c "client hello, adding alpn extension" \
				3592	-s "found alpn extension" \
				3593	-C "got an alert message, type: \\[2:120]" \
				3594	-s "server hello, adding alpn extension" \
				3595	-c "found alpn extension" \
				3596	-c "Application Layer Protocol is 1234" \
				3597	-s "Application Layer Protocol is 1234"
				3598
				3599	run_test "ALPN: both, no common" \
				3600	"$P_SRV debug_level=3 alpn=abc,123" \
				3601	"$P_CLI debug_level=3 alpn=1234,abcde" \
				3602	1 \
				3603	-c "client hello, adding alpn extension" \
				3604	-s "found alpn extension" \
				3605	-c "got an alert message, type: \\[2:120]" \
				3606	-S "server hello, adding alpn extension" \
				3607	-C "found alpn extension" \
				3608	-C "Application Layer Protocol is 1234" \
				3609	-S "Application Layer Protocol is 1234"
				3610
				3611
				3612	# Tests for keyUsage in leaf certificates, part 1:
				3613	# server-side certificate/suite selection
				3614
				3615	run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
				3616	"$P_SRV key_file=data_files/server2.key \
				3617	crt_file=data_files/server2.ku-ds.crt" \
				3618	"$P_CLI" \
				3619	0 \
				3620	-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
				3621
				3622
				3623	run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
				3624	"$P_SRV key_file=data_files/server2.key \
				3625	crt_file=data_files/server2.ku-ke.crt" \
				3626	"$P_CLI" \
				3627	0 \
				3628	-c "Ciphersuite is TLS-RSA-WITH-"
				3629
				3630	run_test "keyUsage srv: RSA, keyAgreement -> fail" \
				3631	"$P_SRV key_file=data_files/server2.key \
				3632	crt_file=data_files/server2.ku-ka.crt" \
				3633	"$P_CLI" \
				3634	1 \
				3635	-C "Ciphersuite is "
				3636
				3637	run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
				3638	"$P_SRV key_file=data_files/server5.key \
				3639	crt_file=data_files/server5.ku-ds.crt" \
				3640	"$P_CLI" \
				3641	0 \
				3642	-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
				3643
				3644
				3645	run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
				3646	"$P_SRV key_file=data_files/server5.key \
				3647	crt_file=data_files/server5.ku-ka.crt" \
				3648	"$P_CLI" \
				3649	0 \
				3650	-c "Ciphersuite is TLS-ECDH-"
				3651
				3652	run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
				3653	"$P_SRV key_file=data_files/server5.key \
				3654	crt_file=data_files/server5.ku-ke.crt" \
				3655	"$P_CLI" \
				3656	1 \
				3657	-C "Ciphersuite is "
				3658
				3659	# Tests for keyUsage in leaf certificates, part 2:
				3660	# client-side checking of server cert
				3661
				3662	run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
				3663	"$O_SRV -key data_files/server2.key \
				3664	-cert data_files/server2.ku-ds_ke.crt" \
				3665	"$P_CLI debug_level=1 \
				3666	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				3667	0 \
				3668	-C "bad certificate (usage extensions)" \
				3669	-C "Processing of the Certificate handshake message failed" \
				3670	-c "Ciphersuite is TLS-"
				3671
				3672	run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
				3673	"$O_SRV -key data_files/server2.key \
				3674	-cert data_files/server2.ku-ds_ke.crt" \
				3675	"$P_CLI debug_level=1 \
				3676	force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
				3677	0 \
				3678	-C "bad certificate (usage extensions)" \
				3679	-C "Processing of the Certificate handshake message failed" \
				3680	-c "Ciphersuite is TLS-"
				3681
				3682	run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
				3683	"$O_SRV -key data_files/server2.key \
				3684	-cert data_files/server2.ku-ke.crt" \
				3685	"$P_CLI debug_level=1 \
				3686	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				3687	0 \
				3688	-C "bad certificate (usage extensions)" \
				3689	-C "Processing of the Certificate handshake message failed" \
				3690	-c "Ciphersuite is TLS-"
				3691
				3692	run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
				3693	"$O_SRV -key data_files/server2.key \
				3694	-cert data_files/server2.ku-ke.crt" \
				3695	"$P_CLI debug_level=1 \
				3696	force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
				3697	1 \
				3698	-c "bad certificate (usage extensions)" \
				3699	-c "Processing of the Certificate handshake message failed" \
				3700	-C "Ciphersuite is TLS-"
				3701
				3702	run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
				3703	"$O_SRV -key data_files/server2.key \
				3704	-cert data_files/server2.ku-ke.crt" \
				3705	"$P_CLI debug_level=1 auth_mode=optional \
				3706	force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
				3707	0 \
				3708	-c "bad certificate (usage extensions)" \
				3709	-C "Processing of the Certificate handshake message failed" \
				3710	-c "Ciphersuite is TLS-" \
				3711	-c "! Usage does not match the keyUsage extension"
				3712
				3713	run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
				3714	"$O_SRV -key data_files/server2.key \
				3715	-cert data_files/server2.ku-ds.crt" \
				3716	"$P_CLI debug_level=1 \
				3717	force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
				3718	0 \
				3719	-C "bad certificate (usage extensions)" \
				3720	-C "Processing of the Certificate handshake message failed" \
				3721	-c "Ciphersuite is TLS-"
				3722
				3723	run_test "keyUsage cli: DigitalSignature, RSA: fail" \
				3724	"$O_SRV -key data_files/server2.key \
				3725	-cert data_files/server2.ku-ds.crt" \
				3726	"$P_CLI debug_level=1 \
				3727	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				3728	1 \
				3729	-c "bad certificate (usage extensions)" \
				3730	-c "Processing of the Certificate handshake message failed" \
				3731	-C "Ciphersuite is TLS-"
				3732
				3733	run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
				3734	"$O_SRV -key data_files/server2.key \
				3735	-cert data_files/server2.ku-ds.crt" \
				3736	"$P_CLI debug_level=1 auth_mode=optional \
				3737	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				3738	0 \
				3739	-c "bad certificate (usage extensions)" \
				3740	-C "Processing of the Certificate handshake message failed" \
				3741	-c "Ciphersuite is TLS-" \
				3742	-c "! Usage does not match the keyUsage extension"
				3743
				3744	# Tests for keyUsage in leaf certificates, part 3:
				3745	# server-side checking of client cert
				3746
				3747	run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
				3748	"$P_SRV debug_level=1 auth_mode=optional" \
				3749	"$O_CLI -key data_files/server2.key \
				3750	-cert data_files/server2.ku-ds.crt" \
				3751	0 \
				3752	-S "bad certificate (usage extensions)" \
				3753	-S "Processing of the Certificate handshake message failed"
				3754
				3755	run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
				3756	"$P_SRV debug_level=1 auth_mode=optional" \
				3757	"$O_CLI -key data_files/server2.key \
				3758	-cert data_files/server2.ku-ke.crt" \
				3759	0 \
				3760	-s "bad certificate (usage extensions)" \
				3761	-S "Processing of the Certificate handshake message failed"
				3762
				3763	run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
				3764	"$P_SRV debug_level=1 auth_mode=required" \
				3765	"$O_CLI -key data_files/server2.key \
				3766	-cert data_files/server2.ku-ke.crt" \
				3767	1 \
				3768	-s "bad certificate (usage extensions)" \
				3769	-s "Processing of the Certificate handshake message failed"
				3770
				3771	run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
				3772	"$P_SRV debug_level=1 auth_mode=optional" \
				3773	"$O_CLI -key data_files/server5.key \
				3774	-cert data_files/server5.ku-ds.crt" \
				3775	0 \
				3776	-S "bad certificate (usage extensions)" \
				3777	-S "Processing of the Certificate handshake message failed"
				3778
				3779	run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
				3780	"$P_SRV debug_level=1 auth_mode=optional" \
				3781	"$O_CLI -key data_files/server5.key \
				3782	-cert data_files/server5.ku-ka.crt" \
				3783	0 \
				3784	-s "bad certificate (usage extensions)" \
				3785	-S "Processing of the Certificate handshake message failed"
				3786
				3787	# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
				3788
				3789	run_test "extKeyUsage srv: serverAuth -> OK" \
				3790	"$P_SRV key_file=data_files/server5.key \
				3791	crt_file=data_files/server5.eku-srv.crt" \
				3792	"$P_CLI" \
				3793	0
				3794
				3795	run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
				3796	"$P_SRV key_file=data_files/server5.key \
				3797	crt_file=data_files/server5.eku-srv.crt" \
				3798	"$P_CLI" \
				3799	0
				3800
				3801	run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
				3802	"$P_SRV key_file=data_files/server5.key \
				3803	crt_file=data_files/server5.eku-cs_any.crt" \
				3804	"$P_CLI" \
				3805	0
				3806
				3807	run_test "extKeyUsage srv: codeSign -> fail" \
				3808	"$P_SRV key_file=data_files/server5.key \
				3809	crt_file=data_files/server5.eku-cli.crt" \
				3810	"$P_CLI" \
				3811	1
				3812
				3813	# Tests for extendedKeyUsage, part 2: client-side checking of server cert
				3814
				3815	run_test "extKeyUsage cli: serverAuth -> OK" \
				3816	"$O_SRV -key data_files/server5.key \
				3817	-cert data_files/server5.eku-srv.crt" \
				3818	"$P_CLI debug_level=1" \
				3819	0 \
				3820	-C "bad certificate (usage extensions)" \
				3821	-C "Processing of the Certificate handshake message failed" \
				3822	-c "Ciphersuite is TLS-"
				3823
				3824	run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
				3825	"$O_SRV -key data_files/server5.key \
				3826	-cert data_files/server5.eku-srv_cli.crt" \
				3827	"$P_CLI debug_level=1" \
				3828	0 \
				3829	-C "bad certificate (usage extensions)" \
				3830	-C "Processing of the Certificate handshake message failed" \
				3831	-c "Ciphersuite is TLS-"
				3832
				3833	run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
				3834	"$O_SRV -key data_files/server5.key \
				3835	-cert data_files/server5.eku-cs_any.crt" \
				3836	"$P_CLI debug_level=1" \
				3837	0 \
				3838	-C "bad certificate (usage extensions)" \
				3839	-C "Processing of the Certificate handshake message failed" \
				3840	-c "Ciphersuite is TLS-"
				3841
				3842	run_test "extKeyUsage cli: codeSign -> fail" \
				3843	"$O_SRV -key data_files/server5.key \
				3844	-cert data_files/server5.eku-cs.crt" \
				3845	"$P_CLI debug_level=1" \
				3846	1 \
				3847	-c "bad certificate (usage extensions)" \
				3848	-c "Processing of the Certificate handshake message failed" \
				3849	-C "Ciphersuite is TLS-"
				3850
				3851	# Tests for extendedKeyUsage, part 3: server-side checking of client cert
				3852
				3853	run_test "extKeyUsage cli-auth: clientAuth -> OK" \
				3854	"$P_SRV debug_level=1 auth_mode=optional" \
				3855	"$O_CLI -key data_files/server5.key \
				3856	-cert data_files/server5.eku-cli.crt" \
				3857	0 \
				3858	-S "bad certificate (usage extensions)" \
				3859	-S "Processing of the Certificate handshake message failed"
				3860
				3861	run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
				3862	"$P_SRV debug_level=1 auth_mode=optional" \
				3863	"$O_CLI -key data_files/server5.key \
				3864	-cert data_files/server5.eku-srv_cli.crt" \
				3865	0 \
				3866	-S "bad certificate (usage extensions)" \
				3867	-S "Processing of the Certificate handshake message failed"
				3868
				3869	run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
				3870	"$P_SRV debug_level=1 auth_mode=optional" \
				3871	"$O_CLI -key data_files/server5.key \
				3872	-cert data_files/server5.eku-cs_any.crt" \
				3873	0 \
				3874	-S "bad certificate (usage extensions)" \
				3875	-S "Processing of the Certificate handshake message failed"
				3876
				3877	run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
				3878	"$P_SRV debug_level=1 auth_mode=optional" \
				3879	"$O_CLI -key data_files/server5.key \
				3880	-cert data_files/server5.eku-cs.crt" \
				3881	0 \
				3882	-s "bad certificate (usage extensions)" \
				3883	-S "Processing of the Certificate handshake message failed"
				3884
				3885	run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
				3886	"$P_SRV debug_level=1 auth_mode=required" \
				3887	"$O_CLI -key data_files/server5.key \
				3888	-cert data_files/server5.eku-cs.crt" \
				3889	1 \
				3890	-s "bad certificate (usage extensions)" \
				3891	-s "Processing of the Certificate handshake message failed"
				3892
				3893	# Tests for DHM parameters loading
				3894
				3895	run_test "DHM parameters: reference" \
				3896	"$P_SRV" \
				3897	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3898	debug_level=3" \
				3899	0 \
				3900	-c "value of 'DHM: P ' (2048 bits)" \
				3901	-c "value of 'DHM: G ' (2 bits)"
				3902
				3903	run_test "DHM parameters: other parameters" \
				3904	"$P_SRV dhm_file=data_files/dhparams.pem" \
				3905	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3906	debug_level=3" \
				3907	0 \
				3908	-c "value of 'DHM: P ' (1024 bits)" \
				3909	-c "value of 'DHM: G ' (2 bits)"
				3910
				3911	# Tests for DHM client-side size checking
				3912
				3913	run_test "DHM size: server default, client default, OK" \
				3914	"$P_SRV" \
				3915	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3916	debug_level=1" \
				3917	0 \
				3918	-C "DHM prime too short:"
				3919
				3920	run_test "DHM size: server default, client 2048, OK" \
				3921	"$P_SRV" \
				3922	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3923	debug_level=1 dhmlen=2048" \
				3924	0 \
				3925	-C "DHM prime too short:"
				3926
				3927	run_test "DHM size: server 1024, client default, OK" \
				3928	"$P_SRV dhm_file=data_files/dhparams.pem" \
				3929	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3930	debug_level=1" \
				3931	0 \
				3932	-C "DHM prime too short:"
				3933
				3934	run_test "DHM size: server 1000, client default, rejected" \
				3935	"$P_SRV dhm_file=data_files/dh.1000.pem" \
				3936	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3937	debug_level=1" \
				3938	1 \
				3939	-c "DHM prime too short:"
				3940
				3941	run_test "DHM size: server default, client 2049, rejected" \
				3942	"$P_SRV" \
				3943	"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
				3944	debug_level=1 dhmlen=2049" \
				3945	1 \
				3946	-c "DHM prime too short:"
				3947
				3948	# Tests for PSK callback
				3949
				3950	run_test "PSK callback: psk, no callback" \
				3951	"$P_SRV psk=abc123 psk_identity=foo" \
				3952	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				3953	psk_identity=foo psk=abc123" \
				3954	0 \
				3955	-S "SSL - None of the common ciphersuites is usable" \
				3956	-S "SSL - Unknown identity received" \
				3957	-S "SSL - Verification of the message MAC failed"
				3958
				3959	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				3960	run_test "PSK callback: opaque psk on client, no callback" \
				3961	"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
				3962	"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				3963	psk_identity=foo psk=abc123 psk_opaque=1" \
				3964	0 \
				3965	-c "skip PMS generation for opaque PSK"\
				3966	-S "skip PMS generation for opaque PSK"\
				3967	-C "using extended master secret"\
				3968	-S "using extended master secret"\
				3969	-S "SSL - None of the common ciphersuites is usable" \
				3970	-S "SSL - Unknown identity received" \
				3971	-S "SSL - Verification of the message MAC failed"
				3972
				3973	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				3974	run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
				3975	"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
				3976	"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				3977	psk_identity=foo psk=abc123 psk_opaque=1" \
				3978	0 \
				3979	-c "skip PMS generation for opaque PSK"\
				3980	-S "skip PMS generation for opaque PSK"\
				3981	-C "using extended master secret"\
				3982	-S "using extended master secret"\
				3983	-S "SSL - None of the common ciphersuites is usable" \
				3984	-S "SSL - Unknown identity received" \
				3985	-S "SSL - Verification of the message MAC failed"
				3986
				3987	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				3988	run_test "PSK callback: opaque psk on client, no callback, EMS" \
				3989	"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
				3990	"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				3991	psk_identity=foo psk=abc123 psk_opaque=1" \
				3992	0 \
				3993	-c "skip PMS generation for opaque PSK"\
				3994	-S "skip PMS generation for opaque PSK"\
				3995	-c "using extended master secret"\
				3996	-s "using extended master secret"\
				3997	-S "SSL - None of the common ciphersuites is usable" \
				3998	-S "SSL - Unknown identity received" \
				3999	-S "SSL - Verification of the message MAC failed"
				4000
				4001	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4002	run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
				4003	"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
				4004	"$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				4005	psk_identity=foo psk=abc123 psk_opaque=1" \
				4006	0 \
				4007	-c "skip PMS generation for opaque PSK"\
				4008	-S "skip PMS generation for opaque PSK"\
				4009	-c "using extended master secret"\
				4010	-s "using extended master secret"\
				4011	-S "SSL - None of the common ciphersuites is usable" \
				4012	-S "SSL - Unknown identity received" \
				4013	-S "SSL - Verification of the message MAC failed"
				4014
				4015	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4016	run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
				4017	"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4018	"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4019	psk_identity=foo psk=abc123" \
				4020	0 \
				4021	-C "skip PMS generation for opaque PSK"\
				4022	-s "skip PMS generation for opaque PSK"\
				4023	-C "using extended master secret"\
				4024	-S "using extended master secret"\
				4025	-S "SSL - None of the common ciphersuites is usable" \
				4026	-S "SSL - Unknown identity received" \
				4027	-S "SSL - Verification of the message MAC failed"
				4028
				4029	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4030	run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
				4031	"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
				4032	"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				4033	psk_identity=foo psk=abc123" \
				4034	0 \
				4035	-C "skip PMS generation for opaque PSK"\
				4036	-s "skip PMS generation for opaque PSK"\
				4037	-C "using extended master secret"\
				4038	-S "using extended master secret"\
				4039	-S "SSL - None of the common ciphersuites is usable" \
				4040	-S "SSL - Unknown identity received" \
				4041	-S "SSL - Verification of the message MAC failed"
				4042
				4043	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4044	run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
				4045	"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
				4046	force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
				4047	"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4048	psk_identity=foo psk=abc123 extended_ms=1" \
				4049	0 \
				4050	-c "using extended master secret"\
				4051	-s "using extended master secret"\
				4052	-C "skip PMS generation for opaque PSK"\
				4053	-s "skip PMS generation for opaque PSK"\
				4054	-S "SSL - None of the common ciphersuites is usable" \
				4055	-S "SSL - Unknown identity received" \
				4056	-S "SSL - Verification of the message MAC failed"
				4057
				4058	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4059	run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
				4060	"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
				4061	force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
				4062	"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				4063	psk_identity=foo psk=abc123 extended_ms=1" \
				4064	0 \
				4065	-c "using extended master secret"\
				4066	-s "using extended master secret"\
				4067	-C "skip PMS generation for opaque PSK"\
				4068	-s "skip PMS generation for opaque PSK"\
				4069	-S "SSL - None of the common ciphersuites is usable" \
				4070	-S "SSL - Unknown identity received" \
				4071	-S "SSL - Verification of the message MAC failed"
				4072
				4073	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4074	run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
				4075	"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4076	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4077	psk_identity=def psk=beef" \
				4078	0 \
				4079	-C "skip PMS generation for opaque PSK"\
				4080	-s "skip PMS generation for opaque PSK"\
				4081	-C "using extended master secret"\
				4082	-S "using extended master secret"\
				4083	-S "SSL - None of the common ciphersuites is usable" \
				4084	-S "SSL - Unknown identity received" \
				4085	-S "SSL - Verification of the message MAC failed"
				4086
				4087	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4088	run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
				4089	"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
				4090	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				4091	psk_identity=def psk=beef" \
				4092	0 \
				4093	-C "skip PMS generation for opaque PSK"\
				4094	-s "skip PMS generation for opaque PSK"\
				4095	-C "using extended master secret"\
				4096	-S "using extended master secret"\
				4097	-S "SSL - None of the common ciphersuites is usable" \
				4098	-S "SSL - Unknown identity received" \
				4099	-S "SSL - Verification of the message MAC failed"
				4100
				4101	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4102	run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
				4103	"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
				4104	force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
				4105	"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4106	psk_identity=abc psk=dead extended_ms=1" \
				4107	0 \
				4108	-c "using extended master secret"\
				4109	-s "using extended master secret"\
				4110	-C "skip PMS generation for opaque PSK"\
				4111	-s "skip PMS generation for opaque PSK"\
				4112	-S "SSL - None of the common ciphersuites is usable" \
				4113	-S "SSL - Unknown identity received" \
				4114	-S "SSL - Verification of the message MAC failed"
				4115
				4116	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4117	run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
				4118	"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
				4119	force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
				4120	"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
				4121	psk_identity=abc psk=dead extended_ms=1" \
				4122	0 \
				4123	-c "using extended master secret"\
				4124	-s "using extended master secret"\
				4125	-C "skip PMS generation for opaque PSK"\
				4126	-s "skip PMS generation for opaque PSK"\
				4127	-S "SSL - None of the common ciphersuites is usable" \
				4128	-S "SSL - Unknown identity received" \
				4129	-S "SSL - Verification of the message MAC failed"
				4130
				4131	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4132	run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
				4133	"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4134	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4135	psk_identity=def psk=beef" \
				4136	0 \
				4137	-C "skip PMS generation for opaque PSK"\
				4138	-s "skip PMS generation for opaque PSK"\
				4139	-C "using extended master secret"\
				4140	-S "using extended master secret"\
				4141	-S "SSL - None of the common ciphersuites is usable" \
				4142	-S "SSL - Unknown identity received" \
				4143	-S "SSL - Verification of the message MAC failed"
				4144
				4145	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4146	run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
				4147	"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4148	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4149	psk_identity=def psk=beef" \
				4150	0 \
				4151	-C "skip PMS generation for opaque PSK"\
				4152	-s "skip PMS generation for opaque PSK"\
				4153	-C "using extended master secret"\
				4154	-S "using extended master secret"\
				4155	-S "SSL - None of the common ciphersuites is usable" \
				4156	-S "SSL - Unknown identity received" \
				4157	-S "SSL - Verification of the message MAC failed"
				4158
				4159	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4160	run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
				4161	"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4162	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4163	psk_identity=def psk=beef" \
				4164	0 \
				4165	-C "skip PMS generation for opaque PSK"\
				4166	-C "using extended master secret"\
				4167	-S "using extended master secret"\
				4168	-S "SSL - None of the common ciphersuites is usable" \
				4169	-S "SSL - Unknown identity received" \
				4170	-S "SSL - Verification of the message MAC failed"
				4171
				4172	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4173	run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
				4174	"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4175	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4176	psk_identity=def psk=beef" \
				4177	0 \
				4178	-C "skip PMS generation for opaque PSK"\
				4179	-C "using extended master secret"\
				4180	-S "using extended master secret"\
				4181	-S "SSL - None of the common ciphersuites is usable" \
				4182	-S "SSL - Unknown identity received" \
				4183	-S "SSL - Verification of the message MAC failed"
				4184
				4185	requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
				4186	run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
				4187	"$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
				4188	"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4189	psk_identity=def psk=beef" \
				4190	1 \
				4191	-s "SSL - Verification of the message MAC failed"
				4192
				4193	run_test "PSK callback: no psk, no callback" \
				4194	"$P_SRV" \
				4195	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4196	psk_identity=foo psk=abc123" \
				4197	1 \
				4198	-s "SSL - None of the common ciphersuites is usable" \
				4199	-S "SSL - Unknown identity received" \
				4200	-S "SSL - Verification of the message MAC failed"
				4201
				4202	run_test "PSK callback: callback overrides other settings" \
				4203	"$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
				4204	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4205	psk_identity=foo psk=abc123" \
				4206	1 \
				4207	-S "SSL - None of the common ciphersuites is usable" \
				4208	-s "SSL - Unknown identity received" \
				4209	-S "SSL - Verification of the message MAC failed"
				4210
				4211	run_test "PSK callback: first id matches" \
				4212	"$P_SRV psk_list=abc,dead,def,beef" \
				4213	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4214	psk_identity=abc psk=dead" \
				4215	0 \
				4216	-S "SSL - None of the common ciphersuites is usable" \
				4217	-S "SSL - Unknown identity received" \
				4218	-S "SSL - Verification of the message MAC failed"
				4219
				4220	run_test "PSK callback: second id matches" \
				4221	"$P_SRV psk_list=abc,dead,def,beef" \
				4222	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4223	psk_identity=def psk=beef" \
				4224	0 \
				4225	-S "SSL - None of the common ciphersuites is usable" \
				4226	-S "SSL - Unknown identity received" \
				4227	-S "SSL - Verification of the message MAC failed"
				4228
				4229	run_test "PSK callback: no match" \
				4230	"$P_SRV psk_list=abc,dead,def,beef" \
				4231	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4232	psk_identity=ghi psk=beef" \
				4233	1 \
				4234	-S "SSL - None of the common ciphersuites is usable" \
				4235	-s "SSL - Unknown identity received" \
				4236	-S "SSL - Verification of the message MAC failed"
				4237
				4238	run_test "PSK callback: wrong key" \
				4239	"$P_SRV psk_list=abc,dead,def,beef" \
				4240	"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
				4241	psk_identity=abc psk=beef" \
				4242	1 \
				4243	-S "SSL - None of the common ciphersuites is usable" \
				4244	-S "SSL - Unknown identity received" \
				4245	-s "SSL - Verification of the message MAC failed"
				4246
				4247	# Tests for EC J-PAKE
				4248
				4249	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4250	run_test "ECJPAKE: client not configured" \
				4251	"$P_SRV debug_level=3" \
				4252	"$P_CLI debug_level=3" \
				4253	0 \
				4254	-C "add ciphersuite: c0ff" \
				4255	-C "adding ecjpake_kkpp extension" \
				4256	-S "found ecjpake kkpp extension" \
				4257	-S "skip ecjpake kkpp extension" \
				4258	-S "ciphersuite mismatch: ecjpake not configured" \
				4259	-S "server hello, ecjpake kkpp extension" \
				4260	-C "found ecjpake_kkpp extension" \
				4261	-S "None of the common ciphersuites is usable"
				4262
				4263	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4264	run_test "ECJPAKE: server not configured" \
				4265	"$P_SRV debug_level=3" \
				4266	"$P_CLI debug_level=3 ecjpake_pw=bla \
				4267	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4268	1 \
				4269	-c "add ciphersuite: c0ff" \
				4270	-c "adding ecjpake_kkpp extension" \
				4271	-s "found ecjpake kkpp extension" \
				4272	-s "skip ecjpake kkpp extension" \
				4273	-s "ciphersuite mismatch: ecjpake not configured" \
				4274	-S "server hello, ecjpake kkpp extension" \
				4275	-C "found ecjpake_kkpp extension" \
				4276	-s "None of the common ciphersuites is usable"
				4277
				4278	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4279	run_test "ECJPAKE: working, TLS" \
				4280	"$P_SRV debug_level=3 ecjpake_pw=bla" \
				4281	"$P_CLI debug_level=3 ecjpake_pw=bla \
				4282	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4283	0 \
				4284	-c "add ciphersuite: c0ff" \
				4285	-c "adding ecjpake_kkpp extension" \
				4286	-C "re-using cached ecjpake parameters" \
				4287	-s "found ecjpake kkpp extension" \
				4288	-S "skip ecjpake kkpp extension" \
				4289	-S "ciphersuite mismatch: ecjpake not configured" \
				4290	-s "server hello, ecjpake kkpp extension" \
				4291	-c "found ecjpake_kkpp extension" \
				4292	-S "None of the common ciphersuites is usable" \
				4293	-S "SSL - Verification of the message MAC failed"
				4294
				4295	server_needs_more_time 1
				4296	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4297	run_test "ECJPAKE: password mismatch, TLS" \
				4298	"$P_SRV debug_level=3 ecjpake_pw=bla" \
				4299	"$P_CLI debug_level=3 ecjpake_pw=bad \
				4300	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4301	1 \
				4302	-C "re-using cached ecjpake parameters" \
				4303	-s "SSL - Verification of the message MAC failed"
				4304
				4305	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4306	run_test "ECJPAKE: working, DTLS" \
				4307	"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
				4308	"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
				4309	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4310	0 \
				4311	-c "re-using cached ecjpake parameters" \
				4312	-S "SSL - Verification of the message MAC failed"
				4313
				4314	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4315	run_test "ECJPAKE: working, DTLS, no cookie" \
				4316	"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
				4317	"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
				4318	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4319	0 \
				4320	-C "re-using cached ecjpake parameters" \
				4321	-S "SSL - Verification of the message MAC failed"
				4322
				4323	server_needs_more_time 1
				4324	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4325	run_test "ECJPAKE: password mismatch, DTLS" \
				4326	"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
				4327	"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
				4328	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4329	1 \
				4330	-c "re-using cached ecjpake parameters" \
				4331	-s "SSL - Verification of the message MAC failed"
				4332
				4333	# for tests with configs/config-thread.h
				4334	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
				4335	run_test "ECJPAKE: working, DTLS, nolog" \
				4336	"$P_SRV dtls=1 ecjpake_pw=bla" \
				4337	"$P_CLI dtls=1 ecjpake_pw=bla \
				4338	force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
				4339	0
				4340
				4341	# Tests for ciphersuites per version
				4342
				4343	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4344	requires_config_enabled MBEDTLS_CAMELLIA_C
				4345	requires_config_enabled MBEDTLS_AES_C
				4346	run_test "Per-version suites: SSL3" \
				4347	"$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
				4348	"$P_CLI force_version=ssl3" \
				4349	0 \
				4350	-c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
				4351
				4352	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
				4353	requires_config_enabled MBEDTLS_CAMELLIA_C
				4354	requires_config_enabled MBEDTLS_AES_C
				4355	run_test "Per-version suites: TLS 1.0" \
				4356	"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
				4357	"$P_CLI force_version=tls1 arc4=1" \
				4358	0 \
				4359	-c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
				4360
				4361	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				4362	requires_config_enabled MBEDTLS_CAMELLIA_C
				4363	requires_config_enabled MBEDTLS_AES_C
				4364	run_test "Per-version suites: TLS 1.1" \
				4365	"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
				4366	"$P_CLI force_version=tls1_1" \
				4367	0 \
				4368	-c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
				4369
				4370	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				4371	requires_config_enabled MBEDTLS_CAMELLIA_C
				4372	requires_config_enabled MBEDTLS_AES_C
				4373	run_test "Per-version suites: TLS 1.2" \
				4374	"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
				4375	"$P_CLI force_version=tls1_2" \
				4376	0 \
				4377	-c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
				4378
				4379	# Test for ClientHello without extensions
				4380
				4381	requires_gnutls
				4382	run_test "ClientHello without extensions, SHA-1 allowed" \
				4383	"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
				4384	"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
				4385	0 \
				4386	-s "dumping 'client hello extensions' (0 bytes)"
				4387
				4388	requires_gnutls
				4389	run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
				4390	"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
				4391	"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
				4392	0 \
				4393	-s "dumping 'client hello extensions' (0 bytes)"
				4394
				4395	# Tests for mbedtls_ssl_get_bytes_avail()
				4396
				4397	run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
				4398	"$P_SRV" \
				4399	"$P_CLI request_size=100" \
				4400	0 \
				4401	-s "Read from client: 100 bytes read$"
				4402
				4403	run_test "mbedtls_ssl_get_bytes_avail: extra data" \
				4404	"$P_SRV" \
				4405	"$P_CLI request_size=500" \
				4406	0 \
				4407	-s "Read from client: 500 bytes read (.+.)"
				4408
				4409	# Tests for small client packets
				4410
				4411	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4412	run_test "Small client packet SSLv3 BlockCipher" \
				4413	"$P_SRV min_version=ssl3" \
				4414	"$P_CLI request_size=1 force_version=ssl3 \
				4415	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4416	0 \
				4417	-s "Read from client: 1 bytes read"
				4418
				4419	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4420	run_test "Small client packet SSLv3 StreamCipher" \
				4421	"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4422	"$P_CLI request_size=1 force_version=ssl3 \
				4423	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4424	0 \
				4425	-s "Read from client: 1 bytes read"
				4426
				4427	run_test "Small client packet TLS 1.0 BlockCipher" \
				4428	"$P_SRV" \
				4429	"$P_CLI request_size=1 force_version=tls1 \
				4430	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4431	0 \
				4432	-s "Read from client: 1 bytes read"
				4433
				4434	run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
				4435	"$P_SRV" \
				4436	"$P_CLI request_size=1 force_version=tls1 etm=0 \
				4437	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4438	0 \
				4439	-s "Read from client: 1 bytes read"
				4440
				4441	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4442	run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
				4443	"$P_SRV trunc_hmac=1" \
				4444	"$P_CLI request_size=1 force_version=tls1 \
				4445	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4446	0 \
				4447	-s "Read from client: 1 bytes read"
				4448
				4449	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4450	run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
				4451	"$P_SRV trunc_hmac=1" \
				4452	"$P_CLI request_size=1 force_version=tls1 \
				4453	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4454	0 \
				4455	-s "Read from client: 1 bytes read"
				4456
				4457	run_test "Small client packet TLS 1.0 StreamCipher" \
				4458	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4459	"$P_CLI request_size=1 force_version=tls1 \
				4460	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4461	0 \
				4462	-s "Read from client: 1 bytes read"
				4463
				4464	run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \
				4465	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4466	"$P_CLI request_size=1 force_version=tls1 \
				4467	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4468	0 \
				4469	-s "Read from client: 1 bytes read"
				4470
				4471	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4472	run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
				4473	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4474	"$P_CLI request_size=1 force_version=tls1 \
				4475	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4476	0 \
				4477	-s "Read from client: 1 bytes read"
				4478
				4479	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4480	run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
				4481	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4482	"$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				4483	trunc_hmac=1 etm=0" \
				4484	0 \
				4485	-s "Read from client: 1 bytes read"
				4486
				4487	run_test "Small client packet TLS 1.1 BlockCipher" \
				4488	"$P_SRV" \
				4489	"$P_CLI request_size=1 force_version=tls1_1 \
				4490	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4491	0 \
				4492	-s "Read from client: 1 bytes read"
				4493
				4494	run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
				4495	"$P_SRV" \
				4496	"$P_CLI request_size=1 force_version=tls1_1 \
				4497	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
				4498	0 \
				4499	-s "Read from client: 1 bytes read"
				4500
				4501	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4502	run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
				4503	"$P_SRV trunc_hmac=1" \
				4504	"$P_CLI request_size=1 force_version=tls1_1 \
				4505	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4506	0 \
				4507	-s "Read from client: 1 bytes read"
				4508
				4509	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4510	run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
				4511	"$P_SRV trunc_hmac=1" \
				4512	"$P_CLI request_size=1 force_version=tls1_1 \
				4513	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4514	0 \
				4515	-s "Read from client: 1 bytes read"
				4516
				4517	run_test "Small client packet TLS 1.1 StreamCipher" \
				4518	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4519	"$P_CLI request_size=1 force_version=tls1_1 \
				4520	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4521	0 \
				4522	-s "Read from client: 1 bytes read"
				4523
				4524	run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \
				4525	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4526	"$P_CLI request_size=1 force_version=tls1_1 \
				4527	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4528	0 \
				4529	-s "Read from client: 1 bytes read"
				4530
				4531	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4532	run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
				4533	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4534	"$P_CLI request_size=1 force_version=tls1_1 \
				4535	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4536	0 \
				4537	-s "Read from client: 1 bytes read"
				4538
				4539	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4540	run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
				4541	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4542	"$P_CLI request_size=1 force_version=tls1_1 \
				4543	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				4544	0 \
				4545	-s "Read from client: 1 bytes read"
				4546
				4547	run_test "Small client packet TLS 1.2 BlockCipher" \
				4548	"$P_SRV" \
				4549	"$P_CLI request_size=1 force_version=tls1_2 \
				4550	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4551	0 \
				4552	-s "Read from client: 1 bytes read"
				4553
				4554	run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
				4555	"$P_SRV" \
				4556	"$P_CLI request_size=1 force_version=tls1_2 \
				4557	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
				4558	0 \
				4559	-s "Read from client: 1 bytes read"
				4560
				4561	run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
				4562	"$P_SRV" \
				4563	"$P_CLI request_size=1 force_version=tls1_2 \
				4564	force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
				4565	0 \
				4566	-s "Read from client: 1 bytes read"
				4567
				4568	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4569	run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
				4570	"$P_SRV trunc_hmac=1" \
				4571	"$P_CLI request_size=1 force_version=tls1_2 \
				4572	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4573	0 \
				4574	-s "Read from client: 1 bytes read"
				4575
				4576	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4577	run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
				4578	"$P_SRV trunc_hmac=1" \
				4579	"$P_CLI request_size=1 force_version=tls1_2 \
				4580	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4581	0 \
				4582	-s "Read from client: 1 bytes read"
				4583
				4584	run_test "Small client packet TLS 1.2 StreamCipher" \
				4585	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4586	"$P_CLI request_size=1 force_version=tls1_2 \
				4587	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4588	0 \
				4589	-s "Read from client: 1 bytes read"
				4590
				4591	run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
				4592	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4593	"$P_CLI request_size=1 force_version=tls1_2 \
				4594	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4595	0 \
				4596	-s "Read from client: 1 bytes read"
				4597
				4598	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4599	run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
				4600	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4601	"$P_CLI request_size=1 force_version=tls1_2 \
				4602	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4603	0 \
				4604	-s "Read from client: 1 bytes read"
				4605
				4606	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4607	run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
				4608	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4609	"$P_CLI request_size=1 force_version=tls1_2 \
				4610	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				4611	0 \
				4612	-s "Read from client: 1 bytes read"
				4613
				4614	run_test "Small client packet TLS 1.2 AEAD" \
				4615	"$P_SRV" \
				4616	"$P_CLI request_size=1 force_version=tls1_2 \
				4617	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
				4618	0 \
				4619	-s "Read from client: 1 bytes read"
				4620
				4621	run_test "Small client packet TLS 1.2 AEAD shorter tag" \
				4622	"$P_SRV" \
				4623	"$P_CLI request_size=1 force_version=tls1_2 \
				4624	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
				4625	0 \
				4626	-s "Read from client: 1 bytes read"
				4627
				4628	# Tests for small client packets in DTLS
				4629
				4630	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4631	run_test "Small client packet DTLS 1.0" \
				4632	"$P_SRV dtls=1 force_version=dtls1" \
				4633	"$P_CLI dtls=1 request_size=1 \
				4634	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4635	0 \
				4636	-s "Read from client: 1 bytes read"
				4637
				4638	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4639	run_test "Small client packet DTLS 1.0, without EtM" \
				4640	"$P_SRV dtls=1 force_version=dtls1 etm=0" \
				4641	"$P_CLI dtls=1 request_size=1 \
				4642	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4643	0 \
				4644	-s "Read from client: 1 bytes read"
				4645
				4646	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4647	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4648	run_test "Small client packet DTLS 1.0, truncated hmac" \
				4649	"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
				4650	"$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
				4651	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4652	0 \
				4653	-s "Read from client: 1 bytes read"
				4654
				4655	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4656	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4657	run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
				4658	"$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
				4659	"$P_CLI dtls=1 request_size=1 \
				4660	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
				4661	0 \
				4662	-s "Read from client: 1 bytes read"
				4663
				4664	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4665	run_test "Small client packet DTLS 1.2" \
				4666	"$P_SRV dtls=1 force_version=dtls1_2" \
				4667	"$P_CLI dtls=1 request_size=1 \
				4668	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4669	0 \
				4670	-s "Read from client: 1 bytes read"
				4671
				4672	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4673	run_test "Small client packet DTLS 1.2, without EtM" \
				4674	"$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
				4675	"$P_CLI dtls=1 request_size=1 \
				4676	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4677	0 \
				4678	-s "Read from client: 1 bytes read"
				4679
				4680	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4681	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4682	run_test "Small client packet DTLS 1.2, truncated hmac" \
				4683	"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
				4684	"$P_CLI dtls=1 request_size=1 \
				4685	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4686	0 \
				4687	-s "Read from client: 1 bytes read"
				4688
				4689	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4690	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4691	run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
				4692	"$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
				4693	"$P_CLI dtls=1 request_size=1 \
				4694	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
				4695	0 \
				4696	-s "Read from client: 1 bytes read"
				4697
				4698	# Tests for small server packets
				4699
				4700	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4701	run_test "Small server packet SSLv3 BlockCipher" \
				4702	"$P_SRV response_size=1 min_version=ssl3" \
				4703	"$P_CLI force_version=ssl3 \
				4704	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4705	0 \
				4706	-c "Read from server: 1 bytes read"
				4707
				4708	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4709	run_test "Small server packet SSLv3 StreamCipher" \
				4710	"$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4711	"$P_CLI force_version=ssl3 \
				4712	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4713	0 \
				4714	-c "Read from server: 1 bytes read"
				4715
				4716	run_test "Small server packet TLS 1.0 BlockCipher" \
				4717	"$P_SRV response_size=1" \
				4718	"$P_CLI force_version=tls1 \
				4719	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4720	0 \
				4721	-c "Read from server: 1 bytes read"
				4722
				4723	run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
				4724	"$P_SRV response_size=1" \
				4725	"$P_CLI force_version=tls1 etm=0 \
				4726	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4727	0 \
				4728	-c "Read from server: 1 bytes read"
				4729
				4730	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4731	run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
				4732	"$P_SRV response_size=1 trunc_hmac=1" \
				4733	"$P_CLI force_version=tls1 \
				4734	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4735	0 \
				4736	-c "Read from server: 1 bytes read"
				4737
				4738	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4739	run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
				4740	"$P_SRV response_size=1 trunc_hmac=1" \
				4741	"$P_CLI force_version=tls1 \
				4742	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4743	0 \
				4744	-c "Read from server: 1 bytes read"
				4745
				4746	run_test "Small server packet TLS 1.0 StreamCipher" \
				4747	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4748	"$P_CLI force_version=tls1 \
				4749	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4750	0 \
				4751	-c "Read from server: 1 bytes read"
				4752
				4753	run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \
				4754	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4755	"$P_CLI force_version=tls1 \
				4756	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4757	0 \
				4758	-c "Read from server: 1 bytes read"
				4759
				4760	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4761	run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
				4762	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4763	"$P_CLI force_version=tls1 \
				4764	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4765	0 \
				4766	-c "Read from server: 1 bytes read"
				4767
				4768	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4769	run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
				4770	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4771	"$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				4772	trunc_hmac=1 etm=0" \
				4773	0 \
				4774	-c "Read from server: 1 bytes read"
				4775
				4776	run_test "Small server packet TLS 1.1 BlockCipher" \
				4777	"$P_SRV response_size=1" \
				4778	"$P_CLI force_version=tls1_1 \
				4779	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4780	0 \
				4781	-c "Read from server: 1 bytes read"
				4782
				4783	run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
				4784	"$P_SRV response_size=1" \
				4785	"$P_CLI force_version=tls1_1 \
				4786	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
				4787	0 \
				4788	-c "Read from server: 1 bytes read"
				4789
				4790	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4791	run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
				4792	"$P_SRV response_size=1 trunc_hmac=1" \
				4793	"$P_CLI force_version=tls1_1 \
				4794	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4795	0 \
				4796	-c "Read from server: 1 bytes read"
				4797
				4798	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4799	run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
				4800	"$P_SRV response_size=1 trunc_hmac=1" \
				4801	"$P_CLI force_version=tls1_1 \
				4802	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4803	0 \
				4804	-c "Read from server: 1 bytes read"
				4805
				4806	run_test "Small server packet TLS 1.1 StreamCipher" \
				4807	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4808	"$P_CLI force_version=tls1_1 \
				4809	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4810	0 \
				4811	-c "Read from server: 1 bytes read"
				4812
				4813	run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \
				4814	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4815	"$P_CLI force_version=tls1_1 \
				4816	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4817	0 \
				4818	-c "Read from server: 1 bytes read"
				4819
				4820	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4821	run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
				4822	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4823	"$P_CLI force_version=tls1_1 \
				4824	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4825	0 \
				4826	-c "Read from server: 1 bytes read"
				4827
				4828	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4829	run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
				4830	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4831	"$P_CLI force_version=tls1_1 \
				4832	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				4833	0 \
				4834	-c "Read from server: 1 bytes read"
				4835
				4836	run_test "Small server packet TLS 1.2 BlockCipher" \
				4837	"$P_SRV response_size=1" \
				4838	"$P_CLI force_version=tls1_2 \
				4839	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4840	0 \
				4841	-c "Read from server: 1 bytes read"
				4842
				4843	run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
				4844	"$P_SRV response_size=1" \
				4845	"$P_CLI force_version=tls1_2 \
				4846	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
				4847	0 \
				4848	-c "Read from server: 1 bytes read"
				4849
				4850	run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
				4851	"$P_SRV response_size=1" \
				4852	"$P_CLI force_version=tls1_2 \
				4853	force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
				4854	0 \
				4855	-c "Read from server: 1 bytes read"
				4856
				4857	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4858	run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
				4859	"$P_SRV response_size=1 trunc_hmac=1" \
				4860	"$P_CLI force_version=tls1_2 \
				4861	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4862	0 \
				4863	-c "Read from server: 1 bytes read"
				4864
				4865	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4866	run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
				4867	"$P_SRV response_size=1 trunc_hmac=1" \
				4868	"$P_CLI force_version=tls1_2 \
				4869	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				4870	0 \
				4871	-c "Read from server: 1 bytes read"
				4872
				4873	run_test "Small server packet TLS 1.2 StreamCipher" \
				4874	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4875	"$P_CLI force_version=tls1_2 \
				4876	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4877	0 \
				4878	-c "Read from server: 1 bytes read"
				4879
				4880	run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
				4881	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				4882	"$P_CLI force_version=tls1_2 \
				4883	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				4884	0 \
				4885	-c "Read from server: 1 bytes read"
				4886
				4887	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4888	run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
				4889	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4890	"$P_CLI force_version=tls1_2 \
				4891	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4892	0 \
				4893	-c "Read from server: 1 bytes read"
				4894
				4895	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4896	run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
				4897	"$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				4898	"$P_CLI force_version=tls1_2 \
				4899	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				4900	0 \
				4901	-c "Read from server: 1 bytes read"
				4902
				4903	run_test "Small server packet TLS 1.2 AEAD" \
				4904	"$P_SRV response_size=1" \
				4905	"$P_CLI force_version=tls1_2 \
				4906	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
				4907	0 \
				4908	-c "Read from server: 1 bytes read"
				4909
				4910	run_test "Small server packet TLS 1.2 AEAD shorter tag" \
				4911	"$P_SRV response_size=1" \
				4912	"$P_CLI force_version=tls1_2 \
				4913	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
				4914	0 \
				4915	-c "Read from server: 1 bytes read"
				4916
				4917	# Tests for small server packets in DTLS
				4918
				4919	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4920	run_test "Small server packet DTLS 1.0" \
				4921	"$P_SRV dtls=1 response_size=1 force_version=dtls1" \
				4922	"$P_CLI dtls=1 \
				4923	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4924	0 \
				4925	-c "Read from server: 1 bytes read"
				4926
				4927	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4928	run_test "Small server packet DTLS 1.0, without EtM" \
				4929	"$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
				4930	"$P_CLI dtls=1 \
				4931	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4932	0 \
				4933	-c "Read from server: 1 bytes read"
				4934
				4935	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4936	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4937	run_test "Small server packet DTLS 1.0, truncated hmac" \
				4938	"$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
				4939	"$P_CLI dtls=1 trunc_hmac=1 \
				4940	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4941	0 \
				4942	-c "Read from server: 1 bytes read"
				4943
				4944	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4945	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4946	run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
				4947	"$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
				4948	"$P_CLI dtls=1 \
				4949	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
				4950	0 \
				4951	-c "Read from server: 1 bytes read"
				4952
				4953	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4954	run_test "Small server packet DTLS 1.2" \
				4955	"$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
				4956	"$P_CLI dtls=1 \
				4957	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4958	0 \
				4959	-c "Read from server: 1 bytes read"
				4960
				4961	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4962	run_test "Small server packet DTLS 1.2, without EtM" \
				4963	"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
				4964	"$P_CLI dtls=1 \
				4965	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				4966	0 \
				4967	-c "Read from server: 1 bytes read"
				4968
				4969	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4970	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4971	run_test "Small server packet DTLS 1.2, truncated hmac" \
				4972	"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
				4973	"$P_CLI dtls=1 \
				4974	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				4975	0 \
				4976	-c "Read from server: 1 bytes read"
				4977
				4978	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				4979	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				4980	run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
				4981	"$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
				4982	"$P_CLI dtls=1 \
				4983	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
				4984	0 \
				4985	-c "Read from server: 1 bytes read"
				4986
				4987	# A test for extensions in SSLv3
				4988
				4989	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				4990	run_test "SSLv3 with extensions, server side" \
				4991	"$P_SRV min_version=ssl3 debug_level=3" \
				4992	"$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
				4993	0 \
				4994	-S "dumping 'client hello extensions'" \
				4995	-S "server hello, total extension length:"
				4996
				4997	# Test for large client packets
				4998
				4999	# How many fragments do we expect to write $1 bytes?
				5000	fragments_for_write() {
				5001	echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
				5002	}
				5003
				5004	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				5005	run_test "Large client packet SSLv3 BlockCipher" \
				5006	"$P_SRV min_version=ssl3" \
				5007	"$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
				5008	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5009	0 \
				5010	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5011	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5012
				5013	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				5014	run_test "Large client packet SSLv3 StreamCipher" \
				5015	"$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5016	"$P_CLI request_size=16384 force_version=ssl3 \
				5017	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5018	0 \
				5019	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5020	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5021
				5022	run_test "Large client packet TLS 1.0 BlockCipher" \
				5023	"$P_SRV" \
				5024	"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
				5025	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5026	0 \
				5027	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5028	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5029
				5030	run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
				5031	"$P_SRV" \
				5032	"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
				5033	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5034	0 \
				5035	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5036
				5037	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5038	run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
				5039	"$P_SRV trunc_hmac=1" \
				5040	"$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
				5041	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				5042	0 \
				5043	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5044	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5045
				5046	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5047	run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
				5048	"$P_SRV trunc_hmac=1" \
				5049	"$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
				5050	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				5051	0 \
				5052	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5053
				5054	run_test "Large client packet TLS 1.0 StreamCipher" \
				5055	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5056	"$P_CLI request_size=16384 force_version=tls1 \
				5057	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5058	0 \
				5059	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5060
				5061	run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
				5062	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5063	"$P_CLI request_size=16384 force_version=tls1 \
				5064	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5065	0 \
				5066	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5067
				5068	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5069	run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
				5070	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5071	"$P_CLI request_size=16384 force_version=tls1 \
				5072	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5073	0 \
				5074	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5075
				5076	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5077	run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
				5078	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5079	"$P_CLI request_size=16384 force_version=tls1 \
				5080	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5081	0 \
				5082	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5083	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5084
				5085	run_test "Large client packet TLS 1.1 BlockCipher" \
				5086	"$P_SRV" \
				5087	"$P_CLI request_size=16384 force_version=tls1_1 \
				5088	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5089	0 \
				5090	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5091	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5092
				5093	run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
				5094	"$P_SRV" \
				5095	"$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
				5096	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5097	0 \
				5098	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5099
				5100	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5101	run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
				5102	"$P_SRV trunc_hmac=1" \
				5103	"$P_CLI request_size=16384 force_version=tls1_1 \
				5104	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				5105	0 \
				5106	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5107
				5108	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5109	run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
				5110	"$P_SRV trunc_hmac=1" \
				5111	"$P_CLI request_size=16384 force_version=tls1_1 \
				5112	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				5113	0 \
				5114	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5115
				5116	run_test "Large client packet TLS 1.1 StreamCipher" \
				5117	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5118	"$P_CLI request_size=16384 force_version=tls1_1 \
				5119	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5120	0 \
				5121	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5122	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5123
				5124	run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
				5125	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5126	"$P_CLI request_size=16384 force_version=tls1_1 \
				5127	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5128	0 \
				5129	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5130	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5131
				5132	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5133	run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
				5134	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5135	"$P_CLI request_size=16384 force_version=tls1_1 \
				5136	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5137	0 \
				5138	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5139
				5140	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5141	run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
				5142	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5143	"$P_CLI request_size=16384 force_version=tls1_1 \
				5144	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5145	0 \
				5146	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5147	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5148
				5149	run_test "Large client packet TLS 1.2 BlockCipher" \
				5150	"$P_SRV" \
				5151	"$P_CLI request_size=16384 force_version=tls1_2 \
				5152	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5153	0 \
				5154	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5155	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5156
				5157	run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
				5158	"$P_SRV" \
				5159	"$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
				5160	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5161	0 \
				5162	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5163
				5164	run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
				5165	"$P_SRV" \
				5166	"$P_CLI request_size=16384 force_version=tls1_2 \
				5167	force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
				5168	0 \
				5169	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5170	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5171
				5172	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5173	run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
				5174	"$P_SRV trunc_hmac=1" \
				5175	"$P_CLI request_size=16384 force_version=tls1_2 \
				5176	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
				5177	0 \
				5178	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5179
				5180	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5181	run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
				5182	"$P_SRV trunc_hmac=1" \
				5183	"$P_CLI request_size=16384 force_version=tls1_2 \
				5184	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				5185	0 \
				5186	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5187	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5188
				5189	run_test "Large client packet TLS 1.2 StreamCipher" \
				5190	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5191	"$P_CLI request_size=16384 force_version=tls1_2 \
				5192	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5193	0 \
				5194	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5195	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5196
				5197	run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
				5198	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5199	"$P_CLI request_size=16384 force_version=tls1_2 \
				5200	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5201	0 \
				5202	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5203
				5204	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5205	run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
				5206	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5207	"$P_CLI request_size=16384 force_version=tls1_2 \
				5208	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5209	0 \
				5210	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5211
				5212	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5213	run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
				5214	"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5215	"$P_CLI request_size=16384 force_version=tls1_2 \
				5216	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5217	0 \
				5218	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5219	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5220
				5221	run_test "Large client packet TLS 1.2 AEAD" \
				5222	"$P_SRV" \
				5223	"$P_CLI request_size=16384 force_version=tls1_2 \
				5224	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
				5225	0 \
				5226	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5227	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5228
				5229	run_test "Large client packet TLS 1.2 AEAD shorter tag" \
				5230	"$P_SRV" \
				5231	"$P_CLI request_size=16384 force_version=tls1_2 \
				5232	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
				5233	0 \
				5234	-c "16384 bytes written in $(fragments_for_write 16384) fragments" \
				5235	-s "Read from client: $MAX_CONTENT_LEN bytes read"
				5236
				5237	# Test for large server packets
				5238	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				5239	run_test "Large server packet SSLv3 StreamCipher" \
				5240	"$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5241	"$P_CLI force_version=ssl3 \
				5242	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5243	0 \
				5244	-c "Read from server: 16384 bytes read"
				5245
				5246	# Checking next 4 tests logs for 1n-1 split against BEAST too
				5247	requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
				5248	run_test "Large server packet SSLv3 BlockCipher" \
				5249	"$P_SRV response_size=16384 min_version=ssl3" \
				5250	"$P_CLI force_version=ssl3 recsplit=0 \
				5251	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5252	0 \
				5253	-c "Read from server: 1 bytes read"\
				5254	-c "16383 bytes read"\
				5255	-C "Read from server: 16384 bytes read"
				5256
				5257	run_test "Large server packet TLS 1.0 BlockCipher" \
				5258	"$P_SRV response_size=16384" \
				5259	"$P_CLI force_version=tls1 recsplit=0 \
				5260	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5261	0 \
				5262	-c "Read from server: 1 bytes read"\
				5263	-c "16383 bytes read"\
				5264	-C "Read from server: 16384 bytes read"
				5265
				5266	run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
				5267	"$P_SRV response_size=16384" \
				5268	"$P_CLI force_version=tls1 etm=0 recsplit=0 \
				5269	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5270	0 \
				5271	-c "Read from server: 1 bytes read"\
				5272	-c "16383 bytes read"\
				5273	-C "Read from server: 16384 bytes read"
				5274
				5275	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5276	run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
				5277	"$P_SRV response_size=16384" \
				5278	"$P_CLI force_version=tls1 recsplit=0 \
				5279	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
				5280	trunc_hmac=1" \
				5281	0 \
				5282	-c "Read from server: 1 bytes read"\
				5283	-c "16383 bytes read"\
				5284	-C "Read from server: 16384 bytes read"
				5285
				5286	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5287	run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
				5288	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5289	"$P_CLI force_version=tls1 \
				5290	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				5291	trunc_hmac=1" \
				5292	0 \
				5293	-s "16384 bytes written in 1 fragments" \
				5294	-c "Read from server: 16384 bytes read"
				5295
				5296	run_test "Large server packet TLS 1.0 StreamCipher" \
				5297	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5298	"$P_CLI force_version=tls1 \
				5299	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5300	0 \
				5301	-s "16384 bytes written in 1 fragments" \
				5302	-c "Read from server: 16384 bytes read"
				5303
				5304	run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \
				5305	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5306	"$P_CLI force_version=tls1 \
				5307	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5308	0 \
				5309	-s "16384 bytes written in 1 fragments" \
				5310	-c "Read from server: 16384 bytes read"
				5311
				5312	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5313	run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
				5314	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5315	"$P_CLI force_version=tls1 \
				5316	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5317	0 \
				5318	-s "16384 bytes written in 1 fragments" \
				5319	-c "Read from server: 16384 bytes read"
				5320
				5321	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5322	run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
				5323	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5324	"$P_CLI force_version=tls1 \
				5325	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5326	0 \
				5327	-s "16384 bytes written in 1 fragments" \
				5328	-c "Read from server: 16384 bytes read"
				5329
				5330	run_test "Large server packet TLS 1.1 BlockCipher" \
				5331	"$P_SRV response_size=16384" \
				5332	"$P_CLI force_version=tls1_1 \
				5333	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5334	0 \
				5335	-c "Read from server: 16384 bytes read"
				5336
				5337	run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
				5338	"$P_SRV response_size=16384" \
				5339	"$P_CLI force_version=tls1_1 etm=0 \
				5340	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5341	0 \
				5342	-s "16384 bytes written in 1 fragments" \
				5343	-c "Read from server: 16384 bytes read"
				5344
				5345	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5346	run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
				5347	"$P_SRV response_size=16384" \
				5348	"$P_CLI force_version=tls1_1 \
				5349	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
				5350	trunc_hmac=1" \
				5351	0 \
				5352	-c "Read from server: 16384 bytes read"
				5353
				5354	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5355	run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
				5356	"$P_SRV response_size=16384 trunc_hmac=1" \
				5357	"$P_CLI force_version=tls1_1 \
				5358	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				5359	0 \
				5360	-s "16384 bytes written in 1 fragments" \
				5361	-c "Read from server: 16384 bytes read"
				5362
				5363	run_test "Large server packet TLS 1.1 StreamCipher" \
				5364	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5365	"$P_CLI force_version=tls1_1 \
				5366	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5367	0 \
				5368	-c "Read from server: 16384 bytes read"
				5369
				5370	run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \
				5371	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5372	"$P_CLI force_version=tls1_1 \
				5373	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5374	0 \
				5375	-s "16384 bytes written in 1 fragments" \
				5376	-c "Read from server: 16384 bytes read"
				5377
				5378	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5379	run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
				5380	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5381	"$P_CLI force_version=tls1_1 \
				5382	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				5383	trunc_hmac=1" \
				5384	0 \
				5385	-c "Read from server: 16384 bytes read"
				5386
				5387	run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
				5388	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5389	"$P_CLI force_version=tls1_1 \
				5390	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5391	0 \
				5392	-s "16384 bytes written in 1 fragments" \
				5393	-c "Read from server: 16384 bytes read"
				5394
				5395	run_test "Large server packet TLS 1.2 BlockCipher" \
				5396	"$P_SRV response_size=16384" \
				5397	"$P_CLI force_version=tls1_2 \
				5398	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5399	0 \
				5400	-c "Read from server: 16384 bytes read"
				5401
				5402	run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
				5403	"$P_SRV response_size=16384" \
				5404	"$P_CLI force_version=tls1_2 etm=0 \
				5405	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
				5406	0 \
				5407	-s "16384 bytes written in 1 fragments" \
				5408	-c "Read from server: 16384 bytes read"
				5409
				5410	run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
				5411	"$P_SRV response_size=16384" \
				5412	"$P_CLI force_version=tls1_2 \
				5413	force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
				5414	0 \
				5415	-c "Read from server: 16384 bytes read"
				5416
				5417	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5418	run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
				5419	"$P_SRV response_size=16384" \
				5420	"$P_CLI force_version=tls1_2 \
				5421	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
				5422	trunc_hmac=1" \
				5423	0 \
				5424	-c "Read from server: 16384 bytes read"
				5425
				5426	run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
				5427	"$P_SRV response_size=16384 trunc_hmac=1" \
				5428	"$P_CLI force_version=tls1_2 \
				5429	force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
				5430	0 \
				5431	-s "16384 bytes written in 1 fragments" \
				5432	-c "Read from server: 16384 bytes read"
				5433
				5434	run_test "Large server packet TLS 1.2 StreamCipher" \
				5435	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5436	"$P_CLI force_version=tls1_2 \
				5437	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5438	0 \
				5439	-s "16384 bytes written in 1 fragments" \
				5440	-c "Read from server: 16384 bytes read"
				5441
				5442	run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
				5443	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5444	"$P_CLI force_version=tls1_2 \
				5445	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
				5446	0 \
				5447	-s "16384 bytes written in 1 fragments" \
				5448	-c "Read from server: 16384 bytes read"
				5449
				5450	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5451	run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
				5452	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
				5453	"$P_CLI force_version=tls1_2 \
				5454	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
				5455	trunc_hmac=1" \
				5456	0 \
				5457	-c "Read from server: 16384 bytes read"
				5458
				5459	requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
				5460	run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
				5461	"$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
				5462	"$P_CLI force_version=tls1_2 \
				5463	force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
				5464	0 \
				5465	-s "16384 bytes written in 1 fragments" \
				5466	-c "Read from server: 16384 bytes read"
				5467
				5468	run_test "Large server packet TLS 1.2 AEAD" \
				5469	"$P_SRV response_size=16384" \
				5470	"$P_CLI force_version=tls1_2 \
				5471	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
				5472	0 \
				5473	-c "Read from server: 16384 bytes read"
				5474
				5475	run_test "Large server packet TLS 1.2 AEAD shorter tag" \
				5476	"$P_SRV response_size=16384" \
				5477	"$P_CLI force_version=tls1_2 \
				5478	force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
				5479	0 \
				5480	-c "Read from server: 16384 bytes read"
				5481
				5482	# Tests for restartable ECC
				5483
				5484	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5485	run_test "EC restart: TLS, default" \
				5486	"$P_SRV auth_mode=required" \
				5487	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5488	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5489	debug_level=1" \
				5490	0 \
				5491	-C "x509_verify_cert.*4b00" \
				5492	-C "mbedtls_pk_verify.*4b00" \
				5493	-C "mbedtls_ecdh_make_public.*4b00" \
				5494	-C "mbedtls_pk_sign.*4b00"
				5495
				5496	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5497	run_test "EC restart: TLS, max_ops=0" \
				5498	"$P_SRV auth_mode=required" \
				5499	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5500	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5501	debug_level=1 ec_max_ops=0" \
				5502	0 \
				5503	-C "x509_verify_cert.*4b00" \
				5504	-C "mbedtls_pk_verify.*4b00" \
				5505	-C "mbedtls_ecdh_make_public.*4b00" \
				5506	-C "mbedtls_pk_sign.*4b00"
				5507
				5508	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5509	run_test "EC restart: TLS, max_ops=65535" \
				5510	"$P_SRV auth_mode=required" \
				5511	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5512	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5513	debug_level=1 ec_max_ops=65535" \
				5514	0 \
				5515	-C "x509_verify_cert.*4b00" \
				5516	-C "mbedtls_pk_verify.*4b00" \
				5517	-C "mbedtls_ecdh_make_public.*4b00" \
				5518	-C "mbedtls_pk_sign.*4b00"
				5519
				5520	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5521	run_test "EC restart: TLS, max_ops=1000" \
				5522	"$P_SRV auth_mode=required" \
				5523	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5524	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5525	debug_level=1 ec_max_ops=1000" \
				5526	0 \
				5527	-c "x509_verify_cert.*4b00" \
				5528	-c "mbedtls_pk_verify.*4b00" \
				5529	-c "mbedtls_ecdh_make_public.*4b00" \
				5530	-c "mbedtls_pk_sign.*4b00"
				5531
				5532	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5533	run_test "EC restart: TLS, max_ops=1000, badsign" \
				5534	"$P_SRV auth_mode=required \
				5535	crt_file=data_files/server5-badsign.crt \
				5536	key_file=data_files/server5.key" \
				5537	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5538	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5539	debug_level=1 ec_max_ops=1000" \
				5540	1 \
				5541	-c "x509_verify_cert.*4b00" \
				5542	-C "mbedtls_pk_verify.*4b00" \
				5543	-C "mbedtls_ecdh_make_public.*4b00" \
				5544	-C "mbedtls_pk_sign.*4b00" \
				5545	-c "! The certificate is not correctly signed by the trusted CA" \
				5546	-c "! mbedtls_ssl_handshake returned" \
				5547	-c "X509 - Certificate verification failed"
				5548
				5549	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5550	run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
				5551	"$P_SRV auth_mode=required \
				5552	crt_file=data_files/server5-badsign.crt \
				5553	key_file=data_files/server5.key" \
				5554	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5555	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5556	debug_level=1 ec_max_ops=1000 auth_mode=optional" \
				5557	0 \
				5558	-c "x509_verify_cert.*4b00" \
				5559	-c "mbedtls_pk_verify.*4b00" \
				5560	-c "mbedtls_ecdh_make_public.*4b00" \
				5561	-c "mbedtls_pk_sign.*4b00" \
				5562	-c "! The certificate is not correctly signed by the trusted CA" \
				5563	-C "! mbedtls_ssl_handshake returned" \
				5564	-C "X509 - Certificate verification failed"
				5565
				5566	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5567	run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
				5568	"$P_SRV auth_mode=required \
				5569	crt_file=data_files/server5-badsign.crt \
				5570	key_file=data_files/server5.key" \
				5571	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5572	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5573	debug_level=1 ec_max_ops=1000 auth_mode=none" \
				5574	0 \
				5575	-C "x509_verify_cert.*4b00" \
				5576	-c "mbedtls_pk_verify.*4b00" \
				5577	-c "mbedtls_ecdh_make_public.*4b00" \
				5578	-c "mbedtls_pk_sign.*4b00" \
				5579	-C "! The certificate is not correctly signed by the trusted CA" \
				5580	-C "! mbedtls_ssl_handshake returned" \
				5581	-C "X509 - Certificate verification failed"
				5582
				5583	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5584	run_test "EC restart: DTLS, max_ops=1000" \
				5585	"$P_SRV auth_mode=required dtls=1" \
				5586	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5587	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5588	dtls=1 debug_level=1 ec_max_ops=1000" \
				5589	0 \
				5590	-c "x509_verify_cert.*4b00" \
				5591	-c "mbedtls_pk_verify.*4b00" \
				5592	-c "mbedtls_ecdh_make_public.*4b00" \
				5593	-c "mbedtls_pk_sign.*4b00"
				5594
				5595	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5596	run_test "EC restart: TLS, max_ops=1000 no client auth" \
				5597	"$P_SRV" \
				5598	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				5599	debug_level=1 ec_max_ops=1000" \
				5600	0 \
				5601	-c "x509_verify_cert.*4b00" \
				5602	-c "mbedtls_pk_verify.*4b00" \
				5603	-c "mbedtls_ecdh_make_public.*4b00" \
				5604	-C "mbedtls_pk_sign.*4b00"
				5605
				5606	requires_config_enabled MBEDTLS_ECP_RESTARTABLE
				5607	run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
				5608	"$P_SRV psk=abc123" \
				5609	"$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
				5610	psk=abc123 debug_level=1 ec_max_ops=1000" \
				5611	0 \
				5612	-C "x509_verify_cert.*4b00" \
				5613	-C "mbedtls_pk_verify.*4b00" \
				5614	-C "mbedtls_ecdh_make_public.*4b00" \
				5615	-C "mbedtls_pk_sign.*4b00"
				5616
				5617	# Tests of asynchronous private key support in SSL
				5618
				5619	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5620	run_test "SSL async private: sign, delay=0" \
				5621	"$P_SRV \
				5622	async_operations=s async_private_delay1=0 async_private_delay2=0" \
				5623	"$P_CLI" \
				5624	0 \
				5625	-s "Async sign callback: using key slot " \
				5626	-s "Async resume (slot [0-9]): sign done, status=0"
				5627
				5628	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5629	run_test "SSL async private: sign, delay=1" \
				5630	"$P_SRV \
				5631	async_operations=s async_private_delay1=1 async_private_delay2=1" \
				5632	"$P_CLI" \
				5633	0 \
				5634	-s "Async sign callback: using key slot " \
				5635	-s "Async resume (slot [0-9]): call 0 more times." \
				5636	-s "Async resume (slot [0-9]): sign done, status=0"
				5637
				5638	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5639	run_test "SSL async private: sign, delay=2" \
				5640	"$P_SRV \
				5641	async_operations=s async_private_delay1=2 async_private_delay2=2" \
				5642	"$P_CLI" \
				5643	0 \
				5644	-s "Async sign callback: using key slot " \
				5645	-U "Async sign callback: using key slot " \
				5646	-s "Async resume (slot [0-9]): call 1 more times." \
				5647	-s "Async resume (slot [0-9]): call 0 more times." \
				5648	-s "Async resume (slot [0-9]): sign done, status=0"
				5649
				5650	# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
				5651	# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
				5652	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5653	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				5654	run_test "SSL async private: sign, RSA, TLS 1.1" \
				5655	"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
				5656	async_operations=s async_private_delay1=0 async_private_delay2=0" \
				5657	"$P_CLI force_version=tls1_1" \
				5658	0 \
				5659	-s "Async sign callback: using key slot " \
				5660	-s "Async resume (slot [0-9]): sign done, status=0"
				5661
				5662	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5663	run_test "SSL async private: sign, SNI" \
				5664	"$P_SRV debug_level=3 \
				5665	async_operations=s async_private_delay1=0 async_private_delay2=0 \
				5666	crt_file=data_files/server5.crt key_file=data_files/server5.key \
				5667	sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
				5668	"$P_CLI server_name=polarssl.example" \
				5669	0 \
				5670	-s "Async sign callback: using key slot " \
				5671	-s "Async resume (slot [0-9]): sign done, status=0" \
				5672	-s "parse ServerName extension" \
				5673	-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
				5674	-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
				5675
				5676	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5677	run_test "SSL async private: decrypt, delay=0" \
				5678	"$P_SRV \
				5679	async_operations=d async_private_delay1=0 async_private_delay2=0" \
				5680	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5681	0 \
				5682	-s "Async decrypt callback: using key slot " \
				5683	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5684
				5685	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5686	run_test "SSL async private: decrypt, delay=1" \
				5687	"$P_SRV \
				5688	async_operations=d async_private_delay1=1 async_private_delay2=1" \
				5689	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5690	0 \
				5691	-s "Async decrypt callback: using key slot " \
				5692	-s "Async resume (slot [0-9]): call 0 more times." \
				5693	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5694
				5695	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5696	run_test "SSL async private: decrypt RSA-PSK, delay=0" \
				5697	"$P_SRV psk=abc123 \
				5698	async_operations=d async_private_delay1=0 async_private_delay2=0" \
				5699	"$P_CLI psk=abc123 \
				5700	force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
				5701	0 \
				5702	-s "Async decrypt callback: using key slot " \
				5703	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5704
				5705	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5706	run_test "SSL async private: decrypt RSA-PSK, delay=1" \
				5707	"$P_SRV psk=abc123 \
				5708	async_operations=d async_private_delay1=1 async_private_delay2=1" \
				5709	"$P_CLI psk=abc123 \
				5710	force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
				5711	0 \
				5712	-s "Async decrypt callback: using key slot " \
				5713	-s "Async resume (slot [0-9]): call 0 more times." \
				5714	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5715
				5716	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5717	run_test "SSL async private: sign callback not present" \
				5718	"$P_SRV \
				5719	async_operations=d async_private_delay1=1 async_private_delay2=1" \
				5720	"$P_CLI; [ \$? -eq 1 ] &&
				5721	$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5722	0 \
				5723	-S "Async sign callback" \
				5724	-s "! mbedtls_ssl_handshake returned" \
				5725	-s "The own private key or pre-shared key is not set, but needed" \
				5726	-s "Async resume (slot [0-9]): decrypt done, status=0" \
				5727	-s "Successful connection"
				5728
				5729	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5730	run_test "SSL async private: decrypt callback not present" \
				5731	"$P_SRV debug_level=1 \
				5732	async_operations=s async_private_delay1=1 async_private_delay2=1" \
				5733	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA;
				5734	[ \$? -eq 1 ] && $P_CLI" \
				5735	0 \
				5736	-S "Async decrypt callback" \
				5737	-s "! mbedtls_ssl_handshake returned" \
				5738	-s "got no RSA private key" \
				5739	-s "Async resume (slot [0-9]): sign done, status=0" \
				5740	-s "Successful connection"
				5741
				5742	# key1: ECDSA, key2: RSA; use key1 from slot 0
				5743	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5744	run_test "SSL async private: slot 0 used with key1" \
				5745	"$P_SRV \
				5746	async_operations=s async_private_delay1=1 \
				5747	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5748	key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
				5749	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
				5750	0 \
				5751	-s "Async sign callback: using key slot 0," \
				5752	-s "Async resume (slot 0): call 0 more times." \
				5753	-s "Async resume (slot 0): sign done, status=0"
				5754
				5755	# key1: ECDSA, key2: RSA; use key2 from slot 0
				5756	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5757	run_test "SSL async private: slot 0 used with key2" \
				5758	"$P_SRV \
				5759	async_operations=s async_private_delay2=1 \
				5760	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5761	key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
				5762	"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
				5763	0 \
				5764	-s "Async sign callback: using key slot 0," \
				5765	-s "Async resume (slot 0): call 0 more times." \
				5766	-s "Async resume (slot 0): sign done, status=0"
				5767
				5768	# key1: ECDSA, key2: RSA; use key2 from slot 1
				5769	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5770	run_test "SSL async private: slot 1 used with key2" \
				5771	"$P_SRV \
				5772	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5773	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5774	key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
				5775	"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
				5776	0 \
				5777	-s "Async sign callback: using key slot 1," \
				5778	-s "Async resume (slot 1): call 0 more times." \
				5779	-s "Async resume (slot 1): sign done, status=0"
				5780
				5781	# key1: ECDSA, key2: RSA; use key2 directly
				5782	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5783	run_test "SSL async private: fall back to transparent key" \
				5784	"$P_SRV \
				5785	async_operations=s async_private_delay1=1 \
				5786	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5787	key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
				5788	"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
				5789	0 \
				5790	-s "Async sign callback: no key matches this certificate."
				5791
				5792	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5793	run_test "SSL async private: sign, error in start" \
				5794	"$P_SRV \
				5795	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5796	async_private_error=1" \
				5797	"$P_CLI" \
				5798	1 \
				5799	-s "Async sign callback: injected error" \
				5800	-S "Async resume" \
				5801	-S "Async cancel" \
				5802	-s "! mbedtls_ssl_handshake returned"
				5803
				5804	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5805	run_test "SSL async private: sign, cancel after start" \
				5806	"$P_SRV \
				5807	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5808	async_private_error=2" \
				5809	"$P_CLI" \
				5810	1 \
				5811	-s "Async sign callback: using key slot " \
				5812	-S "Async resume" \
				5813	-s "Async cancel"
				5814
				5815	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5816	run_test "SSL async private: sign, error in resume" \
				5817	"$P_SRV \
				5818	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5819	async_private_error=3" \
				5820	"$P_CLI" \
				5821	1 \
				5822	-s "Async sign callback: using key slot " \
				5823	-s "Async resume callback: sign done but injected error" \
				5824	-S "Async cancel" \
				5825	-s "! mbedtls_ssl_handshake returned"
				5826
				5827	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5828	run_test "SSL async private: decrypt, error in start" \
				5829	"$P_SRV \
				5830	async_operations=d async_private_delay1=1 async_private_delay2=1 \
				5831	async_private_error=1" \
				5832	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5833	1 \
				5834	-s "Async decrypt callback: injected error" \
				5835	-S "Async resume" \
				5836	-S "Async cancel" \
				5837	-s "! mbedtls_ssl_handshake returned"
				5838
				5839	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5840	run_test "SSL async private: decrypt, cancel after start" \
				5841	"$P_SRV \
				5842	async_operations=d async_private_delay1=1 async_private_delay2=1 \
				5843	async_private_error=2" \
				5844	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5845	1 \
				5846	-s "Async decrypt callback: using key slot " \
				5847	-S "Async resume" \
				5848	-s "Async cancel"
				5849
				5850	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5851	run_test "SSL async private: decrypt, error in resume" \
				5852	"$P_SRV \
				5853	async_operations=d async_private_delay1=1 async_private_delay2=1 \
				5854	async_private_error=3" \
				5855	"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5856	1 \
				5857	-s "Async decrypt callback: using key slot " \
				5858	-s "Async resume callback: decrypt done but injected error" \
				5859	-S "Async cancel" \
				5860	-s "! mbedtls_ssl_handshake returned"
				5861
				5862	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5863	run_test "SSL async private: cancel after start then operate correctly" \
				5864	"$P_SRV \
				5865	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5866	async_private_error=-2" \
				5867	"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
				5868	0 \
				5869	-s "Async cancel" \
				5870	-s "! mbedtls_ssl_handshake returned" \
				5871	-s "Async resume" \
				5872	-s "Successful connection"
				5873
				5874	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5875	run_test "SSL async private: error in resume then operate correctly" \
				5876	"$P_SRV \
				5877	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5878	async_private_error=-3" \
				5879	"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
				5880	0 \
				5881	-s "! mbedtls_ssl_handshake returned" \
				5882	-s "Async resume" \
				5883	-s "Successful connection"
				5884
				5885	# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
				5886	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5887	run_test "SSL async private: cancel after start then fall back to transparent key" \
				5888	"$P_SRV \
				5889	async_operations=s async_private_delay1=1 async_private_error=-2 \
				5890	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5891	key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
				5892	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
				5893	[ \$? -eq 1 ] &&
				5894	$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
				5895	0 \
				5896	-s "Async sign callback: using key slot 0" \
				5897	-S "Async resume" \
				5898	-s "Async cancel" \
				5899	-s "! mbedtls_ssl_handshake returned" \
				5900	-s "Async sign callback: no key matches this certificate." \
				5901	-s "Successful connection"
				5902
				5903	# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
				5904	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5905	run_test "SSL async private: sign, error in resume then fall back to transparent key" \
				5906	"$P_SRV \
				5907	async_operations=s async_private_delay1=1 async_private_error=-3 \
				5908	key_file=data_files/server5.key crt_file=data_files/server5.crt \
				5909	key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
				5910	"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
				5911	[ \$? -eq 1 ] &&
				5912	$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
				5913	0 \
				5914	-s "Async resume" \
				5915	-s "! mbedtls_ssl_handshake returned" \
				5916	-s "Async sign callback: no key matches this certificate." \
				5917	-s "Successful connection"
				5918
				5919	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5920	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				5921	run_test "SSL async private: renegotiation: client-initiated; sign" \
				5922	"$P_SRV \
				5923	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5924	exchanges=2 renegotiation=1" \
				5925	"$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
				5926	0 \
				5927	-s "Async sign callback: using key slot " \
				5928	-s "Async resume (slot [0-9]): sign done, status=0"
				5929
				5930	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5931	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				5932	run_test "SSL async private: renegotiation: server-initiated; sign" \
				5933	"$P_SRV \
				5934	async_operations=s async_private_delay1=1 async_private_delay2=1 \
				5935	exchanges=2 renegotiation=1 renegotiate=1" \
				5936	"$P_CLI exchanges=2 renegotiation=1" \
				5937	0 \
				5938	-s "Async sign callback: using key slot " \
				5939	-s "Async resume (slot [0-9]): sign done, status=0"
				5940
				5941	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5942	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				5943	run_test "SSL async private: renegotiation: client-initiated; decrypt" \
				5944	"$P_SRV \
				5945	async_operations=d async_private_delay1=1 async_private_delay2=1 \
				5946	exchanges=2 renegotiation=1" \
				5947	"$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \
				5948	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5949	0 \
				5950	-s "Async decrypt callback: using key slot " \
				5951	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5952
				5953	requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
				5954	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				5955	run_test "SSL async private: renegotiation: server-initiated; decrypt" \
				5956	"$P_SRV \
				5957	async_operations=d async_private_delay1=1 async_private_delay2=1 \
				5958	exchanges=2 renegotiation=1 renegotiate=1" \
				5959	"$P_CLI exchanges=2 renegotiation=1 \
				5960	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				5961	0 \
				5962	-s "Async decrypt callback: using key slot " \
				5963	-s "Async resume (slot [0-9]): decrypt done, status=0"
				5964
				5965	# Tests for ECC extensions (rfc 4492)
				5966
				5967	requires_config_enabled MBEDTLS_AES_C
				5968	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				5969	requires_config_enabled MBEDTLS_SHA256_C
				5970	requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
				5971	run_test "Force a non ECC ciphersuite in the client side" \
				5972	"$P_SRV debug_level=3" \
				5973	"$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
				5974	0 \
				5975	-C "client hello, adding supported_elliptic_curves extension" \
				5976	-C "client hello, adding supported_point_formats extension" \
				5977	-S "found supported elliptic curves extension" \
				5978	-S "found supported point formats extension"
				5979
				5980	requires_config_enabled MBEDTLS_AES_C
				5981	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				5982	requires_config_enabled MBEDTLS_SHA256_C
				5983	requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
				5984	run_test "Force a non ECC ciphersuite in the server side" \
				5985	"$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
				5986	"$P_CLI debug_level=3" \
				5987	0 \
				5988	-C "found supported_point_formats extension" \
				5989	-S "server hello, supported_point_formats extension"
				5990
				5991	requires_config_enabled MBEDTLS_AES_C
				5992	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				5993	requires_config_enabled MBEDTLS_SHA256_C
				5994	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
				5995	run_test "Force an ECC ciphersuite in the client side" \
				5996	"$P_SRV debug_level=3" \
				5997	"$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
				5998	0 \
				5999	-c "client hello, adding supported_elliptic_curves extension" \
				6000	-c "client hello, adding supported_point_formats extension" \
				6001	-s "found supported elliptic curves extension" \
				6002	-s "found supported point formats extension"
				6003
				6004	requires_config_enabled MBEDTLS_AES_C
				6005	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				6006	requires_config_enabled MBEDTLS_SHA256_C
				6007	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
				6008	run_test "Force an ECC ciphersuite in the server side" \
				6009	"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
				6010	"$P_CLI debug_level=3" \
				6011	0 \
				6012	-c "found supported_point_formats extension" \
				6013	-s "server hello, supported_point_formats extension"
				6014
				6015	# Tests for DTLS HelloVerifyRequest
				6016
				6017	run_test "DTLS cookie: enabled" \
				6018	"$P_SRV dtls=1 debug_level=2" \
				6019	"$P_CLI dtls=1 debug_level=2" \
				6020	0 \
				6021	-s "cookie verification failed" \
				6022	-s "cookie verification passed" \
				6023	-S "cookie verification skipped" \
				6024	-c "received hello verify request" \
				6025	-s "hello verification requested" \
				6026	-S "SSL - The requested feature is not available"
				6027
				6028	run_test "DTLS cookie: disabled" \
				6029	"$P_SRV dtls=1 debug_level=2 cookies=0" \
				6030	"$P_CLI dtls=1 debug_level=2" \
				6031	0 \
				6032	-S "cookie verification failed" \
				6033	-S "cookie verification passed" \
				6034	-s "cookie verification skipped" \
				6035	-C "received hello verify request" \
				6036	-S "hello verification requested" \
				6037	-S "SSL - The requested feature is not available"
				6038
				6039	run_test "DTLS cookie: default (failing)" \
				6040	"$P_SRV dtls=1 debug_level=2 cookies=-1" \
				6041	"$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
				6042	1 \
				6043	-s "cookie verification failed" \
				6044	-S "cookie verification passed" \
				6045	-S "cookie verification skipped" \
				6046	-C "received hello verify request" \
				6047	-S "hello verification requested" \
				6048	-s "SSL - The requested feature is not available"
				6049
				6050	requires_ipv6
				6051	run_test "DTLS cookie: enabled, IPv6" \
				6052	"$P_SRV dtls=1 debug_level=2 server_addr=::1" \
				6053	"$P_CLI dtls=1 debug_level=2 server_addr=::1" \
				6054	0 \
				6055	-s "cookie verification failed" \
				6056	-s "cookie verification passed" \
				6057	-S "cookie verification skipped" \
				6058	-c "received hello verify request" \
				6059	-s "hello verification requested" \
				6060	-S "SSL - The requested feature is not available"
				6061
				6062	run_test "DTLS cookie: enabled, nbio" \
				6063	"$P_SRV dtls=1 nbio=2 debug_level=2" \
				6064	"$P_CLI dtls=1 nbio=2 debug_level=2" \
				6065	0 \
				6066	-s "cookie verification failed" \
				6067	-s "cookie verification passed" \
				6068	-S "cookie verification skipped" \
				6069	-c "received hello verify request" \
				6070	-s "hello verification requested" \
				6071	-S "SSL - The requested feature is not available"
				6072
				6073	# Tests for client reconnecting from the same port with DTLS
				6074
				6075	not_with_valgrind # spurious resend
				6076	run_test "DTLS client reconnect from same port: reference" \
				6077	"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
				6078	"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
				6079	0 \
				6080	-C "resend" \
				6081	-S "The operation timed out" \
				6082	-S "Client initiated reconnection from same port"
				6083
				6084	not_with_valgrind # spurious resend
				6085	run_test "DTLS client reconnect from same port: reconnect" \
				6086	"$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
				6087	"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
				6088	0 \
				6089	-C "resend" \
				6090	-S "The operation timed out" \
				6091	-s "Client initiated reconnection from same port"
				6092
				6093	not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
				6094	run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
				6095	"$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
				6096	"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
				6097	0 \
				6098	-S "The operation timed out" \
				6099	-s "Client initiated reconnection from same port"
				6100
				6101	only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
				6102	run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
				6103	"$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
				6104	"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
				6105	0 \
				6106	-S "The operation timed out" \
				6107	-s "Client initiated reconnection from same port"
				6108
				6109	run_test "DTLS client reconnect from same port: no cookies" \
				6110	"$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
				6111	"$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
				6112	0 \
				6113	-s "The operation timed out" \
				6114	-S "Client initiated reconnection from same port"
				6115
				6116	# Tests for various cases of client authentication with DTLS
				6117	# (focused on handshake flows and message parsing)
				6118
				6119	run_test "DTLS client auth: required" \
				6120	"$P_SRV dtls=1 auth_mode=required" \
				6121	"$P_CLI dtls=1" \
				6122	0 \
				6123	-s "Verifying peer X.509 certificate... ok"
				6124
				6125	run_test "DTLS client auth: optional, client has no cert" \
				6126	"$P_SRV dtls=1 auth_mode=optional" \
				6127	"$P_CLI dtls=1 crt_file=none key_file=none" \
				6128	0 \
				6129	-s "! Certificate was missing"
				6130
				6131	run_test "DTLS client auth: none, client has no cert" \
				6132	"$P_SRV dtls=1 auth_mode=none" \
				6133	"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
				6134	0 \
				6135	-c "skip write certificate$" \
				6136	-s "! Certificate verification was skipped"
				6137
				6138	run_test "DTLS wrong PSK: badmac alert" \
				6139	"$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
				6140	"$P_CLI dtls=1 psk=abc124" \
				6141	1 \
				6142	-s "SSL - Verification of the message MAC failed" \
				6143	-c "SSL - A fatal alert message was received from our peer"
				6144
				6145	# Tests for receiving fragmented handshake messages with DTLS
				6146
				6147	requires_gnutls
				6148	run_test "DTLS reassembly: no fragmentation (gnutls server)" \
				6149	"$G_SRV -u --mtu 2048 -a" \
				6150	"$P_CLI dtls=1 debug_level=2" \
				6151	0 \
				6152	-C "found fragmented DTLS handshake message" \
				6153	-C "error"
				6154
				6155	requires_gnutls
				6156	run_test "DTLS reassembly: some fragmentation (gnutls server)" \
				6157	"$G_SRV -u --mtu 512" \
				6158	"$P_CLI dtls=1 debug_level=2" \
				6159	0 \
				6160	-c "found fragmented DTLS handshake message" \
				6161	-C "error"
				6162
				6163	requires_gnutls
				6164	run_test "DTLS reassembly: more fragmentation (gnutls server)" \
				6165	"$G_SRV -u --mtu 128" \
				6166	"$P_CLI dtls=1 debug_level=2" \
				6167	0 \
				6168	-c "found fragmented DTLS handshake message" \
				6169	-C "error"
				6170
				6171	requires_gnutls
				6172	run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
				6173	"$G_SRV -u --mtu 128" \
				6174	"$P_CLI dtls=1 nbio=2 debug_level=2" \
				6175	0 \
				6176	-c "found fragmented DTLS handshake message" \
				6177	-C "error"
				6178
				6179	requires_gnutls
				6180	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6181	run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
				6182	"$G_SRV -u --mtu 256" \
				6183	"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
				6184	0 \
				6185	-c "found fragmented DTLS handshake message" \
				6186	-c "client hello, adding renegotiation extension" \
				6187	-c "found renegotiation extension" \
				6188	-c "=> renegotiate" \
				6189	-C "mbedtls_ssl_handshake returned" \
				6190	-C "error" \
				6191	-s "Extra-header:"
				6192
				6193	requires_gnutls
				6194	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6195	run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
				6196	"$G_SRV -u --mtu 256" \
				6197	"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
				6198	0 \
				6199	-c "found fragmented DTLS handshake message" \
				6200	-c "client hello, adding renegotiation extension" \
				6201	-c "found renegotiation extension" \
				6202	-c "=> renegotiate" \
				6203	-C "mbedtls_ssl_handshake returned" \
				6204	-C "error" \
				6205	-s "Extra-header:"
				6206
				6207	run_test "DTLS reassembly: no fragmentation (openssl server)" \
				6208	"$O_SRV -dtls1 -mtu 2048" \
				6209	"$P_CLI dtls=1 debug_level=2" \
				6210	0 \
				6211	-C "found fragmented DTLS handshake message" \
				6212	-C "error"
				6213
				6214	run_test "DTLS reassembly: some fragmentation (openssl server)" \
				6215	"$O_SRV -dtls1 -mtu 768" \
				6216	"$P_CLI dtls=1 debug_level=2" \
				6217	0 \
				6218	-c "found fragmented DTLS handshake message" \
				6219	-C "error"
				6220
				6221	run_test "DTLS reassembly: more fragmentation (openssl server)" \
				6222	"$O_SRV -dtls1 -mtu 256" \
				6223	"$P_CLI dtls=1 debug_level=2" \
				6224	0 \
				6225	-c "found fragmented DTLS handshake message" \
				6226	-C "error"
				6227
				6228	run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
				6229	"$O_SRV -dtls1 -mtu 256" \
				6230	"$P_CLI dtls=1 nbio=2 debug_level=2" \
				6231	0 \
				6232	-c "found fragmented DTLS handshake message" \
				6233	-C "error"
				6234
				6235	# Tests for sending fragmented handshake messages with DTLS
				6236	#
				6237	# Use client auth when we need the client to send large messages,
				6238	# and use large cert chains on both sides too (the long chains we have all use
				6239	# both RSA and ECDSA, but ideally we should have long chains with either).
				6240	# Sizes reached (UDP payload):
				6241	# - 2037B for server certificate
				6242	# - 1542B for client certificate
				6243	# - 1013B for newsessionticket
				6244	# - all others below 512B
				6245	# All those tests assume MAX_CONTENT_LEN is at least 2048
				6246
				6247	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6248	requires_config_enabled MBEDTLS_RSA_C
				6249	requires_config_enabled MBEDTLS_ECDSA_C
				6250	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6251	run_test "DTLS fragmenting: none (for reference)" \
				6252	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6253	crt_file=data_files/server7_int-ca.crt \
				6254	key_file=data_files/server7.key \
				6255	hs_timeout=2500-60000 \
				6256	max_frag_len=4096" \
				6257	"$P_CLI dtls=1 debug_level=2 \
				6258	crt_file=data_files/server8_int-ca2.crt \
				6259	key_file=data_files/server8.key \
				6260	hs_timeout=2500-60000 \
				6261	max_frag_len=4096" \
				6262	0 \
				6263	-S "found fragmented DTLS handshake message" \
				6264	-C "found fragmented DTLS handshake message" \
				6265	-C "error"
				6266
				6267	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6268	requires_config_enabled MBEDTLS_RSA_C
				6269	requires_config_enabled MBEDTLS_ECDSA_C
				6270	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6271	run_test "DTLS fragmenting: server only (max_frag_len)" \
				6272	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6273	crt_file=data_files/server7_int-ca.crt \
				6274	key_file=data_files/server7.key \
				6275	hs_timeout=2500-60000 \
				6276	max_frag_len=1024" \
				6277	"$P_CLI dtls=1 debug_level=2 \
				6278	crt_file=data_files/server8_int-ca2.crt \
				6279	key_file=data_files/server8.key \
				6280	hs_timeout=2500-60000 \
				6281	max_frag_len=2048" \
				6282	0 \
				6283	-S "found fragmented DTLS handshake message" \
				6284	-c "found fragmented DTLS handshake message" \
				6285	-C "error"
				6286
				6287	# With the MFL extension, the server has no way of forcing
				6288	# the client to not exceed a certain MTU; hence, the following
				6289	# test can't be replicated with an MTU proxy such as the one
				6290	# `client-initiated, server only (max_frag_len)` below.
				6291	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6292	requires_config_enabled MBEDTLS_RSA_C
				6293	requires_config_enabled MBEDTLS_ECDSA_C
				6294	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6295	run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
				6296	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6297	crt_file=data_files/server7_int-ca.crt \
				6298	key_file=data_files/server7.key \
				6299	hs_timeout=2500-60000 \
				6300	max_frag_len=512" \
				6301	"$P_CLI dtls=1 debug_level=2 \
				6302	crt_file=data_files/server8_int-ca2.crt \
				6303	key_file=data_files/server8.key \
				6304	hs_timeout=2500-60000 \
				6305	max_frag_len=4096" \
				6306	0 \
				6307	-S "found fragmented DTLS handshake message" \
				6308	-c "found fragmented DTLS handshake message" \
				6309	-C "error"
				6310
				6311	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6312	requires_config_enabled MBEDTLS_RSA_C
				6313	requires_config_enabled MBEDTLS_ECDSA_C
				6314	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6315	run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
				6316	"$P_SRV dtls=1 debug_level=2 auth_mode=none \
				6317	crt_file=data_files/server7_int-ca.crt \
				6318	key_file=data_files/server7.key \
				6319	hs_timeout=2500-60000 \
				6320	max_frag_len=2048" \
				6321	"$P_CLI dtls=1 debug_level=2 \
				6322	crt_file=data_files/server8_int-ca2.crt \
				6323	key_file=data_files/server8.key \
				6324	hs_timeout=2500-60000 \
				6325	max_frag_len=1024" \
				6326	0 \
				6327	-S "found fragmented DTLS handshake message" \
				6328	-c "found fragmented DTLS handshake message" \
				6329	-C "error"
				6330
				6331	# While not required by the standard defining the MFL extension
				6332	# (according to which it only applies to records, not to datagrams),
				6333	# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
				6334	# as otherwise there wouldn't be any means to communicate MTU restrictions
				6335	# to the peer.
				6336	# The next test checks that no datagrams significantly larger than the
				6337	# negotiated MFL are sent.
				6338	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6339	requires_config_enabled MBEDTLS_RSA_C
				6340	requires_config_enabled MBEDTLS_ECDSA_C
				6341	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6342	run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
				6343	-p "$P_PXY mtu=1110" \
				6344	"$P_SRV dtls=1 debug_level=2 auth_mode=none \
				6345	crt_file=data_files/server7_int-ca.crt \
				6346	key_file=data_files/server7.key \
				6347	hs_timeout=2500-60000 \
				6348	max_frag_len=2048" \
				6349	"$P_CLI dtls=1 debug_level=2 \
				6350	crt_file=data_files/server8_int-ca2.crt \
				6351	key_file=data_files/server8.key \
				6352	hs_timeout=2500-60000 \
				6353	max_frag_len=1024" \
				6354	0 \
				6355	-S "found fragmented DTLS handshake message" \
				6356	-c "found fragmented DTLS handshake message" \
				6357	-C "error"
				6358
				6359	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6360	requires_config_enabled MBEDTLS_RSA_C
				6361	requires_config_enabled MBEDTLS_ECDSA_C
				6362	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6363	run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
				6364	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6365	crt_file=data_files/server7_int-ca.crt \
				6366	key_file=data_files/server7.key \
				6367	hs_timeout=2500-60000 \
				6368	max_frag_len=2048" \
				6369	"$P_CLI dtls=1 debug_level=2 \
				6370	crt_file=data_files/server8_int-ca2.crt \
				6371	key_file=data_files/server8.key \
				6372	hs_timeout=2500-60000 \
				6373	max_frag_len=1024" \
				6374	0 \
				6375	-s "found fragmented DTLS handshake message" \
				6376	-c "found fragmented DTLS handshake message" \
				6377	-C "error"
				6378
				6379	# While not required by the standard defining the MFL extension
				6380	# (according to which it only applies to records, not to datagrams),
				6381	# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
				6382	# as otherwise there wouldn't be any means to communicate MTU restrictions
				6383	# to the peer.
				6384	# The next test checks that no datagrams significantly larger than the
				6385	# negotiated MFL are sent.
				6386	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6387	requires_config_enabled MBEDTLS_RSA_C
				6388	requires_config_enabled MBEDTLS_ECDSA_C
				6389	requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
				6390	run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
				6391	-p "$P_PXY mtu=1110" \
				6392	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6393	crt_file=data_files/server7_int-ca.crt \
				6394	key_file=data_files/server7.key \
				6395	hs_timeout=2500-60000 \
				6396	max_frag_len=2048" \
				6397	"$P_CLI dtls=1 debug_level=2 \
				6398	crt_file=data_files/server8_int-ca2.crt \
				6399	key_file=data_files/server8.key \
				6400	hs_timeout=2500-60000 \
				6401	max_frag_len=1024" \
				6402	0 \
				6403	-s "found fragmented DTLS handshake message" \
				6404	-c "found fragmented DTLS handshake message" \
				6405	-C "error"
				6406
				6407	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6408	requires_config_enabled MBEDTLS_RSA_C
				6409	requires_config_enabled MBEDTLS_ECDSA_C
				6410	run_test "DTLS fragmenting: none (for reference) (MTU)" \
				6411	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6412	crt_file=data_files/server7_int-ca.crt \
				6413	key_file=data_files/server7.key \
				6414	hs_timeout=2500-60000 \
				6415	mtu=4096" \
				6416	"$P_CLI dtls=1 debug_level=2 \
				6417	crt_file=data_files/server8_int-ca2.crt \
				6418	key_file=data_files/server8.key \
				6419	hs_timeout=2500-60000 \
				6420	mtu=4096" \
				6421	0 \
				6422	-S "found fragmented DTLS handshake message" \
				6423	-C "found fragmented DTLS handshake message" \
				6424	-C "error"
				6425
				6426	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6427	requires_config_enabled MBEDTLS_RSA_C
				6428	requires_config_enabled MBEDTLS_ECDSA_C
				6429	run_test "DTLS fragmenting: client (MTU)" \
				6430	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6431	crt_file=data_files/server7_int-ca.crt \
				6432	key_file=data_files/server7.key \
				6433	hs_timeout=3500-60000 \
				6434	mtu=4096" \
				6435	"$P_CLI dtls=1 debug_level=2 \
				6436	crt_file=data_files/server8_int-ca2.crt \
				6437	key_file=data_files/server8.key \
				6438	hs_timeout=3500-60000 \
				6439	mtu=1024" \
				6440	0 \
				6441	-s "found fragmented DTLS handshake message" \
				6442	-C "found fragmented DTLS handshake message" \
				6443	-C "error"
				6444
				6445	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6446	requires_config_enabled MBEDTLS_RSA_C
				6447	requires_config_enabled MBEDTLS_ECDSA_C
				6448	run_test "DTLS fragmenting: server (MTU)" \
				6449	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6450	crt_file=data_files/server7_int-ca.crt \
				6451	key_file=data_files/server7.key \
				6452	hs_timeout=2500-60000 \
				6453	mtu=512" \
				6454	"$P_CLI dtls=1 debug_level=2 \
				6455	crt_file=data_files/server8_int-ca2.crt \
				6456	key_file=data_files/server8.key \
				6457	hs_timeout=2500-60000 \
				6458	mtu=2048" \
				6459	0 \
				6460	-S "found fragmented DTLS handshake message" \
				6461	-c "found fragmented DTLS handshake message" \
				6462	-C "error"
				6463
				6464	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6465	requires_config_enabled MBEDTLS_RSA_C
				6466	requires_config_enabled MBEDTLS_ECDSA_C
				6467	run_test "DTLS fragmenting: both (MTU=1024)" \
				6468	-p "$P_PXY mtu=1024" \
				6469	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6470	crt_file=data_files/server7_int-ca.crt \
				6471	key_file=data_files/server7.key \
				6472	hs_timeout=2500-60000 \
				6473	mtu=1024" \
				6474	"$P_CLI dtls=1 debug_level=2 \
				6475	crt_file=data_files/server8_int-ca2.crt \
				6476	key_file=data_files/server8.key \
				6477	hs_timeout=2500-60000 \
				6478	mtu=1024" \
				6479	0 \
				6480	-s "found fragmented DTLS handshake message" \
				6481	-c "found fragmented DTLS handshake message" \
				6482	-C "error"
				6483
				6484	# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
				6485	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6486	requires_config_enabled MBEDTLS_RSA_C
				6487	requires_config_enabled MBEDTLS_ECDSA_C
				6488	requires_config_enabled MBEDTLS_SHA256_C
				6489	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6490	requires_config_enabled MBEDTLS_AES_C
				6491	requires_config_enabled MBEDTLS_GCM_C
				6492	run_test "DTLS fragmenting: both (MTU=512)" \
				6493	-p "$P_PXY mtu=512" \
				6494	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6495	crt_file=data_files/server7_int-ca.crt \
				6496	key_file=data_files/server7.key \
				6497	hs_timeout=2500-60000 \
				6498	mtu=512" \
				6499	"$P_CLI dtls=1 debug_level=2 \
				6500	crt_file=data_files/server8_int-ca2.crt \
				6501	key_file=data_files/server8.key \
				6502	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6503	hs_timeout=2500-60000 \
				6504	mtu=512" \
				6505	0 \
				6506	-s "found fragmented DTLS handshake message" \
				6507	-c "found fragmented DTLS handshake message" \
				6508	-C "error"
				6509
				6510	# Test for automatic MTU reduction on repeated resend.
				6511	# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
				6512	# The ratio of max/min timeout should ideally equal 4 to accept two
				6513	# retransmissions, but in some cases (like both the server and client using
				6514	# fragmentation and auto-reduction) an extra retransmission might occur,
				6515	# hence the ratio of 8.
				6516	not_with_valgrind
				6517	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6518	requires_config_enabled MBEDTLS_RSA_C
				6519	requires_config_enabled MBEDTLS_ECDSA_C
				6520	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6521	requires_config_enabled MBEDTLS_AES_C
				6522	requires_config_enabled MBEDTLS_GCM_C
				6523	run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
				6524	-p "$P_PXY mtu=508" \
				6525	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6526	crt_file=data_files/server7_int-ca.crt \
				6527	key_file=data_files/server7.key \
				6528	hs_timeout=400-3200" \
				6529	"$P_CLI dtls=1 debug_level=2 \
				6530	crt_file=data_files/server8_int-ca2.crt \
				6531	key_file=data_files/server8.key \
				6532	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6533	hs_timeout=400-3200" \
				6534	0 \
				6535	-s "found fragmented DTLS handshake message" \
				6536	-c "found fragmented DTLS handshake message" \
				6537	-C "error"
				6538
				6539	# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
				6540	only_with_valgrind
				6541	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6542	requires_config_enabled MBEDTLS_RSA_C
				6543	requires_config_enabled MBEDTLS_ECDSA_C
				6544	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6545	requires_config_enabled MBEDTLS_AES_C
				6546	requires_config_enabled MBEDTLS_GCM_C
				6547	run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
				6548	-p "$P_PXY mtu=508" \
				6549	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6550	crt_file=data_files/server7_int-ca.crt \
				6551	key_file=data_files/server7.key \
				6552	hs_timeout=250-10000" \
				6553	"$P_CLI dtls=1 debug_level=2 \
				6554	crt_file=data_files/server8_int-ca2.crt \
				6555	key_file=data_files/server8.key \
				6556	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6557	hs_timeout=250-10000" \
				6558	0 \
				6559	-s "found fragmented DTLS handshake message" \
				6560	-c "found fragmented DTLS handshake message" \
				6561	-C "error"
				6562
				6563	# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
				6564	# OTOH the client might resend if the server is to slow to reset after sending
				6565	# a HelloVerifyRequest, so only check for no retransmission server-side
				6566	not_with_valgrind # spurious autoreduction due to timeout
				6567	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6568	requires_config_enabled MBEDTLS_RSA_C
				6569	requires_config_enabled MBEDTLS_ECDSA_C
				6570	run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
				6571	-p "$P_PXY mtu=1024" \
				6572	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6573	crt_file=data_files/server7_int-ca.crt \
				6574	key_file=data_files/server7.key \
				6575	hs_timeout=10000-60000 \
				6576	mtu=1024" \
				6577	"$P_CLI dtls=1 debug_level=2 \
				6578	crt_file=data_files/server8_int-ca2.crt \
				6579	key_file=data_files/server8.key \
				6580	hs_timeout=10000-60000 \
				6581	mtu=1024" \
				6582	0 \
				6583	-S "autoreduction" \
				6584	-s "found fragmented DTLS handshake message" \
				6585	-c "found fragmented DTLS handshake message" \
				6586	-C "error"
				6587
				6588	# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
				6589	# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
				6590	# OTOH the client might resend if the server is to slow to reset after sending
				6591	# a HelloVerifyRequest, so only check for no retransmission server-side
				6592	not_with_valgrind # spurious autoreduction due to timeout
				6593	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6594	requires_config_enabled MBEDTLS_RSA_C
				6595	requires_config_enabled MBEDTLS_ECDSA_C
				6596	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6597	requires_config_enabled MBEDTLS_AES_C
				6598	requires_config_enabled MBEDTLS_GCM_C
				6599	run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
				6600	-p "$P_PXY mtu=512" \
				6601	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6602	crt_file=data_files/server7_int-ca.crt \
				6603	key_file=data_files/server7.key \
				6604	hs_timeout=10000-60000 \
				6605	mtu=512" \
				6606	"$P_CLI dtls=1 debug_level=2 \
				6607	crt_file=data_files/server8_int-ca2.crt \
				6608	key_file=data_files/server8.key \
				6609	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6610	hs_timeout=10000-60000 \
				6611	mtu=512" \
				6612	0 \
				6613	-S "autoreduction" \
				6614	-s "found fragmented DTLS handshake message" \
				6615	-c "found fragmented DTLS handshake message" \
				6616	-C "error"
				6617
				6618	not_with_valgrind # spurious autoreduction due to timeout
				6619	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6620	requires_config_enabled MBEDTLS_RSA_C
				6621	requires_config_enabled MBEDTLS_ECDSA_C
				6622	run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
				6623	-p "$P_PXY mtu=1024" \
				6624	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6625	crt_file=data_files/server7_int-ca.crt \
				6626	key_file=data_files/server7.key \
				6627	hs_timeout=10000-60000 \
				6628	mtu=1024 nbio=2" \
				6629	"$P_CLI dtls=1 debug_level=2 \
				6630	crt_file=data_files/server8_int-ca2.crt \
				6631	key_file=data_files/server8.key \
				6632	hs_timeout=10000-60000 \
				6633	mtu=1024 nbio=2" \
				6634	0 \
				6635	-S "autoreduction" \
				6636	-s "found fragmented DTLS handshake message" \
				6637	-c "found fragmented DTLS handshake message" \
				6638	-C "error"
				6639
				6640	# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
				6641	not_with_valgrind # spurious autoreduction due to timeout
				6642	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6643	requires_config_enabled MBEDTLS_RSA_C
				6644	requires_config_enabled MBEDTLS_ECDSA_C
				6645	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6646	requires_config_enabled MBEDTLS_AES_C
				6647	requires_config_enabled MBEDTLS_GCM_C
				6648	run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
				6649	-p "$P_PXY mtu=512" \
				6650	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6651	crt_file=data_files/server7_int-ca.crt \
				6652	key_file=data_files/server7.key \
				6653	hs_timeout=10000-60000 \
				6654	mtu=512 nbio=2" \
				6655	"$P_CLI dtls=1 debug_level=2 \
				6656	crt_file=data_files/server8_int-ca2.crt \
				6657	key_file=data_files/server8.key \
				6658	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6659	hs_timeout=10000-60000 \
				6660	mtu=512 nbio=2" \
				6661	0 \
				6662	-S "autoreduction" \
				6663	-s "found fragmented DTLS handshake message" \
				6664	-c "found fragmented DTLS handshake message" \
				6665	-C "error"
				6666
				6667	# Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
				6668	# This ensures things still work after session_reset().
				6669	# It also exercises the "resumed handshake" flow.
				6670	# Since we don't support reading fragmented ClientHello yet,
				6671	# up the MTU to 1450 (larger than ClientHello with session ticket,
				6672	# but still smaller than client's Certificate to ensure fragmentation).
				6673	# An autoreduction on the client-side might happen if the server is
				6674	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6675	# reco_delay avoids races where the client reconnects before the server has
				6676	# resumed listening, which would result in a spurious autoreduction.
				6677	not_with_valgrind # spurious autoreduction due to timeout
				6678	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6679	requires_config_enabled MBEDTLS_RSA_C
				6680	requires_config_enabled MBEDTLS_ECDSA_C
				6681	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6682	requires_config_enabled MBEDTLS_AES_C
				6683	requires_config_enabled MBEDTLS_GCM_C
				6684	run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
				6685	-p "$P_PXY mtu=1450" \
				6686	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6687	crt_file=data_files/server7_int-ca.crt \
				6688	key_file=data_files/server7.key \
				6689	hs_timeout=10000-60000 \
				6690	mtu=1450" \
				6691	"$P_CLI dtls=1 debug_level=2 \
				6692	crt_file=data_files/server8_int-ca2.crt \
				6693	key_file=data_files/server8.key \
				6694	hs_timeout=10000-60000 \
				6695	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6696	mtu=1450 reconnect=1 reco_delay=1" \
				6697	0 \
				6698	-S "autoreduction" \
				6699	-s "found fragmented DTLS handshake message" \
				6700	-c "found fragmented DTLS handshake message" \
				6701	-C "error"
				6702
				6703	# An autoreduction on the client-side might happen if the server is
				6704	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6705	not_with_valgrind # spurious autoreduction due to timeout
				6706	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6707	requires_config_enabled MBEDTLS_RSA_C
				6708	requires_config_enabled MBEDTLS_ECDSA_C
				6709	requires_config_enabled MBEDTLS_SHA256_C
				6710	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6711	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6712	requires_config_enabled MBEDTLS_CHACHAPOLY_C
				6713	run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
				6714	-p "$P_PXY mtu=512" \
				6715	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6716	crt_file=data_files/server7_int-ca.crt \
				6717	key_file=data_files/server7.key \
				6718	exchanges=2 renegotiation=1 \
				6719	hs_timeout=10000-60000 \
				6720	mtu=512" \
				6721	"$P_CLI dtls=1 debug_level=2 \
				6722	crt_file=data_files/server8_int-ca2.crt \
				6723	key_file=data_files/server8.key \
				6724	exchanges=2 renegotiation=1 renegotiate=1 \
				6725	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6726	hs_timeout=10000-60000 \
				6727	mtu=512" \
				6728	0 \
				6729	-S "autoreduction" \
				6730	-s "found fragmented DTLS handshake message" \
				6731	-c "found fragmented DTLS handshake message" \
				6732	-C "error"
				6733
				6734	# An autoreduction on the client-side might happen if the server is
				6735	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6736	not_with_valgrind # spurious autoreduction due to timeout
				6737	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6738	requires_config_enabled MBEDTLS_RSA_C
				6739	requires_config_enabled MBEDTLS_ECDSA_C
				6740	requires_config_enabled MBEDTLS_SHA256_C
				6741	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6742	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6743	requires_config_enabled MBEDTLS_AES_C
				6744	requires_config_enabled MBEDTLS_GCM_C
				6745	run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
				6746	-p "$P_PXY mtu=512" \
				6747	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6748	crt_file=data_files/server7_int-ca.crt \
				6749	key_file=data_files/server7.key \
				6750	exchanges=2 renegotiation=1 \
				6751	hs_timeout=10000-60000 \
				6752	mtu=512" \
				6753	"$P_CLI dtls=1 debug_level=2 \
				6754	crt_file=data_files/server8_int-ca2.crt \
				6755	key_file=data_files/server8.key \
				6756	exchanges=2 renegotiation=1 renegotiate=1 \
				6757	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6758	hs_timeout=10000-60000 \
				6759	mtu=512" \
				6760	0 \
				6761	-S "autoreduction" \
				6762	-s "found fragmented DTLS handshake message" \
				6763	-c "found fragmented DTLS handshake message" \
				6764	-C "error"
				6765
				6766	# An autoreduction on the client-side might happen if the server is
				6767	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6768	not_with_valgrind # spurious autoreduction due to timeout
				6769	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6770	requires_config_enabled MBEDTLS_RSA_C
				6771	requires_config_enabled MBEDTLS_ECDSA_C
				6772	requires_config_enabled MBEDTLS_SHA256_C
				6773	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6774	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6775	requires_config_enabled MBEDTLS_AES_C
				6776	requires_config_enabled MBEDTLS_CCM_C
				6777	run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
				6778	-p "$P_PXY mtu=1024" \
				6779	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6780	crt_file=data_files/server7_int-ca.crt \
				6781	key_file=data_files/server7.key \
				6782	exchanges=2 renegotiation=1 \
				6783	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
				6784	hs_timeout=10000-60000 \
				6785	mtu=1024" \
				6786	"$P_CLI dtls=1 debug_level=2 \
				6787	crt_file=data_files/server8_int-ca2.crt \
				6788	key_file=data_files/server8.key \
				6789	exchanges=2 renegotiation=1 renegotiate=1 \
				6790	hs_timeout=10000-60000 \
				6791	mtu=1024" \
				6792	0 \
				6793	-S "autoreduction" \
				6794	-s "found fragmented DTLS handshake message" \
				6795	-c "found fragmented DTLS handshake message" \
				6796	-C "error"
				6797
				6798	# An autoreduction on the client-side might happen if the server is
				6799	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6800	not_with_valgrind # spurious autoreduction due to timeout
				6801	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6802	requires_config_enabled MBEDTLS_RSA_C
				6803	requires_config_enabled MBEDTLS_ECDSA_C
				6804	requires_config_enabled MBEDTLS_SHA256_C
				6805	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6806	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6807	requires_config_enabled MBEDTLS_AES_C
				6808	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				6809	requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
				6810	run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
				6811	-p "$P_PXY mtu=1024" \
				6812	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6813	crt_file=data_files/server7_int-ca.crt \
				6814	key_file=data_files/server7.key \
				6815	exchanges=2 renegotiation=1 \
				6816	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
				6817	hs_timeout=10000-60000 \
				6818	mtu=1024" \
				6819	"$P_CLI dtls=1 debug_level=2 \
				6820	crt_file=data_files/server8_int-ca2.crt \
				6821	key_file=data_files/server8.key \
				6822	exchanges=2 renegotiation=1 renegotiate=1 \
				6823	hs_timeout=10000-60000 \
				6824	mtu=1024" \
				6825	0 \
				6826	-S "autoreduction" \
				6827	-s "found fragmented DTLS handshake message" \
				6828	-c "found fragmented DTLS handshake message" \
				6829	-C "error"
				6830
				6831	# An autoreduction on the client-side might happen if the server is
				6832	# slow to reset, therefore omitting '-C "autoreduction"' below.
				6833	not_with_valgrind # spurious autoreduction due to timeout
				6834	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6835	requires_config_enabled MBEDTLS_RSA_C
				6836	requires_config_enabled MBEDTLS_ECDSA_C
				6837	requires_config_enabled MBEDTLS_SHA256_C
				6838	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6839	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				6840	requires_config_enabled MBEDTLS_AES_C
				6841	requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
				6842	run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
				6843	-p "$P_PXY mtu=1024" \
				6844	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6845	crt_file=data_files/server7_int-ca.crt \
				6846	key_file=data_files/server7.key \
				6847	exchanges=2 renegotiation=1 \
				6848	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
				6849	hs_timeout=10000-60000 \
				6850	mtu=1024" \
				6851	"$P_CLI dtls=1 debug_level=2 \
				6852	crt_file=data_files/server8_int-ca2.crt \
				6853	key_file=data_files/server8.key \
				6854	exchanges=2 renegotiation=1 renegotiate=1 \
				6855	hs_timeout=10000-60000 \
				6856	mtu=1024" \
				6857	0 \
				6858	-S "autoreduction" \
				6859	-s "found fragmented DTLS handshake message" \
				6860	-c "found fragmented DTLS handshake message" \
				6861	-C "error"
				6862
				6863	# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
				6864	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6865	requires_config_enabled MBEDTLS_RSA_C
				6866	requires_config_enabled MBEDTLS_ECDSA_C
				6867	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6868	requires_config_enabled MBEDTLS_AES_C
				6869	requires_config_enabled MBEDTLS_GCM_C
				6870	client_needs_more_time 2
				6871	run_test "DTLS fragmenting: proxy MTU + 3d" \
				6872	-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
				6873	"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
				6874	crt_file=data_files/server7_int-ca.crt \
				6875	key_file=data_files/server7.key \
				6876	hs_timeout=250-10000 mtu=512" \
				6877	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				6878	crt_file=data_files/server8_int-ca2.crt \
				6879	key_file=data_files/server8.key \
				6880	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6881	hs_timeout=250-10000 mtu=512" \
				6882	0 \
				6883	-s "found fragmented DTLS handshake message" \
				6884	-c "found fragmented DTLS handshake message" \
				6885	-C "error"
				6886
				6887	# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
				6888	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6889	requires_config_enabled MBEDTLS_RSA_C
				6890	requires_config_enabled MBEDTLS_ECDSA_C
				6891	requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
				6892	requires_config_enabled MBEDTLS_AES_C
				6893	requires_config_enabled MBEDTLS_GCM_C
				6894	client_needs_more_time 2
				6895	run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
				6896	-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
				6897	"$P_SRV dtls=1 debug_level=2 auth_mode=required \
				6898	crt_file=data_files/server7_int-ca.crt \
				6899	key_file=data_files/server7.key \
				6900	hs_timeout=250-10000 mtu=512 nbio=2" \
				6901	"$P_CLI dtls=1 debug_level=2 \
				6902	crt_file=data_files/server8_int-ca2.crt \
				6903	key_file=data_files/server8.key \
				6904	force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
				6905	hs_timeout=250-10000 mtu=512 nbio=2" \
				6906	0 \
				6907	-s "found fragmented DTLS handshake message" \
				6908	-c "found fragmented DTLS handshake message" \
				6909	-C "error"
				6910
				6911	# interop tests for DTLS fragmentating with reliable connection
				6912	#
				6913	# here and below we just want to test that the we fragment in a way that
				6914	# pleases other implementations, so we don't need the peer to fragment
				6915	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6916	requires_config_enabled MBEDTLS_RSA_C
				6917	requires_config_enabled MBEDTLS_ECDSA_C
				6918	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				6919	requires_gnutls
				6920	run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
				6921	"$G_SRV -u" \
				6922	"$P_CLI dtls=1 debug_level=2 \
				6923	crt_file=data_files/server8_int-ca2.crt \
				6924	key_file=data_files/server8.key \
				6925	mtu=512 force_version=dtls1_2" \
				6926	0 \
				6927	-c "fragmenting handshake message" \
				6928	-C "error"
				6929
				6930	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6931	requires_config_enabled MBEDTLS_RSA_C
				6932	requires_config_enabled MBEDTLS_ECDSA_C
				6933	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				6934	requires_gnutls
				6935	run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
				6936	"$G_SRV -u" \
				6937	"$P_CLI dtls=1 debug_level=2 \
				6938	crt_file=data_files/server8_int-ca2.crt \
				6939	key_file=data_files/server8.key \
				6940	mtu=512 force_version=dtls1" \
				6941	0 \
				6942	-c "fragmenting handshake message" \
				6943	-C "error"
				6944
				6945	# We use --insecure for the GnuTLS client because it expects
				6946	# the hostname / IP it connects to to be the name used in the
				6947	# certificate obtained from the server. Here, however, it
				6948	# connects to 127.0.0.1 while our test certificates use 'localhost'
				6949	# as the server name in the certificate. This will make the
				6950	# certifiate validation fail, but passing --insecure makes
				6951	# GnuTLS continue the connection nonetheless.
				6952	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6953	requires_config_enabled MBEDTLS_RSA_C
				6954	requires_config_enabled MBEDTLS_ECDSA_C
				6955	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				6956	requires_gnutls
				6957	requires_not_i686
				6958	run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
				6959	"$P_SRV dtls=1 debug_level=2 \
				6960	crt_file=data_files/server7_int-ca.crt \
				6961	key_file=data_files/server7.key \
				6962	mtu=512 force_version=dtls1_2" \
				6963	"$G_CLI -u --insecure 127.0.0.1" \
				6964	0 \
				6965	-s "fragmenting handshake message"
				6966
				6967	# See previous test for the reason to use --insecure
				6968	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6969	requires_config_enabled MBEDTLS_RSA_C
				6970	requires_config_enabled MBEDTLS_ECDSA_C
				6971	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				6972	requires_gnutls
				6973	requires_not_i686
				6974	run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
				6975	"$P_SRV dtls=1 debug_level=2 \
				6976	crt_file=data_files/server7_int-ca.crt \
				6977	key_file=data_files/server7.key \
				6978	mtu=512 force_version=dtls1" \
				6979	"$G_CLI -u --insecure 127.0.0.1" \
				6980	0 \
				6981	-s "fragmenting handshake message"
				6982
				6983	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6984	requires_config_enabled MBEDTLS_RSA_C
				6985	requires_config_enabled MBEDTLS_ECDSA_C
				6986	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				6987	run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
				6988	"$O_SRV -dtls1_2 -verify 10" \
				6989	"$P_CLI dtls=1 debug_level=2 \
				6990	crt_file=data_files/server8_int-ca2.crt \
				6991	key_file=data_files/server8.key \
				6992	mtu=512 force_version=dtls1_2" \
				6993	0 \
				6994	-c "fragmenting handshake message" \
				6995	-C "error"
				6996
				6997	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				6998	requires_config_enabled MBEDTLS_RSA_C
				6999	requires_config_enabled MBEDTLS_ECDSA_C
				7000	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7001	run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
				7002	"$O_SRV -dtls1 -verify 10" \
				7003	"$P_CLI dtls=1 debug_level=2 \
				7004	crt_file=data_files/server8_int-ca2.crt \
				7005	key_file=data_files/server8.key \
				7006	mtu=512 force_version=dtls1" \
				7007	0 \
				7008	-c "fragmenting handshake message" \
				7009	-C "error"
				7010
				7011	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7012	requires_config_enabled MBEDTLS_RSA_C
				7013	requires_config_enabled MBEDTLS_ECDSA_C
				7014	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				7015	run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
				7016	"$P_SRV dtls=1 debug_level=2 \
				7017	crt_file=data_files/server7_int-ca.crt \
				7018	key_file=data_files/server7.key \
				7019	mtu=512 force_version=dtls1_2" \
				7020	"$O_CLI -dtls1_2" \
				7021	0 \
				7022	-s "fragmenting handshake message"
				7023
				7024	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7025	requires_config_enabled MBEDTLS_RSA_C
				7026	requires_config_enabled MBEDTLS_ECDSA_C
				7027	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7028	run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
				7029	"$P_SRV dtls=1 debug_level=2 \
				7030	crt_file=data_files/server7_int-ca.crt \
				7031	key_file=data_files/server7.key \
				7032	mtu=512 force_version=dtls1" \
				7033	"$O_CLI -dtls1" \
				7034	0 \
				7035	-s "fragmenting handshake message"
				7036
				7037	# interop tests for DTLS fragmentating with unreliable connection
				7038	#
				7039	# again we just want to test that the we fragment in a way that
				7040	# pleases other implementations, so we don't need the peer to fragment
				7041	requires_gnutls_next
				7042	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7043	requires_config_enabled MBEDTLS_RSA_C
				7044	requires_config_enabled MBEDTLS_ECDSA_C
				7045	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				7046	client_needs_more_time 4
				7047	run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
				7048	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7049	"$G_NEXT_SRV -u" \
				7050	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7051	crt_file=data_files/server8_int-ca2.crt \
				7052	key_file=data_files/server8.key \
				7053	hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
				7054	0 \
				7055	-c "fragmenting handshake message" \
				7056	-C "error"
				7057
				7058	requires_gnutls_next
				7059	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7060	requires_config_enabled MBEDTLS_RSA_C
				7061	requires_config_enabled MBEDTLS_ECDSA_C
				7062	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7063	client_needs_more_time 4
				7064	run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
				7065	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7066	"$G_NEXT_SRV -u" \
				7067	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7068	crt_file=data_files/server8_int-ca2.crt \
				7069	key_file=data_files/server8.key \
				7070	hs_timeout=250-60000 mtu=512 force_version=dtls1" \
				7071	0 \
				7072	-c "fragmenting handshake message" \
				7073	-C "error"
				7074
				7075	requires_gnutls_next
				7076	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7077	requires_config_enabled MBEDTLS_RSA_C
				7078	requires_config_enabled MBEDTLS_ECDSA_C
				7079	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				7080	client_needs_more_time 4
				7081	run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
				7082	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7083	"$P_SRV dtls=1 debug_level=2 \
				7084	crt_file=data_files/server7_int-ca.crt \
				7085	key_file=data_files/server7.key \
				7086	hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
				7087	"$G_NEXT_CLI -u --insecure 127.0.0.1" \
				7088	0 \
				7089	-s "fragmenting handshake message"
				7090
				7091	requires_gnutls_next
				7092	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7093	requires_config_enabled MBEDTLS_RSA_C
				7094	requires_config_enabled MBEDTLS_ECDSA_C
				7095	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7096	client_needs_more_time 4
				7097	run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
				7098	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7099	"$P_SRV dtls=1 debug_level=2 \
				7100	crt_file=data_files/server7_int-ca.crt \
				7101	key_file=data_files/server7.key \
				7102	hs_timeout=250-60000 mtu=512 force_version=dtls1" \
				7103	"$G_NEXT_CLI -u --insecure 127.0.0.1" \
				7104	0 \
				7105	-s "fragmenting handshake message"
				7106
				7107	## Interop test with OpenSSL might trigger a bug in recent versions (including
				7108	## all versions installed on the CI machines), reported here:
				7109	## Bug report: https://github.com/openssl/openssl/issues/6902
				7110	## They should be re-enabled once a fixed version of OpenSSL is available
				7111	## (this should happen in some 1.1.1_ release according to the ticket).
				7112	skip_next_test
				7113	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7114	requires_config_enabled MBEDTLS_RSA_C
				7115	requires_config_enabled MBEDTLS_ECDSA_C
				7116	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				7117	client_needs_more_time 4
				7118	run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
				7119	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7120	"$O_SRV -dtls1_2 -verify 10" \
				7121	"$P_CLI dtls=1 debug_level=2 \
				7122	crt_file=data_files/server8_int-ca2.crt \
				7123	key_file=data_files/server8.key \
				7124	hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
				7125	0 \
				7126	-c "fragmenting handshake message" \
				7127	-C "error"
				7128
				7129	skip_next_test
				7130	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7131	requires_config_enabled MBEDTLS_RSA_C
				7132	requires_config_enabled MBEDTLS_ECDSA_C
				7133	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7134	client_needs_more_time 4
				7135	run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
				7136	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7137	"$O_SRV -dtls1 -verify 10" \
				7138	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7139	crt_file=data_files/server8_int-ca2.crt \
				7140	key_file=data_files/server8.key \
				7141	hs_timeout=250-60000 mtu=512 force_version=dtls1" \
				7142	0 \
				7143	-c "fragmenting handshake message" \
				7144	-C "error"
				7145
				7146	skip_next_test
				7147	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7148	requires_config_enabled MBEDTLS_RSA_C
				7149	requires_config_enabled MBEDTLS_ECDSA_C
				7150	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
				7151	client_needs_more_time 4
				7152	run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
				7153	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7154	"$P_SRV dtls=1 debug_level=2 \
				7155	crt_file=data_files/server7_int-ca.crt \
				7156	key_file=data_files/server7.key \
				7157	hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
				7158	"$O_CLI -dtls1_2" \
				7159	0 \
				7160	-s "fragmenting handshake message"
				7161
				7162	# -nbio is added to prevent s_client from blocking in case of duplicated
				7163	# messages at the end of the handshake
				7164	skip_next_test
				7165	requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
				7166	requires_config_enabled MBEDTLS_RSA_C
				7167	requires_config_enabled MBEDTLS_ECDSA_C
				7168	requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
				7169	client_needs_more_time 4
				7170	run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
				7171	-p "$P_PXY drop=8 delay=8 duplicate=8" \
				7172	"$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
				7173	crt_file=data_files/server7_int-ca.crt \
				7174	key_file=data_files/server7.key \
				7175	hs_timeout=250-60000 mtu=512 force_version=dtls1" \
				7176	"$O_CLI -nbio -dtls1" \
				7177	0 \
				7178	-s "fragmenting handshake message"
				7179
				7180	# Tests for specific things with "unreliable" UDP connection
				7181
				7182	not_with_valgrind # spurious resend due to timeout
				7183	run_test "DTLS proxy: reference" \
				7184	-p "$P_PXY" \
				7185	"$P_SRV dtls=1 debug_level=2" \
				7186	"$P_CLI dtls=1 debug_level=2" \
				7187	0 \
				7188	-C "replayed record" \
				7189	-S "replayed record" \
				7190	-C "record from another epoch" \
				7191	-S "record from another epoch" \
				7192	-C "discarding invalid record" \
				7193	-S "discarding invalid record" \
				7194	-S "resend" \
				7195	-s "Extra-header:" \
				7196	-c "HTTP/1.0 200 OK"
				7197
				7198	not_with_valgrind # spurious resend due to timeout
				7199	run_test "DTLS proxy: duplicate every packet" \
				7200	-p "$P_PXY duplicate=1" \
				7201	"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
				7202	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				7203	0 \
				7204	-c "replayed record" \
				7205	-s "replayed record" \
				7206	-c "record from another epoch" \
				7207	-s "record from another epoch" \
				7208	-S "resend" \
				7209	-s "Extra-header:" \
				7210	-c "HTTP/1.0 200 OK"
				7211
				7212	run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
				7213	-p "$P_PXY duplicate=1" \
				7214	"$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
				7215	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				7216	0 \
				7217	-c "replayed record" \
				7218	-S "replayed record" \
				7219	-c "record from another epoch" \
				7220	-s "record from another epoch" \
				7221	-c "resend" \
				7222	-s "resend" \
				7223	-s "Extra-header:" \
				7224	-c "HTTP/1.0 200 OK"
				7225
				7226	run_test "DTLS proxy: multiple records in same datagram" \
				7227	-p "$P_PXY pack=50" \
				7228	"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
				7229	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				7230	0 \
				7231	-c "next record in same datagram" \
				7232	-s "next record in same datagram"
				7233
				7234	run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
				7235	-p "$P_PXY pack=50 duplicate=1" \
				7236	"$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
				7237	"$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
				7238	0 \
				7239	-c "next record in same datagram" \
				7240	-s "next record in same datagram"
				7241
				7242	run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
				7243	-p "$P_PXY bad_ad=1" \
				7244	"$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
				7245	"$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
				7246	0 \
				7247	-c "discarding invalid record (mac)" \
				7248	-s "discarding invalid record (mac)" \
				7249	-s "Extra-header:" \
				7250	-c "HTTP/1.0 200 OK" \
				7251	-S "too many records with bad MAC" \
				7252	-S "Verification of the message MAC failed"
				7253
				7254	run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
				7255	-p "$P_PXY bad_ad=1" \
				7256	"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
				7257	"$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
				7258	1 \
				7259	-C "discarding invalid record (mac)" \
				7260	-S "discarding invalid record (mac)" \
				7261	-S "Extra-header:" \
				7262	-C "HTTP/1.0 200 OK" \
				7263	-s "too many records with bad MAC" \
				7264	-s "Verification of the message MAC failed"
				7265
				7266	run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
				7267	-p "$P_PXY bad_ad=1" \
				7268	"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
				7269	"$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
				7270	0 \
				7271	-c "discarding invalid record (mac)" \
				7272	-s "discarding invalid record (mac)" \
				7273	-s "Extra-header:" \
				7274	-c "HTTP/1.0 200 OK" \
				7275	-S "too many records with bad MAC" \
				7276	-S "Verification of the message MAC failed"
				7277
				7278	run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
				7279	-p "$P_PXY bad_ad=1" \
				7280	"$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
				7281	"$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
				7282	1 \
				7283	-c "discarding invalid record (mac)" \
				7284	-s "discarding invalid record (mac)" \
				7285	-s "Extra-header:" \
				7286	-c "HTTP/1.0 200 OK" \
				7287	-s "too many records with bad MAC" \
				7288	-s "Verification of the message MAC failed"
				7289
				7290	run_test "DTLS proxy: delay ChangeCipherSpec" \
				7291	-p "$P_PXY delay_ccs=1" \
				7292	"$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
				7293	"$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
				7294	0 \
				7295	-c "record from another epoch" \
				7296	-s "record from another epoch" \
				7297	-s "Extra-header:" \
				7298	-c "HTTP/1.0 200 OK"
				7299
				7300	# Tests for reordering support with DTLS
				7301
				7302	run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
				7303	-p "$P_PXY delay_srv=ServerHello" \
				7304	"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7305	hs_timeout=2500-60000" \
				7306	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7307	hs_timeout=2500-60000" \
				7308	0 \
				7309	-c "Buffering HS message" \
				7310	-c "Next handshake message has been buffered - load"\
				7311	-S "Buffering HS message" \
				7312	-S "Next handshake message has been buffered - load"\
				7313	-C "Injecting buffered CCS message" \
				7314	-C "Remember CCS message" \
				7315	-S "Injecting buffered CCS message" \
				7316	-S "Remember CCS message"
				7317
				7318	run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
				7319	-p "$P_PXY delay_srv=ServerHello" \
				7320	"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7321	hs_timeout=2500-60000" \
				7322	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7323	hs_timeout=2500-60000" \
				7324	0 \
				7325	-c "Buffering HS message" \
				7326	-c "found fragmented DTLS handshake message"\
				7327	-c "Next handshake message 1 not or only partially bufffered" \
				7328	-c "Next handshake message has been buffered - load"\
				7329	-S "Buffering HS message" \
				7330	-S "Next handshake message has been buffered - load"\
				7331	-C "Injecting buffered CCS message" \
				7332	-C "Remember CCS message" \
				7333	-S "Injecting buffered CCS message" \
				7334	-S "Remember CCS message"
				7335
				7336	# The client buffers the ServerKeyExchange before receiving the fragmented
				7337	# Certificate message; at the time of writing, together these are aroudn 1200b
				7338	# in size, so that the bound below ensures that the certificate can be reassembled
				7339	# while keeping the ServerKeyExchange.
				7340	requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
				7341	run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
				7342	-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
				7343	"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7344	hs_timeout=2500-60000" \
				7345	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7346	hs_timeout=2500-60000" \
				7347	0 \
				7348	-c "Buffering HS message" \
				7349	-c "Next handshake message has been buffered - load"\
				7350	-C "attempt to make space by freeing buffered messages" \
				7351	-S "Buffering HS message" \
				7352	-S "Next handshake message has been buffered - load"\
				7353	-C "Injecting buffered CCS message" \
				7354	-C "Remember CCS message" \
				7355	-S "Injecting buffered CCS message" \
				7356	-S "Remember CCS message"
				7357
				7358	# The size constraints ensure that the delayed certificate message can't
				7359	# be reassembled while keeping the ServerKeyExchange message, but it can
				7360	# when dropping it first.
				7361	requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
				7362	requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
				7363	run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
				7364	-p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
				7365	"$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7366	hs_timeout=2500-60000" \
				7367	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7368	hs_timeout=2500-60000" \
				7369	0 \
				7370	-c "Buffering HS message" \
				7371	-c "attempt to make space by freeing buffered future messages" \
				7372	-c "Enough space available after freeing buffered HS messages" \
				7373	-S "Buffering HS message" \
				7374	-S "Next handshake message has been buffered - load"\
				7375	-C "Injecting buffered CCS message" \
				7376	-C "Remember CCS message" \
				7377	-S "Injecting buffered CCS message" \
				7378	-S "Remember CCS message"
				7379
				7380	run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
				7381	-p "$P_PXY delay_cli=Certificate" \
				7382	"$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
				7383	hs_timeout=2500-60000" \
				7384	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7385	hs_timeout=2500-60000" \
				7386	0 \
				7387	-C "Buffering HS message" \
				7388	-C "Next handshake message has been buffered - load"\
				7389	-s "Buffering HS message" \
				7390	-s "Next handshake message has been buffered - load" \
				7391	-C "Injecting buffered CCS message" \
				7392	-C "Remember CCS message" \
				7393	-S "Injecting buffered CCS message" \
				7394	-S "Remember CCS message"
				7395
				7396	run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
				7397	-p "$P_PXY delay_srv=NewSessionTicket" \
				7398	"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7399	hs_timeout=2500-60000" \
				7400	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7401	hs_timeout=2500-60000" \
				7402	0 \
				7403	-C "Buffering HS message" \
				7404	-C "Next handshake message has been buffered - load"\
				7405	-S "Buffering HS message" \
				7406	-S "Next handshake message has been buffered - load" \
				7407	-c "Injecting buffered CCS message" \
				7408	-c "Remember CCS message" \
				7409	-S "Injecting buffered CCS message" \
				7410	-S "Remember CCS message"
				7411
				7412	run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
				7413	-p "$P_PXY delay_cli=ClientKeyExchange" \
				7414	"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7415	hs_timeout=2500-60000" \
				7416	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7417	hs_timeout=2500-60000" \
				7418	0 \
				7419	-C "Buffering HS message" \
				7420	-C "Next handshake message has been buffered - load"\
				7421	-S "Buffering HS message" \
				7422	-S "Next handshake message has been buffered - load" \
				7423	-C "Injecting buffered CCS message" \
				7424	-C "Remember CCS message" \
				7425	-s "Injecting buffered CCS message" \
				7426	-s "Remember CCS message"
				7427
				7428	run_test "DTLS reordering: Buffer encrypted Finished message" \
				7429	-p "$P_PXY delay_ccs=1" \
				7430	"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
				7431	hs_timeout=2500-60000" \
				7432	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
				7433	hs_timeout=2500-60000" \
				7434	0 \
				7435	-s "Buffer record from epoch 1" \
				7436	-s "Found buffered record from current epoch - load" \
				7437	-c "Buffer record from epoch 1" \
				7438	-c "Found buffered record from current epoch - load"
				7439
				7440	# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
				7441	# from the server are delayed, so that the encrypted Finished message
				7442	# is received and buffered. When the fragmented NewSessionTicket comes
				7443	# in afterwards, the encrypted Finished message must be freed in order
				7444	# to make space for the NewSessionTicket to be reassembled.
				7445	# This works only in very particular circumstances:
				7446	# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
				7447	# of the NewSessionTicket, but small enough to also allow buffering of
				7448	# the encrypted Finished message.
				7449	# - The MTU setting on the server must be so small that the NewSessionTicket
				7450	# needs to be fragmented.
				7451	# - All messages sent by the server must be small enough to be either sent
				7452	# without fragmentation or be reassembled within the bounds of
				7453	# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
				7454	# handshake, omitting CRTs.
				7455	requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
				7456	requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
				7457	run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
				7458	-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
				7459	"$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
				7460	"$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
				7461	0 \
				7462	-s "Buffer record from epoch 1" \
				7463	-s "Found buffered record from current epoch - load" \
				7464	-c "Buffer record from epoch 1" \
				7465	-C "Found buffered record from current epoch - load" \
				7466	-c "Enough space available after freeing future epoch record"
				7467
				7468	# Tests for "randomly unreliable connection": try a variety of flows and peers
				7469
				7470	client_needs_more_time 2
				7471	run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
				7472	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7473	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7474	psk=abc123" \
				7475	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7476	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7477	0 \
				7478	-s "Extra-header:" \
				7479	-c "HTTP/1.0 200 OK"
				7480
				7481	client_needs_more_time 2
				7482	run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
				7483	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7484	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
				7485	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
				7486	force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
				7487	0 \
				7488	-s "Extra-header:" \
				7489	-c "HTTP/1.0 200 OK"
				7490
				7491	client_needs_more_time 2
				7492	run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
				7493	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7494	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
				7495	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
				7496	0 \
				7497	-s "Extra-header:" \
				7498	-c "HTTP/1.0 200 OK"
				7499
				7500	client_needs_more_time 2
				7501	run_test "DTLS proxy: 3d, FS, client auth" \
				7502	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7503	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
				7504	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
				7505	0 \
				7506	-s "Extra-header:" \
				7507	-c "HTTP/1.0 200 OK"
				7508
				7509	client_needs_more_time 2
				7510	run_test "DTLS proxy: 3d, FS, ticket" \
				7511	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7512	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
				7513	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
				7514	0 \
				7515	-s "Extra-header:" \
				7516	-c "HTTP/1.0 200 OK"
				7517
				7518	client_needs_more_time 2
				7519	run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
				7520	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7521	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
				7522	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
				7523	0 \
				7524	-s "Extra-header:" \
				7525	-c "HTTP/1.0 200 OK"
				7526
				7527	client_needs_more_time 2
				7528	run_test "DTLS proxy: 3d, max handshake, nbio" \
				7529	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7530	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
				7531	auth_mode=required" \
				7532	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
				7533	0 \
				7534	-s "Extra-header:" \
				7535	-c "HTTP/1.0 200 OK"
				7536
				7537	client_needs_more_time 4
				7538	run_test "DTLS proxy: 3d, min handshake, resumption" \
				7539	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7540	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7541	psk=abc123 debug_level=3" \
				7542	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7543	debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
				7544	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7545	0 \
				7546	-s "a session has been resumed" \
				7547	-c "a session has been resumed" \
				7548	-s "Extra-header:" \
				7549	-c "HTTP/1.0 200 OK"
				7550
				7551	client_needs_more_time 4
				7552	run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
				7553	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7554	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7555	psk=abc123 debug_level=3 nbio=2" \
				7556	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7557	debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
				7558	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
				7559	0 \
				7560	-s "a session has been resumed" \
				7561	-c "a session has been resumed" \
				7562	-s "Extra-header:" \
				7563	-c "HTTP/1.0 200 OK"
				7564
				7565	client_needs_more_time 4
				7566	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				7567	run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
				7568	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7569	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7570	psk=abc123 renegotiation=1 debug_level=2" \
				7571	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7572	renegotiate=1 debug_level=2 \
				7573	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7574	0 \
				7575	-c "=> renegotiate" \
				7576	-s "=> renegotiate" \
				7577	-s "Extra-header:" \
				7578	-c "HTTP/1.0 200 OK"
				7579
				7580	client_needs_more_time 4
				7581	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				7582	run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
				7583	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7584	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7585	psk=abc123 renegotiation=1 debug_level=2" \
				7586	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7587	renegotiate=1 debug_level=2 \
				7588	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7589	0 \
				7590	-c "=> renegotiate" \
				7591	-s "=> renegotiate" \
				7592	-s "Extra-header:" \
				7593	-c "HTTP/1.0 200 OK"
				7594
				7595	client_needs_more_time 4
				7596	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				7597	run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
				7598	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7599	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7600	psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
				7601	debug_level=2" \
				7602	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7603	renegotiation=1 exchanges=4 debug_level=2 \
				7604	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7605	0 \
				7606	-c "=> renegotiate" \
				7607	-s "=> renegotiate" \
				7608	-s "Extra-header:" \
				7609	-c "HTTP/1.0 200 OK"
				7610
				7611	client_needs_more_time 4
				7612	requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
				7613	run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
				7614	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7615	"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
				7616	psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
				7617	debug_level=2 nbio=2" \
				7618	"$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
				7619	renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
				7620	force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
				7621	0 \
				7622	-c "=> renegotiate" \
				7623	-s "=> renegotiate" \
				7624	-s "Extra-header:" \
				7625	-c "HTTP/1.0 200 OK"
				7626
				7627	## Interop tests with OpenSSL might trigger a bug in recent versions (including
				7628	## all versions installed on the CI machines), reported here:
				7629	## Bug report: https://github.com/openssl/openssl/issues/6902
				7630	## They should be re-enabled once a fixed version of OpenSSL is available
				7631	## (this should happen in some 1.1.1_ release according to the ticket).
				7632	skip_next_test
				7633	client_needs_more_time 6
				7634	not_with_valgrind # risk of non-mbedtls peer timing out
				7635	run_test "DTLS proxy: 3d, openssl server" \
				7636	-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
				7637	"$O_SRV -dtls1 -mtu 2048" \
				7638	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
				7639	0 \
				7640	-c "HTTP/1.0 200 OK"
				7641
				7642	skip_next_test # see above
				7643	client_needs_more_time 8
				7644	not_with_valgrind # risk of non-mbedtls peer timing out
				7645	run_test "DTLS proxy: 3d, openssl server, fragmentation" \
				7646	-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
				7647	"$O_SRV -dtls1 -mtu 768" \
				7648	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
				7649	0 \
				7650	-c "HTTP/1.0 200 OK"
				7651
				7652	skip_next_test # see above
				7653	client_needs_more_time 8
				7654	not_with_valgrind # risk of non-mbedtls peer timing out
				7655	run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
				7656	-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
				7657	"$O_SRV -dtls1 -mtu 768" \
				7658	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
				7659	0 \
				7660	-c "HTTP/1.0 200 OK"
				7661
				7662	requires_gnutls
				7663	client_needs_more_time 6
				7664	not_with_valgrind # risk of non-mbedtls peer timing out
				7665	run_test "DTLS proxy: 3d, gnutls server" \
				7666	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7667	"$G_SRV -u --mtu 2048 -a" \
				7668	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
				7669	0 \
				7670	-s "Extra-header:" \
				7671	-c "Extra-header:"
				7672
				7673	requires_gnutls_next
				7674	client_needs_more_time 8
				7675	not_with_valgrind # risk of non-mbedtls peer timing out
				7676	run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
				7677	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7678	"$G_NEXT_SRV -u --mtu 512" \
				7679	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
				7680	0 \
				7681	-s "Extra-header:" \
				7682	-c "Extra-header:"
				7683
				7684	requires_gnutls_next
				7685	client_needs_more_time 8
				7686	not_with_valgrind # risk of non-mbedtls peer timing out
				7687	run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
				7688	-p "$P_PXY drop=5 delay=5 duplicate=5" \
				7689	"$G_NEXT_SRV -u --mtu 512" \
				7690	"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
				7691	0 \
				7692	-s "Extra-header:" \
				7693	-c "Extra-header:"
				7694
				7695	# Final report
				7696
				7697	echo "------------------------------------------------------------------------"
				7698
				7699	if [ $FAILS = 0 ]; then
				7700	printf "PASSED"
				7701	else
				7702	printf "FAILED"
				7703	fi
				7704	PASSES=$(( $TESTS - $FAILS ))
				7705	echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
				7706
				7707	exit $FAILS