ECC restart: Use optional verification mode in bad signature test
This way, the verification failure string will still be printed
even if verification callbacks are disabled, allowing to increase
test coverage.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 38bfed7..b0e4515 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6430,22 +6430,19 @@
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \
- debug_level=1 ec_max_ops=1000" \
- 1 \
+ key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \
+ debug_level=1 ec_max_ops=1000 auth_mode=optional" \
+ 0 \
-c "x509_verify_cert.*4b00" \
- -C "mbedtls_pk_verify.*4b00" \
- -C "mbedtls_ecdh_make_public.*4b00" \
- -C "mbedtls_pk_sign.*4b00" \
+ -c "mbedtls_pk_verify.*4b00" \
+ -c "mbedtls_ecdh_make_public.*4b00" \
+ -c "mbedtls_pk_sign.*4b00" \
-c "! The certificate is not correctly signed by the trusted CA" \
- -c "! mbedtls_ssl_handshake returned" \
- -c "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_ECP_RESTARTABLE