TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 05bf89da34b4dbdc2cbfe83a82287d52d9d5033d^! / .
commit05bf89da34b4dbdc2cbfe83a82287d52d9d5033d[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Tue Jan 25 17:50:25 2022 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Tue Jan 25 17:50:25 2022 +0100
tree500cda51226bfba6741a10397f4e931f47fb9495
parentdfc5c7117e625ac5fad69d0c4a90799a55a52351 [diff]
Clarify key types message from ssl_client2 and ssl_server2

If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 57f7d8f..68dcf6b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -1703,7 +1703,8 @@
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
+    mbedtls_printf( " ok (key type: %s)\n",
+                    strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     /*

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7cbdaf6..632a26c 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -2515,7 +2515,9 @@
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
+    mbedtls_printf( " ok (key types: %s, %s)\n",
+                    key_cert_init2 ? mbedtls_pk_get_name( &pkey ) : "none",
+                    key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 691c0e7..4d2679b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -1556,7 +1556,7 @@
             0 \
             -c "Verifying peer X.509 certificate... ok" \
             -c "Ciphersuite is TLS-ECDHE-ECDSA" \
-            -s "key types: Opaque - invalid PK" \
+            -s "key types: Opaque, none" \
             -s "Ciphersuite is TLS-ECDHE-ECDSA" \
             -S "error" \
             -C "error"
@@ -1575,7 +1575,7 @@
             -c "key type: Opaque" \
             -c "Verifying peer X.509 certificate... ok" \
             -c "Ciphersuite is TLS-ECDHE-ECDSA" \
-            -s "key types: Opaque - invalid PK" \
+            -s "key types: Opaque, none" \
             -s "Verifying peer X.509 certificate... ok" \
             -s "Ciphersuite is TLS-ECDHE-ECDSA" \
             -S "error" \