Use variable for data_files path in ssl-opt.sh
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b7bcd13..1cc1115 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -29,6 +29,8 @@
exit 125
fi
+DATA_FILES_PATH=../framework/data_files
+
# default values, can be overridden by the environment
: ${P_SRV:=../programs/ssl/ssl_server2}
: ${P_CLI:=../programs/ssl/ssl_client2}
@@ -60,12 +62,12 @@
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
-: ${EARLY_DATA_INPUT:=../framework/data_files/tls13_early_data.txt}
+: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"}
-O_SRV="$OPENSSL s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
+O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"
-G_SRV="$GNUTLS_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key"
-G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt"
+G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key"
+G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt"
TCP_CLIENT="$PERL scripts/tcp_client.pl"
# alternative versions of OpenSSL and GnuTLS (no default path)
@@ -97,10 +99,10 @@
fi
if [ -n "${OPENSSL_NEXT:-}" ]; then
- O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
- O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
+ O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
+ O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www "
- O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile ../framework/data_files/test-ca_cat12.crt"
+ O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt"
O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
@@ -111,7 +113,7 @@
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key"
+ G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key"
G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV"
else
G_NEXT_SRV=false
@@ -119,7 +121,7 @@
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt"
+ G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt"
G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI"
else
G_NEXT_CLI=false
@@ -1704,7 +1706,7 @@
# Check if test uses files
case "$SRV_CMD $CLI_CMD" in
- *../framework/data_files/*)
+ *$DATA_FILES_PATH/*)
requires_config_enabled MBEDTLS_FS_IO;;
esac
@@ -1823,7 +1825,7 @@
run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \
-F "handshake_memory_check $MEMORY_USAGE_LIMIT"
@@ -1842,7 +1844,7 @@
run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \
-F "handshake_memory_get MEMORY_USAGE_MFL_16K"
@@ -2115,7 +2117,7 @@
requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV force_version=tls12 auth_mode=required" \
- "$P_CLI crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \
0
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
@@ -2126,7 +2128,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
- "$P_SRV crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \
"$P_CLI force_version=tls12" \
0
@@ -2140,8 +2142,8 @@
requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV force_version=tls12\
- key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI" \
0
@@ -2159,8 +2161,8 @@
requires_hash_alg SHA_256
run_test "CA callback on server" \
"$P_SRV force_version=tls12 auth_mode=required" \
- "$P_CLI ca_callback=1 debug_level=3 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
0 \
-c "use CA callback for X.509 CRT verification" \
-s "Verifying peer X.509 certificate... ok" \
@@ -2173,10 +2175,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key" \
- "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
+ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
0 \
-c "key type: Opaque" \
-c "Ciphersuite is TLS-ECDHE-ECDSA" \
@@ -2192,10 +2194,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key" \
- "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
-c "Ciphersuite is TLS-ECDHE-RSA" \
@@ -2209,10 +2211,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: DHE-RSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key" \
- "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
@@ -2228,8 +2230,8 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2244,8 +2246,8 @@
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDH-" \
"$P_SRV auth_mode=required key_opaque=1\
- crt_file=../framework/data_files/server5.ku-ka.crt\
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none" \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2260,8 +2262,8 @@
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2277,8 +2279,8 @@
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2292,8 +2294,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2308,8 +2310,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2322,8 +2324,8 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
1 \
@@ -2338,9 +2340,9 @@
requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server7.crt \
- key_file=../framework/data_files/server7.key key_opaque_algs=ecdh,none \
- crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \
+ "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \
+ key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \
+ crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \
key_opaque_algs2=ecdsa-sign,none" \
"$P_CLI force_version=tls12" \
0 \
@@ -2357,9 +2359,9 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server7.crt \
- key_file=../framework/data_files/server7.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \
+ key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \
key_opaque_algs2=ecdh,none debug_level=3" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \
0 \
@@ -2376,10 +2378,10 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=../framework/data_files/server2-sha256.crt \
- key_file2=../framework/data_files/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2454,8 +2456,8 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2470,8 +2472,8 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA" \
- "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2518,10 +2520,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
- "$P_CLI crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-s "key types: Opaque, none" \
-s "got ciphersuites in common, but none of them usable" \
@@ -2535,10 +2537,10 @@
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque keys for server authentication: RSA keys with different algs" \
- "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none \
- crt_file2=../framework/data_files/server4.crt \
- key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \
+ crt_file2=$DATA_FILES_PATH/server4.crt \
+ key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2555,10 +2557,10 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=../framework/data_files/server4.crt \
- key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=$DATA_FILES_PATH/server4.crt \
+ key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2575,10 +2577,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
- "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
0 \
-c "key type: Opaque" \
-c "Verifying peer X.509 certificate... ok" \
@@ -2596,10 +2598,10 @@
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
-c "Verifying peer X.509 certificate... ok" \
@@ -2615,10 +2617,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: DHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "key type: Opaque" \
@@ -2710,8 +2712,8 @@
requires_hash_alg SHA_256
run_test "Single supported algorithm sending: openssl client" \
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
- "$O_CLI -cert ../framework/data_files/server6.crt \
- -key ../framework/data_files/server6.key" \
+ "$O_CLI -cert $DATA_FILES_PATH/server6.crt \
+ -key $DATA_FILES_PATH/server6.key" \
0
# Tests for certificate verification callback
@@ -2738,19 +2740,19 @@
# Tests for SHA-1 support
requires_hash_alg SHA_1
run_test "SHA-1 forbidden by default in server certificate" \
- "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \
"$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
requires_hash_alg SHA_1
run_test "SHA-1 explicitly allowed in server certificate" \
- "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_version=tls12 allow_sha1=1" \
0
run_test "SHA-256 allowed by default in server certificate" \
- "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2-sha256.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \
"$P_CLI force_version=tls12 allow_sha1=0" \
0
@@ -2758,7 +2760,7 @@
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \
+ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
@@ -2766,14 +2768,14 @@
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
- "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \
+ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
0
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha256.crt" \
+ "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \
0
# Tests for datagram packing
@@ -5739,8 +5741,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: no trailing bytes" \
- "$P_SRV crt_file=../framework/data_files/server5-der0.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5748,8 +5750,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing zero byte" \
- "$P_SRV crt_file=../framework/data_files/server5-der1a.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5757,8 +5759,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing random byte" \
- "$P_SRV crt_file=../framework/data_files/server5-der1b.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5766,8 +5768,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 2 trailing random bytes" \
- "$P_SRV crt_file=../framework/data_files/server5-der2.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5775,8 +5777,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 4 trailing random bytes" \
- "$P_SRV crt_file=../framework/data_files/server5-der4.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5784,8 +5786,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 8 trailing random bytes" \
- "$P_SRV crt_file=../framework/data_files/server5-der8.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5793,8 +5795,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 9 trailing random bytes" \
- "$P_SRV crt_file=../framework/data_files/server5-der9.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5804,8 +5806,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server badcert, client required" \
- "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI debug_level=1 auth_mode=required" \
1 \
-c "x509_verify_cert() returned" \
@@ -5814,8 +5816,8 @@
-c "X509 - Certificate verification failed"
run_test "Authentication: server badcert, client optional" \
- "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=optional" \
0 \
-c "x509_verify_cert() returned" \
@@ -5854,8 +5856,8 @@
# different means to have the server ignoring the client's supported curve list.
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
1 \
-c "bad certificate (EC key curve)"\
@@ -5863,8 +5865,8 @@
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \
-c "bad certificate (EC key curve)"\
@@ -5872,8 +5874,8 @@
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
run_test "Authentication: server badcert, client none" \
- "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
@@ -5884,8 +5886,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
0 \
-c "Supported Signature Algorithm found: 04 " \
@@ -5894,8 +5896,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA384, server required" \
"$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
0 \
-c "Supported Signature Algorithm found: 04 " \
@@ -5905,7 +5907,7 @@
run_test "Authentication: client has no cert, server required (TLS)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=none \
- key_file=../framework/data_files/server5.key" \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5920,8 +5922,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5940,9 +5942,9 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert self-signed and trusted, server required" \
- "$P_SRV debug_level=3 auth_mode=required ca_file=../framework/data_files/server5-selfsigned.crt" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5957,8 +5959,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5974,8 +5976,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5992,8 +5994,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=3 auth_mode=none" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
0 \
-s "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6071,27 +6073,27 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int chain, client default" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \
- key_file=../framework/data_files/dir-maxpath/09.key" \
- "$P_CLI server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
+ "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
0 \
-C "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client default" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
- "$P_CLI server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
+ "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
1 \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
auth_mode=optional" \
1 \
-c "X509 - A fatal error occurred"
@@ -6099,9 +6101,9 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client none" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
auth_mode=none" \
0 \
-C "X509 - A fatal error occurred"
@@ -6109,36 +6111,36 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server default" \
- "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
0 \
-S "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server optional" \
- "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server required" \
- "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int chain, server required" \
- "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \
- key_file=../framework/data_files/dir-maxpath/09.key" \
+ "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
0 \
-S "X509 - A fatal error occurred"
@@ -6147,23 +6149,23 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key" \
+ "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key" \
0 \
-s "requested DN"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key" \
+ "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key" \
0 \
-S "requested DN"
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-S "requested DN" \
-s "x509_verify_cert() returned" \
@@ -6175,33 +6177,33 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
- crt_file2=../framework/data_files/server1.crt \
- key_file2=../framework/data_files/server1.key" \
+ crt_file2=$DATA_FILES_PATH/server1.crt \
+ key_file2=$DATA_FILES_PATH/server1.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
- crt_file2=../framework/data_files/server2.crt \
- key_file2=../framework/data_files/server2.key" \
+ crt_file2=$DATA_FILES_PATH/server2.crt \
+ key_file2=$DATA_FILES_PATH/server2.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=localhost"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt hs DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \
- crt_file2=../framework/data_files/server1.crt \
- key_file2=../framework/data_files/server1.key" \
+ crt_file2=$DATA_FILES_PATH/server1.crt \
+ key_file2=$DATA_FILES_PATH/server1.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
@@ -6210,8 +6212,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \
- "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6222,8 +6224,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \
- "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
0 \
-c "use CA callback for X.509 CRT verification" \
@@ -6241,8 +6243,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6252,8 +6254,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6265,8 +6267,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
0 \
-s "use CA callback for X.509 CRT verification" \
@@ -6277,8 +6279,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
- key_file=../framework/data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
+ key_file=$DATA_FILES_PATH/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
0 \
-s "use CA callback for X.509 CRT verification" \
@@ -6288,8 +6290,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6311,8 +6313,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6330,8 +6332,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
0 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6350,9 +6352,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \
- key_file=../framework/data_files/dir-maxpath/09.key" \
- "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
0 \
-c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred"
@@ -6361,9 +6363,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
@@ -6372,9 +6374,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6384,9 +6386,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
@@ -6395,9 +6397,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
- key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
@@ -6406,9 +6408,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \
- key_file=../framework/data_files/dir-maxpath/09.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
+ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
0 \
-s "use CA callback for X.509 CRT verification" \
-S "X509 - A fatal error occurred"
@@ -6417,10 +6419,10 @@
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
- "$P_SRV force_version=tls12 crt_file=../framework/data_files/server5.crt \
- key_file=../framework/data_files/server5.key \
- crt_file2=../framework/data_files/server5-sha1.crt \
- key_file2=../framework/data_files/server5.key" \
+ "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key \
+ crt_file2=$DATA_FILES_PATH/server5-sha1.crt \
+ key_file2=$DATA_FILES_PATH/server5.key" \
"$P_CLI" \
0 \
-c "signed using.*ECDSA with SHA256" \
@@ -6432,7 +6434,7 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI server_name=localhost" \
0 \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
@@ -6442,8 +6444,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=localhost" \
0 \
-s "parse ServerName extension" \
@@ -6454,8 +6456,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example" \
0 \
-s "parse ServerName extension" \
@@ -6466,8 +6468,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=nonesuch.example" \
1 \
-s "parse ServerName extension" \
@@ -6479,8 +6481,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-S "skip write certificate request" \
@@ -6493,8 +6495,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-S "skip write certificate request" \
@@ -6507,8 +6509,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-s "skip write certificate request" \
@@ -6519,11 +6521,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6538,11 +6540,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6557,11 +6559,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6579,7 +6581,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI server_name=localhost dtls=1" \
0 \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
@@ -6589,8 +6591,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=localhost dtls=1" \
0 \
-s "parse ServerName extension" \
@@ -6601,8 +6603,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example dtls=1" \
0 \
-s "parse ServerName extension" \
@@ -6612,8 +6614,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no matching cert" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=nonesuch.example dtls=1" \
1 \
-s "parse ServerName extension" \
@@ -6625,8 +6627,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-S "skip write certificate request" \
@@ -6639,8 +6641,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-S "skip write certificate request" \
@@ -6653,8 +6655,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-s "skip write certificate request" \
@@ -6667,11 +6669,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6686,11 +6688,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6705,11 +6707,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dtls=1 \
- ca_file=../framework/data_files/test-ca.crt \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \
+ ca_file=$DATA_FILES_PATH/test-ca.crt \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
+ crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -7635,45 +7637,45 @@
# server-side certificate/suite selection
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
- crt_file=../framework/data_files/server2.ku-ds.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
+ crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
- crt_file=../framework/data_files/server2.ku-ke.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
+ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
- crt_file=../framework/data_files/server2.ku-ka.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
+ crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \
"$P_CLI" \
1 \
-C "Ciphersuite is "
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ds.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ka.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDH-"
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
- "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.ku-ke.crt" \
+ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI" \
1 \
-C "Ciphersuite is "
@@ -7682,8 +7684,8 @@
# client-side checking of server cert
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds_ke.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7692,8 +7694,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds_ke.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7702,8 +7704,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7712,8 +7714,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
@@ -7722,8 +7724,8 @@
-C "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7733,8 +7735,8 @@
-c "! Usage does not match the keyUsage extension"
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7743,8 +7745,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \
@@ -7753,8 +7755,8 @@
-C "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7767,8 +7769,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2-sha256.ku-ds_ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7779,8 +7781,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2-sha256.ku-ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7791,8 +7793,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2-sha256.ku-ka.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7803,8 +7805,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ds.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7815,8 +7817,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7827,8 +7829,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ka.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7841,8 +7843,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ds.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7851,8 +7853,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ke.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7860,8 +7862,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2.ku-ke.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
@@ -7869,8 +7871,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ds.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7879,8 +7881,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ka.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7890,8 +7892,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2-sha256.ku-ds.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7902,8 +7904,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \
- -cert ../framework/data_files/server2-sha256.ku-ke.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
+ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7913,8 +7915,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ds.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7925,8 +7927,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.ku-ka.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7935,29 +7937,29 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: serverAuth -> OK" \
- "$P_SRV key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.eku-srv.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
- "$P_SRV key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.eku-srv.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
- "$P_SRV key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.eku-cs_any.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: codeSign -> fail" \
- "$P_SRV key_file=../framework/data_files/server5.key \
- crt_file=../framework/data_files/server5.eku-cli.crt" \
+ "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
+ crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \
"$P_CLI" \
1
@@ -7965,8 +7967,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7975,8 +7977,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv_cli.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7985,8 +7987,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs_any.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7995,8 +7997,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \
- "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs.crt" \
+ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -8007,8 +8009,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8019,8 +8021,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv_cli.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8031,8 +8033,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs_any.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8043,8 +8045,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -8056,8 +8058,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cli.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8065,8 +8067,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv_cli.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8074,8 +8076,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs_any.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8083,8 +8085,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8092,8 +8094,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs.crt" \
+ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
@@ -8103,8 +8105,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cli.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8114,8 +8116,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-srv_cli.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8125,8 +8127,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs_any.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8136,8 +8138,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
- -cert ../framework/data_files/server5.eku-cs.crt" \
+ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
+ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8153,7 +8155,7 @@
-c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
- "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=3" \
0 \
@@ -8177,49 +8179,49 @@
-C "DHM prime too short:"
run_test "DHM size: server 1024, client default, OK" \
- "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 999, client 999, OK" \
- "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client 1000, OK" \
- "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client default, rejected" \
- "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 1000, client 1001, rejected" \
- "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1001" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 999, client 1000, rejected" \
- "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 998, client 999, rejected" \
- "$P_SRV dhm_file=../framework/data_files/dh.998.pem" \
+ "$P_SRV dhm_file=$DATA_FILES_PATH/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
1 \
@@ -9435,7 +9437,7 @@
run_test "EC restart: TLS, default" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9448,7 +9450,7 @@
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=0" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9461,7 +9463,7 @@
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=65535" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9476,7 +9478,7 @@
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9492,7 +9494,7 @@
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9506,10 +9508,10 @@
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
1 \
-c "x509_verify_cert.*4b00" \
@@ -9526,10 +9528,10 @@
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9547,10 +9549,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9567,10 +9569,10 @@
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9588,10 +9590,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=../framework/data_files/server5-badsign.crt \
- key_file=../framework/data_files/server5.key" \
+ crt_file=$DATA_FILES_PATH/server5-badsign.crt \
+ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9609,7 +9611,7 @@
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9625,7 +9627,7 @@
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9672,7 +9674,7 @@
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9718,8 +9720,8 @@
run_test "SSL async private: sign, SNI" \
"$P_SRV force_version=tls12 debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example" \
0 \
-s "Async sign callback: using key slot " \
@@ -9799,8 +9801,8 @@
run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 0," \
@@ -9812,8 +9814,8 @@
run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \
async_operations=s async_private_delay2=1 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 0," \
@@ -9825,8 +9827,8 @@
run_test "SSL async private: slot 1 used with key2" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 1," \
@@ -9838,8 +9840,8 @@
run_test "SSL async private: fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt " \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: no key matches this certificate."
@@ -9946,8 +9948,8 @@
run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
[ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
@@ -9968,8 +9970,8 @@
run_test "SSL async private: sign, error in resume then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \
- key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
- key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
+ key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
+ key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
[ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
@@ -10336,13 +10338,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
0 \
@@ -10357,13 +10359,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
0 \
@@ -10382,13 +10384,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
0 \
@@ -10403,13 +10405,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10432,13 +10434,13 @@
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10453,13 +10455,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10482,13 +10484,13 @@
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10502,13 +10504,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference) (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
mtu=4096" \
0 \
@@ -10522,13 +10524,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=3500-60000 \
mtu=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=3500-60000 \
mtu=1024" \
0 \
@@ -10542,13 +10544,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
mtu=2048" \
0 \
@@ -10563,13 +10565,13 @@
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=2500-60000 \
mtu=1024" \
0 \
@@ -10585,13 +10587,13 @@
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=2500-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=2500-60000 \
mtu=512" \
@@ -10613,12 +10615,12 @@
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=400-3200" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=400-3200" \
0 \
@@ -10634,12 +10636,12 @@
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-10000" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000" \
0 \
@@ -10658,13 +10660,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=10000-60000 \
mtu=1024" \
0 \
@@ -10684,13 +10686,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
mtu=512" \
@@ -10708,13 +10710,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=10000-60000 \
mtu=1024 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=10000-60000 \
mtu=1024 nbio=2" \
0 \
@@ -10731,13 +10733,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=10000-60000 \
mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
mtu=512 nbio=2" \
@@ -10764,13 +10766,13 @@
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=10000-60000 \
mtu=1450" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=10000-60000 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \
@@ -10791,14 +10793,14 @@
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
exchanges=2 renegotiation=1 \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
hs_timeout=10000-60000 \
@@ -10820,14 +10822,14 @@
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
exchanges=2 renegotiation=1 \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
@@ -10849,15 +10851,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10879,15 +10881,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10908,15 +10910,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10934,12 +10936,12 @@
run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-10000 mtu=512" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000 mtu=512" \
0 \
@@ -10955,12 +10957,12 @@
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-10000 mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000 mtu=512 nbio=2" \
0 \
@@ -10979,8 +10981,8 @@
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11000,8 +11002,8 @@
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
@@ -11013,8 +11015,8 @@
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11025,8 +11027,8 @@
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
@@ -11045,8 +11047,8 @@
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11060,8 +11062,8 @@
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
@@ -11078,8 +11080,8 @@
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server8_int-ca2.crt \
- key_file=../framework/data_files/server8.key \
+ crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
+ key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11095,8 +11097,8 @@
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=../framework/data_files/server7_int-ca.crt \
- key_file=../framework/data_files/server7.key \
+ crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
+ key_file=$DATA_FILES_PATH/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
@@ -12267,7 +12269,7 @@
requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255"
requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256"
run_test "TLS 1.3: Default" \
- "$P_SRV allow_sha1=0 debug_level=3 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key force_version=tls13" \
+ "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \
"$P_CLI allow_sha1=0" \
0 \
-s "Protocol is TLSv1.3" \
@@ -12441,7 +12443,7 @@
requires_config_enabled MBEDTLS_SSL_ALPN
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - openssl" \
- "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \
"$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \
0 \
-s "found alpn extension" \
@@ -12456,7 +12458,7 @@
requires_config_enabled MBEDTLS_SSL_ALPN
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - gnutls" \
- "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \
0 \
-s "found alpn extension" \
@@ -12503,7 +12505,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12517,8 +12519,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \
- key_file=../framework/data_files/cli2.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \
+ key_file=$DATA_FILES_PATH/cli2.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12532,8 +12534,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
- key_file=../framework/data_files/ecdsa_secp256r1.key" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12548,8 +12550,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
- key_file=../framework/data_files/ecdsa_secp256r1.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12563,8 +12565,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
- key_file=../framework/data_files/ecdsa_secp384r1.key" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12579,8 +12581,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
- key_file=../framework/data_files/ecdsa_secp384r1.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12594,8 +12596,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12610,8 +12612,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12626,8 +12628,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12643,8 +12645,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12659,8 +12661,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12676,8 +12678,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12692,8 +12694,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12709,8 +12711,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12726,8 +12728,8 @@
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12743,8 +12745,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12759,7 +12761,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12774,8 +12776,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \
- key_file=../framework/data_files/cli2.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \
+ key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12790,8 +12792,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
- key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12807,8 +12809,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
- key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12823,8 +12825,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
- key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12840,8 +12842,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
- key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12856,8 +12858,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12873,8 +12875,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12890,8 +12892,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12908,8 +12910,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12925,8 +12927,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12943,8 +12945,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12960,8 +12962,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
- key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
+ key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12978,8 +12980,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
- key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+ key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12996,8 +12998,8 @@
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -13014,8 +13016,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
- key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
+ key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -13091,7 +13093,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13108,8 +13110,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
- "$O_NEXT_CLI -msg -debug -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3 -no_middlebox" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
+ "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13128,7 +13130,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13147,8 +13149,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
- "$G_NEXT_CLI localhost -d 4 --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13166,7 +13168,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$P_CLI debug_level=4" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13185,8 +13187,8 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13202,7 +13204,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
1 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13220,7 +13222,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \
- "$P_SRV debug_level=4 auth_mode=optional crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13267,9 +13269,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
- sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
- "$O_NEXT_CLI -msg -debug -servername localhost -CAfile ../framework/data_files/test-ca_cat12.crt -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
+ sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
+ "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13280,9 +13282,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
- sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
- "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
+ sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
+ "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13293,9 +13295,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
- sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
+ sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
+ "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13419,7 +13421,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13432,7 +13434,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13444,7 +13446,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13459,7 +13461,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13474,7 +13476,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13490,7 +13492,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13615,7 +13617,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13628,7 +13630,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13640,7 +13642,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13655,7 +13657,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13671,7 +13673,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13688,7 +13690,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13701,10 +13703,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
-Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13717,10 +13719,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13734,10 +13736,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13753,11 +13755,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, O->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
- -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
+ -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
0 \
-c "TLSv1.3" \
@@ -13771,11 +13773,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, G->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
- --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
+ --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \
0 \
-c "Negotiated version: 3.4" \
@@ -13790,11 +13792,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
- --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
+ --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13806,11 +13808,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
- -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
+ -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13822,10 +13824,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
- "$P_CLI allow_sha1=0 debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
+ "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13837,9 +13839,9 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, G->m" \
"$P_SRV debug_level=4
- crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
+ crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
--priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
@@ -13851,9 +13853,9 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, O->m" \
"$P_SRV debug_level=4
- crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
+ crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
-sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
@@ -13865,7 +13867,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, m->m" \
"$P_SRV debug_level=4
- crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
+ crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
"$P_CLI allow_sha1=0 debug_level=4 \
sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \
@@ -13878,10 +13880,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
-Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13892,10 +13894,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13907,10 +13909,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
- crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
+ crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
+ crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13920,10 +13922,10 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
-msg -tls1_2
-Verify 10 " \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
min_version=tls12 max_version=tls13 " \
0 \
@@ -13936,10 +13938,10 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
- "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
+ "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
min_version=tls12 max_version=tls13 " \
0 \
@@ -13957,8 +13959,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -13979,8 +13981,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14001,8 +14003,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14023,8 +14025,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14045,8 +14047,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14066,8 +14068,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14089,8 +14091,8 @@
requires_gnutls_next_disable_tls13_compat
client_needs_more_time 4
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14111,8 +14113,8 @@
requires_config_enabled PSA_WANT_DH_RFC7919_8192
client_needs_more_time 4
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \