Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 43b6d04..71be7c3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4331,6 +4331,21 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
+run_test "Authentication: client cert self-signed and trusted, server required" \
+ "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+ key_file=data_files/server5.key" \
+ 0 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -S "x509_verify_cert() returned" \
+ -S "! The certificate is not correctly signed" \
+ -S "X509 - Certificate verification failed"
+
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \