Use more specific name in debug message for testing
While 'session hash' is currently unique, so suitable to prove that the
intended code path has been taken, it's a generic enough phrase that in the
future we might add other debug messages containing it in completely unrelated
code paths. In order to future-proof the accuracy of the test, let's use a
more specific string.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cc1f450..dc88af2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1656,7 +1656,8 @@
salt = session_hash;
handshake->calc_verify( ssl, session_hash, &salt_len );
- MBEDTLS_SSL_DEBUG_BUF( 3, "session hash", session_hash, salt_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret",
+ session_hash, salt_len );
}
#endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 50c569a..14dd8bf 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1939,8 +1939,8 @@
-s "found extended master secret extension" \
-s "server hello, adding extended master secret extension" \
-c "found extended_master_secret extension" \
- -c "session hash" \
- -s "session hash"
+ -c "session hash for extended master secret" \
+ -s "session hash for extended master secret"
run_test "Extended Master Secret: client enabled, server disabled" \
"$P_SRV debug_level=3 extended_ms=0" \
@@ -1950,8 +1950,8 @@
-s "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "session hash" \
- -S "session hash"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
run_test "Extended Master Secret: client disabled, server enabled" \
"$P_SRV debug_level=3 extended_ms=1" \
@@ -1961,8 +1961,8 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "session hash" \
- -S "session hash"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client SSLv3, server enabled" \
@@ -1973,8 +1973,8 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "session hash" \
- -S "session hash"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
run_test "Extended Master Secret: client enabled, server SSLv3" \
@@ -1985,8 +1985,8 @@
-S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
- -C "session hash" \
- -S "session hash"
+ -C "session hash for extended master secret" \
+ -S "session hash for extended master secret"
# Tests for FALLBACK_SCSV
@@ -4782,8 +4782,8 @@
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4796,8 +4796,8 @@
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4810,8 +4810,8 @@
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4824,8 +4824,8 @@
0 \
-c "skip PMS generation for opaque PSK"\
-S "skip PMS generation for opaque PSK"\
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4838,8 +4838,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4852,8 +4852,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4865,8 +4865,8 @@
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 extended_ms=1" \
0 \
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - None of the common ciphersuites is usable" \
@@ -4880,8 +4880,8 @@
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 extended_ms=1" \
0 \
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - None of the common ciphersuites is usable" \
@@ -4896,8 +4896,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4910,8 +4910,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4923,8 +4923,8 @@
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=abc psk=dead extended_ms=1" \
0 \
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - None of the common ciphersuites is usable" \
@@ -4938,8 +4938,8 @@
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=abc psk=dead extended_ms=1" \
0 \
- -c "session hash"\
- -s "session hash"\
+ -c "session hash for extended master secret"\
+ -s "session hash for extended master secret"\
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
-S "SSL - None of the common ciphersuites is usable" \
@@ -4954,8 +4954,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4968,8 +4968,8 @@
0 \
-C "skip PMS generation for opaque PSK"\
-s "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4981,8 +4981,8 @@
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -4994,8 +4994,8 @@
psk_identity=def psk=beef" \
0 \
-C "skip PMS generation for opaque PSK"\
- -C "session hash"\
- -S "session hash"\
+ -C "session hash for extended master secret"\
+ -S "session hash for extended master secret"\
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"