Update paths pointing to tests/data_files
These now point to framework/data_files instead.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 646daad..b7bcd13 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -60,12 +60,12 @@
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
-: ${EARLY_DATA_INPUT:=data_files/tls13_early_data.txt}
+: ${EARLY_DATA_INPUT:=../framework/data_files/tls13_early_data.txt}
-O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+O_SRV="$OPENSSL s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"
-G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
-G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
+G_SRV="$GNUTLS_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key"
+G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt"
TCP_CLIENT="$PERL scripts/tcp_client.pl"
# alternative versions of OpenSSL and GnuTLS (no default path)
@@ -97,10 +97,10 @@
fi
if [ -n "${OPENSSL_NEXT:-}" ]; then
- O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
- O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key"
+ O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
+ O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key"
O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www "
- O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt"
+ O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile ../framework/data_files/test-ca_cat12.crt"
O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
@@ -111,7 +111,7 @@
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+ G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key"
G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV"
else
G_NEXT_SRV=false
@@ -119,7 +119,7 @@
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
+ G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile ../framework/data_files/test-ca_cat12.crt"
G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI"
else
G_NEXT_CLI=false
@@ -1704,7 +1704,7 @@
# Check if test uses files
case "$SRV_CMD $CLI_CMD" in
- *data_files/*)
+ *../framework/data_files/*)
requires_config_enabled MBEDTLS_FS_IO;;
esac
@@ -1823,7 +1823,7 @@
run_test "Handshake memory usage (MFL $1)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
0 \
-F "handshake_memory_check $MEMORY_USAGE_LIMIT"
@@ -1842,7 +1842,7 @@
run_test "Handshake memory usage initial (MFL 16384 - default)" \
"$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
"$P_CLI debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
0 \
-F "handshake_memory_get MEMORY_USAGE_MFL_16K"
@@ -2115,7 +2115,7 @@
requires_hash_alg SHA_256
run_test "TLS: password protected client key" \
"$P_SRV force_version=tls12 auth_mode=required" \
- "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
+ "$P_CLI crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \
0
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
@@ -2126,7 +2126,7 @@
requires_config_enabled MBEDTLS_AES_C
requires_hash_alg SHA_256
run_test "TLS: password protected server key" \
- "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
+ "$P_SRV crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest" \
"$P_CLI force_version=tls12" \
0
@@ -2140,8 +2140,8 @@
requires_hash_alg SHA_256
run_test "TLS: password protected server key, two certificates" \
"$P_SRV force_version=tls12\
- key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=../framework/data_files/server2.crt" \
"$P_CLI" \
0
@@ -2159,8 +2159,8 @@
requires_hash_alg SHA_256
run_test "CA callback on server" \
"$P_SRV force_version=tls12 auth_mode=required" \
- "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI ca_callback=1 debug_level=3 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key" \
0 \
-c "use CA callback for X.509 CRT verification" \
-s "Verifying peer X.509 certificate... ok" \
@@ -2173,10 +2173,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server5.crt \
- key_file=data_files/server5.key" \
- "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key" \
+ "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
0 \
-c "key type: Opaque" \
-c "Ciphersuite is TLS-ECDHE-ECDSA" \
@@ -2192,10 +2192,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key" \
- "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
-c "Ciphersuite is TLS-ECDHE-RSA" \
@@ -2209,10 +2209,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: DHE-RSA" \
- "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key" \
- "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ "$P_SRV force_version=tls12 auth_mode=required crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key" \
+ "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
@@ -2228,8 +2228,8 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2244,8 +2244,8 @@
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDH-" \
"$P_SRV auth_mode=required key_opaque=1\
- crt_file=data_files/server5.ku-ka.crt\
- key_file=data_files/server5.key key_opaque_algs=ecdh,none" \
+ crt_file=../framework/data_files/server5.ku-ka.crt\
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2260,8 +2260,8 @@
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
- "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2277,8 +2277,8 @@
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
- "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2292,8 +2292,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
- "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=rsa-decrypt,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2308,8 +2308,8 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
- "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12" \
1 \
@@ -2322,8 +2322,8 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
- "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdh,none \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdh,none \
debug_level=1" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
1 \
@@ -2338,9 +2338,9 @@
requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 key_opaque=1 crt_file=data_files/server7.crt \
- key_file=data_files/server7.key key_opaque_algs=ecdh,none \
- crt_file2=data_files/server5.crt key_file2=data_files/server5.key \
+ "$P_SRV force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server7.crt \
+ key_file=../framework/data_files/server7.key key_opaque_algs=ecdh,none \
+ crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \
key_opaque_algs2=ecdsa-sign,none" \
"$P_CLI force_version=tls12" \
0 \
@@ -2357,9 +2357,9 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
- key_file=data_files/server7.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=data_files/server5.crt key_file2=data_files/server5.key \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server7.crt \
+ key_file=../framework/data_files/server7.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=../framework/data_files/server5.crt key_file2=../framework/data_files/server5.key \
key_opaque_algs2=ecdh,none debug_level=3" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \
0 \
@@ -2376,10 +2376,10 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
- "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=data_files/server2-sha256.crt \
- key_file2=data_files/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=../framework/data_files/server2-sha256.crt \
+ key_file2=../framework/data_files/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2454,8 +2454,8 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
- "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2470,8 +2470,8 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA" \
- "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2518,10 +2518,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
- "$P_CLI crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
+ "$P_CLI crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
-s "key types: Opaque, none" \
-s "got ciphersuites in common, but none of them usable" \
@@ -2535,10 +2535,10 @@
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque keys for server authentication: RSA keys with different algs" \
- "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none \
- crt_file2=data_files/server4.crt \
- key_file2=data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pss,none \
+ crt_file2=../framework/data_files/server4.crt \
+ key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_version=tls12" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2555,10 +2555,10 @@
requires_hash_alg SHA_384
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none \
- crt_file2=data_files/server4.crt \
- key_file2=data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none \
+ crt_file2=../framework/data_files/server4.crt \
+ key_file2=../framework/data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "Verifying peer X.509 certificate... ok" \
@@ -2575,10 +2575,10 @@
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
- "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
+ "$P_CLI key_opaque=1 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
0 \
-c "key type: Opaque" \
-c "Verifying peer X.509 certificate... ok" \
@@ -2596,10 +2596,10 @@
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI force_version=tls12 key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_CLI force_version=tls12 key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
0 \
-c "key type: Opaque" \
-c "Verifying peer X.509 certificate... ok" \
@@ -2615,10 +2615,10 @@
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "Opaque key for client/server authentication: DHE-RSA" \
- "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
- "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none \
+ "$P_SRV auth_mode=required key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
+ "$P_CLI key_opaque=1 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
-c "key type: Opaque" \
@@ -2710,8 +2710,8 @@
requires_hash_alg SHA_256
run_test "Single supported algorithm sending: openssl client" \
"$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
- "$O_CLI -cert data_files/server6.crt \
- -key data_files/server6.key" \
+ "$O_CLI -cert ../framework/data_files/server6.crt \
+ -key ../framework/data_files/server6.key" \
0
# Tests for certificate verification callback
@@ -2738,19 +2738,19 @@
# Tests for SHA-1 support
requires_hash_alg SHA_1
run_test "SHA-1 forbidden by default in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
+ "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \
"$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
requires_hash_alg SHA_1
run_test "SHA-1 explicitly allowed in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
+ "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2.crt" \
"$P_CLI force_version=tls12 allow_sha1=1" \
0
run_test "SHA-256 allowed by default in server certificate" \
- "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
+ "$P_SRV key_file=../framework/data_files/server2.key crt_file=../framework/data_files/server2-sha256.crt" \
"$P_CLI force_version=tls12 allow_sha1=0" \
0
@@ -2758,7 +2758,7 @@
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
+ "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
@@ -2766,14 +2766,14 @@
requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
+ "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha1.crt" \
0
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
- "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
+ "$P_CLI key_file=../framework/data_files/cli-rsa.key crt_file=../framework/data_files/cli-rsa-sha256.crt" \
0
# Tests for datagram packing
@@ -5739,8 +5739,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: no trailing bytes" \
- "$P_SRV crt_file=data_files/server5-der0.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der0.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5748,8 +5748,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing zero byte" \
- "$P_SRV crt_file=data_files/server5-der1a.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der1a.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5757,8 +5757,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with a trailing random byte" \
- "$P_SRV crt_file=data_files/server5-der1b.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der1b.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5766,8 +5766,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 2 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der2.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der2.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5775,8 +5775,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 4 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der4.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der4.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5784,8 +5784,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 8 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der8.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der8.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5793,8 +5793,8 @@
requires_gnutls
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DER format: with 9 trailing random bytes" \
- "$P_SRV crt_file=data_files/server5-der9.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-der9.crt \
+ key_file=../framework/data_files/server5.key" \
"$G_CLI localhost" \
0 \
-c "Handshake was completed" \
@@ -5804,8 +5804,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server badcert, client required" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI debug_level=1 auth_mode=required" \
1 \
-c "x509_verify_cert() returned" \
@@ -5814,8 +5814,8 @@
-c "X509 - Certificate verification failed"
run_test "Authentication: server badcert, client optional" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=optional" \
0 \
-c "x509_verify_cert() returned" \
@@ -5854,8 +5854,8 @@
# different means to have the server ignoring the client's supported curve list.
run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
1 \
-c "bad certificate (EC key curve)"\
@@ -5863,8 +5863,8 @@
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \
-c "bad certificate (EC key curve)"\
@@ -5872,8 +5872,8 @@
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
run_test "Authentication: server badcert, client none" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
@@ -5884,8 +5884,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
0 \
-c "Supported Signature Algorithm found: 04 " \
@@ -5894,8 +5894,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA384, server required" \
"$P_SRV auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
0 \
-c "Supported Signature Algorithm found: 04 " \
@@ -5905,7 +5905,7 @@
run_test "Authentication: client has no cert, server required (TLS)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=none \
- key_file=data_files/server5.key" \
+ key_file=../framework/data_files/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5920,8 +5920,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5940,9 +5940,9 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert self-signed and trusted, server required" \
- "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV debug_level=3 auth_mode=required ca_file=../framework/data_files/server5-selfsigned.crt" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
+ key_file=../framework/data_files/server5.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5957,8 +5957,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client cert not trusted, server required" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
+ key_file=../framework/data_files/server5.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5974,8 +5974,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -5992,8 +5992,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: client badcert, server none" \
"$P_SRV debug_level=3 auth_mode=none" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
0 \
-s "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6071,27 +6071,27 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \
+ key_file=../framework/data_files/dir-maxpath/09.key" \
+ "$P_CLI server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \
0 \
-C "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_CLI server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \
1 \
-c "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
auth_mode=optional" \
1 \
-c "X509 - A fatal error occurred"
@@ -6099,9 +6099,9 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client none" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
auth_mode=none" \
0 \
-C "X509 - A fatal error occurred"
@@ -6109,36 +6109,36 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server default" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
0 \
-S "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server optional" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int+1 chain, server required" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
+ "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
1 \
-s "X509 - A fatal error occurred"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
run_test "Authentication: client max_int chain, server required" \
- "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
+ "$P_SRV ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \
+ key_file=../framework/data_files/dir-maxpath/09.key" \
0 \
-S "X509 - A fatal error occurred"
@@ -6147,23 +6147,23 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send CA list in CertificateRequest (default)" \
"$P_SRV debug_level=3 auth_mode=required" \
- "$P_CLI force_version=tls12 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
+ "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key" \
0 \
-s "requested DN"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: do not send CA list in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI force_version=tls12 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
+ "$P_CLI force_version=tls12 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key" \
0 \
-S "requested DN"
run_test "Authentication: send CA list in CertificateRequest, client self signed" \
"$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
+ key_file=../framework/data_files/server5.key" \
1 \
-S "requested DN" \
-s "x509_verify_cert() returned" \
@@ -6175,33 +6175,33 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
- crt_file2=data_files/server1.crt \
- key_file2=data_files/server1.key" \
+ crt_file2=../framework/data_files/server1.crt \
+ key_file2=../framework/data_files/server1.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
- crt_file2=data_files/server2.crt \
- key_file2=data_files/server2.key" \
+ crt_file2=../framework/data_files/server2.crt \
+ key_file2=../framework/data_files/server2.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=localhost"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: send alt hs DN hints in CertificateRequest" \
"$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \
- crt_file2=data_files/server1.crt \
- key_file2=data_files/server1.key" \
+ crt_file2=../framework/data_files/server1.crt \
+ key_file2=../framework/data_files/server1.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
- crt_file=data_files/server6.crt \
- key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key" \
0 \
-c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
@@ -6210,8 +6210,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6222,8 +6222,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \
- "$P_SRV crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_SRV crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
0 \
-c "use CA callback for X.509 CRT verification" \
@@ -6241,8 +6241,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6252,8 +6252,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
- "$P_SRV debug_level=1 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
+ "$P_SRV debug_level=1 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ka.crt" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6265,8 +6265,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
0 \
-s "use CA callback for X.509 CRT verification" \
@@ -6277,8 +6277,8 @@
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
- key_file=data_files/server6.key \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server6.crt \
+ key_file=../framework/data_files/server6.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
0 \
-s "use CA callback for X.509 CRT verification" \
@@ -6288,8 +6288,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6311,8 +6311,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-selfsigned.crt \
+ key_file=../framework/data_files/server5.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6330,8 +6330,8 @@
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \
- "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
0 \
-s "use CA callback for X.509 CRT verification" \
-S "skip write certificate request" \
@@ -6350,9 +6350,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
- "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c09.pem \
+ key_file=../framework/data_files/dir-maxpath/09.key" \
+ "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=../framework/data_files/dir-maxpath/00.crt" \
0 \
-c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred"
@@ -6361,9 +6361,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt" \
1 \
-c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred"
@@ -6372,9 +6372,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
- "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
- "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
+ "$P_SRV crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
+ "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=../framework/data_files/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \
1 \
-c "use CA callback for X.509 CRT verification" \
@@ -6384,9 +6384,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=optional" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
@@ -6395,9 +6395,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
- key_file=data_files/dir-maxpath/10.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c10.pem \
+ key_file=../framework/data_files/dir-maxpath/10.key" \
1 \
-s "use CA callback for X.509 CRT verification" \
-s "X509 - A fatal error occurred"
@@ -6406,9 +6406,9 @@
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
- "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
- "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
- key_file=data_files/dir-maxpath/09.key" \
+ "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=../framework/data_files/dir-maxpath/00.crt auth_mode=required" \
+ "$P_CLI crt_file=../framework/data_files/dir-maxpath/c09.pem \
+ key_file=../framework/data_files/dir-maxpath/09.key" \
0 \
-s "use CA callback for X.509 CRT verification" \
-S "X509 - A fatal error occurred"
@@ -6417,10 +6417,10 @@
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
- "$P_SRV force_version=tls12 crt_file=data_files/server5.crt \
- key_file=data_files/server5.key \
- crt_file2=data_files/server5-sha1.crt \
- key_file2=data_files/server5.key" \
+ "$P_SRV force_version=tls12 crt_file=../framework/data_files/server5.crt \
+ key_file=../framework/data_files/server5.key \
+ crt_file2=../framework/data_files/server5-sha1.crt \
+ key_file2=../framework/data_files/server5.key" \
"$P_CLI" \
0 \
-c "signed using.*ECDSA with SHA256" \
@@ -6432,7 +6432,7 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
"$P_CLI server_name=localhost" \
0 \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
@@ -6442,8 +6442,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=localhost" \
0 \
-s "parse ServerName extension" \
@@ -6454,8 +6454,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example" \
0 \
-s "parse ServerName extension" \
@@ -6466,8 +6466,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=nonesuch.example" \
1 \
-s "parse ServerName extension" \
@@ -6479,8 +6479,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-S "skip write certificate request" \
@@ -6493,8 +6493,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-S "skip write certificate request" \
@@ -6507,8 +6507,8 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \
"$P_CLI debug_level=3 server_name=localhost" \
0 \
-s "skip write certificate request" \
@@ -6519,11 +6519,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA no override" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6538,11 +6538,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6557,11 +6557,11 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "SNI: CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \
"$P_CLI debug_level=3 server_name=localhost \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6579,7 +6579,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
"$P_CLI server_name=localhost dtls=1" \
0 \
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
@@ -6589,8 +6589,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=localhost dtls=1" \
0 \
-s "parse ServerName extension" \
@@ -6601,8 +6601,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example dtls=1" \
0 \
-s "parse ServerName extension" \
@@ -6612,8 +6612,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, no matching cert" \
"$P_SRV debug_level=3 dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=nonesuch.example dtls=1" \
1 \
-s "parse ServerName extension" \
@@ -6625,8 +6625,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth no override: optional" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-S "skip write certificate request" \
@@ -6639,8 +6639,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: none -> optional" \
"$P_SRV debug_level=3 auth_mode=none dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,optional" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-S "skip write certificate request" \
@@ -6653,8 +6653,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, client auth override: optional -> none" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,none" \
"$P_CLI debug_level=3 server_name=localhost dtls=1" \
0 \
-s "skip write certificate request" \
@@ -6667,11 +6667,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA no override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6686,11 +6686,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override" \
"$P_SRV debug_level=3 auth_mode=optional dtls=1 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,-,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
0 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -6705,11 +6705,11 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "SNI: DTLS, CA override with CRL" \
"$P_SRV debug_level=3 auth_mode=optional \
- crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
- ca_file=data_files/test-ca.crt \
- sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dtls=1 \
+ ca_file=../framework/data_files/test-ca.crt \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,../framework/data_files/test-ca2.crt,../framework/data_files/crl-ec-sha256.pem,required" \
"$P_CLI debug_level=3 server_name=localhost dtls=1 \
- crt_file=data_files/server6.crt key_file=data_files/server6.key" \
+ crt_file=../framework/data_files/server6.crt key_file=../framework/data_files/server6.key" \
1 \
-S "skip write certificate request" \
-C "skip parse certificate request" \
@@ -7635,45 +7635,45 @@
# server-side certificate/suite selection
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
- "$P_SRV force_version=tls12 key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ds.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
+ crt_file=../framework/data_files/server2.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
- "$P_SRV force_version=tls12 key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ke.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
+ crt_file=../framework/data_files/server2.ku-ke.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-RSA-WITH-"
run_test "keyUsage srv: RSA, keyAgreement -> fail" \
- "$P_SRV force_version=tls12 key_file=data_files/server2.key \
- crt_file=data_files/server2.ku-ka.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server2.key \
+ crt_file=../framework/data_files/server2.ku-ka.crt" \
"$P_CLI" \
1 \
-C "Ciphersuite is "
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
- "$P_SRV force_version=tls12 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ds.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ds.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
- "$P_SRV force_version=tls12 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ka.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ka.crt" \
"$P_CLI" \
0 \
-c "Ciphersuite is TLS-ECDH-"
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
- "$P_SRV force_version=tls12 key_file=data_files/server5.key \
- crt_file=data_files/server5.ku-ke.crt" \
+ "$P_SRV force_version=tls12 key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.ku-ke.crt" \
"$P_CLI" \
1 \
-C "Ciphersuite is "
@@ -7682,8 +7682,8 @@
# client-side checking of server cert
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds_ke.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7692,8 +7692,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds_ke.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7702,8 +7702,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7712,8 +7712,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \
@@ -7722,8 +7722,8 @@
-C "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ke.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7733,8 +7733,8 @@
-c "! Usage does not match the keyUsage extension"
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7743,8 +7743,8 @@
-c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \
@@ -7753,8 +7753,8 @@
-C "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
- "$O_SRV -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds.crt" \
"$P_CLI debug_level=1 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \
@@ -7767,8 +7767,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2-sha256.ku-ds_ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2-sha256.ku-ds_ke.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7779,8 +7779,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2-sha256.ku-ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7791,8 +7791,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2-sha256.ku-ka.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7803,8 +7803,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.ku-ds.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ds.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7815,8 +7815,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.ku-ke.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7827,8 +7827,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.ku-ka.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7841,8 +7841,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7851,8 +7851,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7860,8 +7860,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
- "$O_CLI -tls1_2 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
@@ -7869,8 +7869,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.ku-ds.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7879,8 +7879,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.ku-ka.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7890,8 +7890,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
- -cert data_files/server2-sha256.ku-ds.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2-sha256.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7902,8 +7902,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
- -cert data_files/server2-sha256.ku-ke.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server2.key \
+ -cert ../framework/data_files/server2-sha256.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7913,8 +7913,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.ku-ds.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7925,8 +7925,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.ku-ka.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7935,29 +7935,29 @@
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: serverAuth -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-srv.crt" \
+ "$P_SRV key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-srv.crt" \
+ "$P_SRV key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.eku-srv.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-cs_any.crt" \
+ "$P_SRV key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.eku-cs_any.crt" \
"$P_CLI" \
0
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "extKeyUsage srv: codeSign -> fail" \
- "$P_SRV key_file=data_files/server5.key \
- crt_file=data_files/server5.eku-cli.crt" \
+ "$P_SRV key_file=../framework/data_files/server5.key \
+ crt_file=../framework/data_files/server5.eku-cli.crt" \
"$P_CLI" \
1
@@ -7965,8 +7965,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \
- "$O_SRV -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-srv.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7975,8 +7975,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
- "$O_SRV -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7985,8 +7985,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
- "$O_SRV -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7995,8 +7995,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \
- "$O_SRV -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
+ "$O_SRV -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -8007,8 +8007,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.eku-srv.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8019,8 +8019,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8031,8 +8031,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \
0 \
-C "bad certificate (usage extensions)" \
@@ -8043,8 +8043,8 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
- "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
+ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -8056,8 +8056,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cli.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8065,8 +8065,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8074,8 +8074,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8083,8 +8083,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8092,8 +8092,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -tls1_2 -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
+ "$O_CLI -tls1_2 -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
@@ -8103,8 +8103,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.eku-cli.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8114,8 +8114,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.eku-srv_cli.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8125,8 +8125,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.eku-cs_any.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8136,8 +8136,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
- "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \
- -cert data_files/server5.eku-cs.crt" \
+ "$O_NEXT_CLI_NO_CERT -key ../framework/data_files/server5.key \
+ -cert ../framework/data_files/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -8153,7 +8153,7 @@
-c "value of 'DHM: G ' (2 bits)"
run_test "DHM parameters: other parameters" \
- "$P_SRV dhm_file=data_files/dhparams.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=3" \
0 \
@@ -8177,49 +8177,49 @@
-C "DHM prime too short:"
run_test "DHM size: server 1024, client default, OK" \
- "$P_SRV dhm_file=data_files/dhparams.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dhparams.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 999, client 999, OK" \
- "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client 1000, OK" \
- "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client default, rejected" \
- "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 1000, client 1001, rejected" \
- "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1001" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 999, client 1000, rejected" \
- "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 998, client 999, rejected" \
- "$P_SRV dhm_file=data_files/dh.998.pem" \
+ "$P_SRV dhm_file=../framework/data_files/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
1 \
@@ -9435,7 +9435,7 @@
run_test "EC restart: TLS, default" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9448,7 +9448,7 @@
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=0" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9461,7 +9461,7 @@
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=65535" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9476,7 +9476,7 @@
run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9492,7 +9492,7 @@
run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9506,10 +9506,10 @@
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
1 \
-c "x509_verify_cert.*4b00" \
@@ -9526,10 +9526,10 @@
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9547,10 +9547,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=optional" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9567,10 +9567,10 @@
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9588,10 +9588,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required \
- crt_file=data_files/server5-badsign.crt \
- key_file=data_files/server5.key" \
+ crt_file=../framework/data_files/server5-badsign.crt \
+ key_file=../framework/data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000 auth_mode=none" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9609,7 +9609,7 @@
run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9625,7 +9625,7 @@
run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
"$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
0 \
-c "x509_verify_cert.*4b00" \
@@ -9672,7 +9672,7 @@
run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
"$P_SRV groups=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
0 \
-C "x509_verify_cert.*4b00" \
@@ -9718,8 +9718,8 @@
run_test "SSL async private: sign, SNI" \
"$P_SRV force_version=tls12 debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
- crt_file=data_files/server5.crt key_file=data_files/server5.key \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
"$P_CLI server_name=polarssl.example" \
0 \
-s "Async sign callback: using key slot " \
@@ -9799,8 +9799,8 @@
run_test "SSL async private: slot 0 used with key1" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 0," \
@@ -9812,8 +9812,8 @@
run_test "SSL async private: slot 0 used with key2" \
"$P_SRV \
async_operations=s async_private_delay2=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 0," \
@@ -9825,8 +9825,8 @@
run_test "SSL async private: slot 1 used with key2" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_delay2=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: using key slot 1," \
@@ -9838,8 +9838,8 @@
run_test "SSL async private: fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt " \
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async sign callback: no key matches this certificate."
@@ -9946,8 +9946,8 @@
run_test "SSL async private: cancel after start then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-2 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
[ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
@@ -9968,8 +9968,8 @@
run_test "SSL async private: sign, error in resume then fall back to transparent key" \
"$P_SRV \
async_operations=s async_private_delay1=1 async_private_error=-3 \
- key_file=data_files/server5.key crt_file=data_files/server5.crt \
- key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
+ key_file=../framework/data_files/server5.key crt_file=../framework/data_files/server5.crt \
+ key_file2=../framework/data_files/server2.key crt_file2=../framework/data_files/server2.crt" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
[ \$? -eq 1 ] &&
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
@@ -10336,13 +10336,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
0 \
@@ -10357,13 +10357,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
0 \
@@ -10382,13 +10382,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=4096" \
0 \
@@ -10403,13 +10403,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10432,13 +10432,13 @@
run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=none \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10453,13 +10453,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10482,13 +10482,13 @@
run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
-p "$P_PXY mtu=1110" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
max_frag_len=2048" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
max_frag_len=1024" \
0 \
@@ -10502,13 +10502,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: none (for reference) (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
mtu=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
mtu=4096" \
0 \
@@ -10522,13 +10522,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: client (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=3500-60000 \
mtu=4096" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=3500-60000 \
mtu=1024" \
0 \
@@ -10542,13 +10542,13 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS fragmenting: server (MTU)" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
mtu=2048" \
0 \
@@ -10563,13 +10563,13 @@
run_test "DTLS fragmenting: both (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=2500-60000 \
mtu=1024" \
0 \
@@ -10585,13 +10585,13 @@
run_test "DTLS fragmenting: both (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=2500-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=2500-60000 \
mtu=512" \
@@ -10613,12 +10613,12 @@
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=400-3200" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=400-3200" \
0 \
@@ -10634,12 +10634,12 @@
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
-p "$P_PXY mtu=508" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=250-10000" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000" \
0 \
@@ -10658,13 +10658,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=10000-60000 \
mtu=1024" \
0 \
@@ -10684,13 +10684,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
mtu=512" \
@@ -10708,13 +10708,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=10000-60000 \
mtu=1024 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=10000-60000 \
mtu=1024 nbio=2" \
0 \
@@ -10731,13 +10731,13 @@
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=10000-60000 \
mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
mtu=512 nbio=2" \
@@ -10764,13 +10764,13 @@
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
-p "$P_PXY mtu=1450" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=10000-60000 \
mtu=1450" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=10000-60000 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \
@@ -10791,14 +10791,14 @@
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
exchanges=2 renegotiation=1 \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
hs_timeout=10000-60000 \
@@ -10820,14 +10820,14 @@
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
-p "$P_PXY mtu=512" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
exchanges=2 renegotiation=1 \
hs_timeout=10000-60000 \
mtu=512" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=10000-60000 \
@@ -10849,15 +10849,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10879,15 +10879,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10908,15 +10908,15 @@
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
-p "$P_PXY mtu=1024" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
exchanges=2 renegotiation=1 \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
hs_timeout=10000-60000 \
mtu=1024" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
exchanges=2 renegotiation=1 renegotiate=1 \
hs_timeout=10000-60000 \
mtu=1024" \
@@ -10934,12 +10934,12 @@
run_test "DTLS fragmenting: proxy MTU + 3d" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=250-10000 mtu=512" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000 mtu=512" \
0 \
@@ -10955,12 +10955,12 @@
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
-p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 auth_mode=required \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=250-10000 mtu=512 nbio=2" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
hs_timeout=250-10000 mtu=512 nbio=2" \
0 \
@@ -10979,8 +10979,8 @@
run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
"$G_SRV -u" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11000,8 +11000,8 @@
requires_max_content_len 2048
run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
@@ -11013,8 +11013,8 @@
run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
"$O_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11025,8 +11025,8 @@
requires_max_content_len 2048
run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
@@ -11045,8 +11045,8 @@
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$G_NEXT_SRV -u" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11060,8 +11060,8 @@
run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
@@ -11078,8 +11078,8 @@
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$O_NEXT_SRV -dtls1_2 -verify 10" \
"$P_CLI dtls=1 debug_level=2 \
- crt_file=data_files/server8_int-ca2.crt \
- key_file=data_files/server8.key \
+ crt_file=../framework/data_files/server8_int-ca2.crt \
+ key_file=../framework/data_files/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
@@ -11095,8 +11095,8 @@
run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
-p "$P_PXY drop=8 delay=8 duplicate=8" \
"$P_SRV dtls=1 debug_level=2 \
- crt_file=data_files/server7_int-ca.crt \
- key_file=data_files/server7.key \
+ crt_file=../framework/data_files/server7_int-ca.crt \
+ key_file=../framework/data_files/server7.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
@@ -12267,7 +12267,7 @@
requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255"
requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256"
run_test "TLS 1.3: Default" \
- "$P_SRV allow_sha1=0 debug_level=3 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \
+ "$P_SRV allow_sha1=0 debug_level=3 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key force_version=tls13" \
"$P_CLI allow_sha1=0" \
0 \
-s "Protocol is TLSv1.3" \
@@ -12441,7 +12441,7 @@
requires_config_enabled MBEDTLS_SSL_ALPN
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - openssl" \
- "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key alpn=h2" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \
"$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \
0 \
-s "found alpn extension" \
@@ -12456,7 +12456,7 @@
requires_config_enabled MBEDTLS_SSL_ALPN
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: server alpn - gnutls" \
- "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key alpn=h2" \
+ "$P_SRV debug_level=3 tickets=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key alpn=h2" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \
0 \
-s "found alpn extension" \
@@ -12503,7 +12503,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12517,8 +12517,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \
- key_file=data_files/cli2.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \
+ key_file=../framework/data_files/cli2.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12532,8 +12532,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
+ key_file=../framework/data_files/ecdsa_secp256r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12548,8 +12548,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
+ key_file=../framework/data_files/ecdsa_secp256r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12563,8 +12563,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
+ key_file=../framework/data_files/ecdsa_secp384r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12579,8 +12579,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
+ key_file=../framework/data_files/ecdsa_secp384r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12594,8 +12594,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12610,8 +12610,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12626,8 +12626,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12643,8 +12643,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12659,8 +12659,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12676,8 +12676,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12692,8 +12692,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12709,8 +12709,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12726,8 +12726,8 @@
run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12743,8 +12743,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12759,7 +12759,7 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
- "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cli2.crt key_file=../framework/data_files/cli2.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12774,8 +12774,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
- "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \
- key_file=data_files/cli2.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/cli2.crt \
+ key_file=../framework/data_files/cli2.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12790,8 +12790,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
+ key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12807,8 +12807,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \
- key_file=data_files/ecdsa_secp256r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp256r1.crt \
+ key_file=../framework/data_files/ecdsa_secp256r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12823,8 +12823,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
+ key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12840,8 +12840,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \
- key_file=data_files/ecdsa_secp384r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp384r1.crt \
+ key_file=../framework/data_files/ecdsa_secp384r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12856,8 +12856,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12873,8 +12873,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12890,8 +12890,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12908,8 +12908,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12925,8 +12925,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12943,8 +12943,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12960,8 +12960,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
- "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \
- key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/cert_sha256.crt \
+ key_file=../framework/data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12978,8 +12978,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \
- key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/server2-sha256.crt \
+ key_file=../framework/data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
0 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -12996,8 +12996,8 @@
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
"$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
-sigalgs ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -13014,8 +13014,8 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
"$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
- "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \
- key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
+ "$P_CLI debug_level=3 crt_file=../framework/data_files/ecdsa_secp521r1.crt \
+ key_file=../framework/data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
1 \
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
@@ -13091,7 +13091,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13108,8 +13108,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
- "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$O_NEXT_CLI -msg -debug -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3 -no_middlebox" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13128,7 +13128,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13147,8 +13147,8 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
- "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$G_NEXT_CLI localhost -d 4 --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13166,7 +13166,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$P_CLI debug_level=4" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13185,8 +13185,8 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
- "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
@@ -13202,7 +13202,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
1 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13220,7 +13220,7 @@
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \
- "$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 auth_mode=optional crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$P_CLI debug_level=4 crt_file=none key_file=none" \
0 \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
@@ -13267,9 +13267,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - openssl with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \
- sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$O_NEXT_CLI -msg -debug -servername localhost -CAfile data_files/test-ca_cat12.crt -cert data_files/server5.crt -key data_files/server5.key -tls1_3" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
+ sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ "$O_NEXT_CLI -msg -debug -servername localhost -CAfile ../framework/data_files/test-ca_cat12.crt -cert ../framework/data_files/server5.crt -key ../framework/data_files/server5.key -tls1_3" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13280,9 +13280,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - gnutls with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \
- sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
+ sni=localhost,../framework/data_files/server5.crt,../framework/data_files/server5.key,../framework/data_files/test-ca_cat12.crt,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile ../framework/data_files/server5.crt --x509keyfile ../framework/data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13293,9 +13293,9 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Server side check - mbedtls with sni" \
- "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \
- sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
- "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key" \
+ "$P_SRV debug_level=4 auth_mode=required crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0 \
+ sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
+ "$P_CLI debug_level=4 server_name=localhost crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
0 \
-s "parse ServerName extension" \
-s "HTTP/1.0 200 OK"
@@ -13419,7 +13419,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13432,7 +13432,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13444,7 +13444,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$O_NEXT_CLI -msg -debug" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13459,7 +13459,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13474,7 +13474,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13490,7 +13490,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13615,7 +13615,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13628,7 +13628,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13640,7 +13640,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13655,7 +13655,7 @@
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13671,7 +13671,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13688,7 +13688,7 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
- "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \
+ "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key groups=secp384r1 tickets=0" \
"$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
0 \
-s "Protocol is TLSv1.3" \
@@ -13701,10 +13701,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
-Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
- "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13717,10 +13717,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
- "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13734,10 +13734,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
@@ -13753,11 +13753,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, O->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \
- -cert data_files/server2-sha256.crt -key data_files/server2.key \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
+ -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
0 \
-c "TLSv1.3" \
@@ -13771,11 +13771,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check signature algorithm order, G->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \
- --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
+ --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \
0 \
-c "Negotiated version: 3.4" \
@@ -13790,11 +13790,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \
- --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
+ --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13806,11 +13806,11 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \
- -cert data_files/server2-sha256.crt -key data_files/server2.key \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
+ -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13822,10 +13822,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
- "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
+ "$P_CLI allow_sha1=0 debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
@@ -13837,9 +13837,9 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, G->m" \
"$P_SRV debug_level=4
- crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
+ crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \
+ "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile ../framework/data_files/test-ca_cat12.crt \
--priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
@@ -13851,9 +13851,9 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, O->m" \
"$P_SRV debug_level=4
- crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
+ crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
- "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \
+ "$O_NEXT_CLI_NO_CERT -msg -CAfile ../framework/data_files/test-ca_cat12.crt \
-sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
@@ -13865,7 +13865,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check server no suitable certificate, m->m" \
"$P_SRV debug_level=4
- crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
+ crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
"$P_CLI allow_sha1=0 debug_level=4 \
sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \
@@ -13878,10 +13878,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
-Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \
- "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13892,10 +13892,10 @@
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
- "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13907,10 +13907,10 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_SRV debug_level=4 auth_mode=required
- crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key
- crt_file=data_files/server5.crt key_file=data_files/server5.key
+ crt_file2=../framework/data_files/server2-sha256.crt key_file2=../framework/data_files/server2.key
+ crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \
- "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "no suitable signature algorithm"
@@ -13920,10 +13920,10 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \
- "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
+ "$O_NEXT_SRV_NO_CERT -cert ../framework/data_files/server2-sha256.crt -key ../framework/data_files/server2.key
-msg -tls1_2
-Verify 10 " \
- "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
min_version=tls12 max_version=tls13 " \
0 \
@@ -13936,10 +13936,10 @@
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \
- "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
+ "$G_NEXT_SRV_NO_CERT --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key
-d 4
--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
- "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key
+ "$P_CLI debug_level=4 crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key
sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
min_version=tls12 max_version=tls13 " \
0 \
@@ -13957,8 +13957,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -13979,8 +13979,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_3072
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14001,8 +14001,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14023,8 +14023,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_4096
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14045,8 +14045,8 @@
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14066,8 +14066,8 @@
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \
@@ -14089,8 +14089,8 @@
requires_gnutls_next_disable_tls13_compat
client_needs_more_time 4
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
- "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
- "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_SRV crt_file=../framework/data_files/server2-sha256.crt key_file=../framework/data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
+ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile ../framework/data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
0 \
-s "Protocol is TLSv1.3" \
-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
@@ -14111,8 +14111,8 @@
requires_config_enabled PSA_WANT_DH_RFC7919_8192
client_needs_more_time 4
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
- "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
- "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
+ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile ../framework/data_files/server2-sha256.crt --x509keyfile ../framework/data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
+ "$P_CLI ca_file=../framework/data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
0 \
-c "HTTP/1.0 200 OK" \
-c "Protocol is TLSv1.3" \