TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / cdd5b07eb146f47a8917cba5809d3b4a18037c0a^! / .
commitcdd5b07eb146f47a8917cba5809d3b4a18037c0a[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Aug 12 09:50:18 2024 +0200
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Aug 12 09:50:18 2024 +0200
treed45972c499e6e7cfb950aa186590e90b12960983
parent52c0f5a0fd60688b263b97c39fea232eedff6009 [diff]
Use P_CLI when O_CLI's status is not reliable

Generally speaking, in this group of test we use O_SRV when testing our
client's behaviour, and O_CLI when testing our server's behaviour. I
don't think that's essential, but why not.

Well, for these two tests there's a reason why not: O_CLI often exits 0,
seemingly not minding that the server aborted the handshake with a fatal
alert, but sometimes it exits 1. (I've observed 0 on my machine, on two
runs of OpenCI and Internal CI, and 1 in some test in one run of
Internal CI.)

So, use our client instead, which exits non-zero consistently.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e6e2f99..ac6df5a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -8005,18 +8005,15 @@
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
             "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
-            "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-             -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
-            0 \
+            "$P_CLI key_file=$DATA_FILES_PATH/server2.key \
+             crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
+            1 \
             -s "bad certificate (usage extensions)" \
             -s "Processing of the Certificate handshake message failed" \
             -s "send alert level=2 message=43" \
             -s "! Usage does not match the keyUsage extension" \
             -s "! mbedtls_ssl_handshake returned"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-            #
-            # OpenSSL client does not seem to mind that the server aborts the
-            # handshake with a fatal alert and still exits 0...
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -8047,18 +8044,15 @@
                              MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test    "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
             "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
-            "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-             -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
-            0 \
+            "$P_CLI key_file=$DATA_FILES_PATH/server5.key \
+             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
+            1 \
             -s "bad certificate (usage extensions)" \
             -s "Processing of the Certificate handshake message failed" \
             -s "send alert level=2 message=43" \
             -s "! Usage does not match the keyUsage extension" \
             -s "! mbedtls_ssl_handshake returned"
             # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-            #
-            # OpenSSL client does not seem to mind that the server aborts the
-            # handshake with a fatal alert and still exits 0...
 
 # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection