Test ssl_client1
Test ssl_client1 with both TLS 1.2 and TLS 1.3.
Test against both OpenSSL and GnuTLS.
Clean up compile-time requirements in ssl_client1.c: any certificate-based
key exchange is ok, so don't insist on built-in RSA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index e51bbd4..3d6e67c 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -9,17 +9,14 @@
#include "mbedtls/platform.h"
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
- !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
- !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
- !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C)
int main(void)
{
- mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
- "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
- "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
- "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
@@ -288,6 +285,5 @@
mbedtls_exit(exit_code);
}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
- MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
- MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
+
+#endif /* configuration allows running this program */
diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
index 05db6b8..88bee47 100644
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@@ -4,3 +4,45 @@
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
: ${PROGRAMS_DIR:=../programs/ssl}
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, openssl server, TLS 1.2" \
+ -P 4433 \
+ "$O_SRV -tls1_2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "New, TLSv1.2, Cipher is" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version tls12
+run_test "Sample: ssl_client1, gnutls server, TLS 1.2" \
+ -P 4433 \
+ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.2" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.2</TD>" \
+ -S "Error" \
+ -C "error"
+
+requires_protocol_version tls13
+run_test "Sample: ssl_client1, openssl server, TLS 1.3" \
+ -P 4433 \
+ "$O_SRV -tls1_3" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -c "New, TLSv1.3, Cipher is" \
+ -S "ERROR" \
+ -C "error"
+
+requires_protocol_version tls13
+run_test "Sample: ssl_client1, gnutls server, TLS 1.3" \
+ -P 4433 \
+ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \
+ "$PROGRAMS_DIR/ssl_client1" \
+ 0 \
+ -s "Version: TLS1.3" \
+ -c "<TD>Protocol version:</TD><TD>TLS1.3</TD>" \
+ -S "Error" \
+ -C "error"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index acb34b3..b210b6d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -491,6 +491,16 @@
requires_certificate_authentication;;
esac
+ case " $CMD_LINE " in
+ *"programs/ssl/ssl_client1 "*)
+ requires_config_enabled MBEDTLS_CTR_DRBG_C
+ requires_config_enabled MBEDTLS_ENTROPY_C
+ requires_config_enabled MBEDTLS_PEM_PARSE_C
+ requires_config_enabled MBEDTLS_SSL_CLI_C
+ requires_certificate_authentication
+ ;;
+ esac
+
case "$CMD_LINE" in
*[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
*/server5*|\