Removing strayed dtls1 after doing tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 081a0b2..8c9caa9 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4811,7 +4811,7 @@
static size_t ssl_transform_get_explicit_iv_len(
mbedtls_ssl_transform const *transform )
{
- if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 )
+ if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
return( 0 );
return( transform->ivlen - transform->fixed_ivlen );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 771e01a..2fcd99d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3579,7 +3579,7 @@
if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
return;
- if( minor < MBEDTLS_SSL_MINOR_VERSION_1 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
+ if( minor != MBEDTLS_SSL_MINOR_VERSION_3 )
return;
set_protocol_version_ciphersuites(conf, minor, ciphersuites);
@@ -6315,7 +6315,7 @@
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
- conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2;
+ conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
#endif
const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 13db30b..f107938 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2641,27 +2641,6 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-run_test "Session resume using tickets, DTLS: openssl server" \
- "$O_SRV -dtls1" \
- "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
- 0 \
- -c "client hello, adding session ticket extension" \
- -c "found session_ticket extension" \
- -c "parse new session ticket" \
- -c "a session has been resumed"
-
-run_test "Session resume using tickets, DTLS: openssl client" \
- "$P_SRV dtls=1 debug_level=3 tickets=1" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -s "server hello, adding session ticket extension" \
- -S "session successfully restored from cache" \
- -s "session successfully restored from ticket" \
- -s "a session has been resumed"
-
# Tests for Session Resume based on session-ID and cache
run_test "Session resume using cache: tickets enabled on client" \
@@ -2850,26 +2829,6 @@
-s "a session has been resumed" \
-c "a session has been resumed"
-run_test "Session resume using cache, DTLS: openssl client" \
- "$P_SRV dtls=1 debug_level=3 tickets=0" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
- rm -f $SESSION )" \
- 0 \
- -s "found session ticket extension" \
- -S "server hello, adding session ticket extension" \
- -s "session successfully restored from cache" \
- -S "session successfully restored from ticket" \
- -s "a session has been resumed"
-
-run_test "Session resume using cache, DTLS: openssl server" \
- "$O_SRV -dtls1" \
- "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
- 0 \
- -C "found session_ticket extension" \
- -C "parse new session ticket" \
- -c "a session has been resumed"
-
# Tests for Max Fragment Length extension
if [ "$MAX_IN_LEN" -lt "4096" ]; then
@@ -6683,34 +6642,6 @@
-C "error" \
-s "Extra-header:"
-run_test "DTLS reassembly: no fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 2048" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -C "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: some fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 768" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: more fragmentation (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
- "$P_CLI dtls=1 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
-run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
- "$O_SRV -dtls1 -mtu 256" \
- "$P_CLI dtls=1 nbio=2 debug_level=2" \
- 0 \
- -c "found fragmented DTLS handshake message" \
- -C "error"
-
# Tests for sending fragmented handshake messages with DTLS
#
# Use client auth when we need the client to send large messages,
@@ -7682,192 +7613,6 @@
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP all profiles supported. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -s "selected srtp profile" \
- -s "server hello, adding use_srtp extension" \
- -s "DTLS-SRTP key material is"\
- -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
- -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -s "selected srtp profile" \
- -s "server hello, adding use_srtp extension" \
- -s "DTLS-SRTP key material is"\
- -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
- -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -s "selected srtp profile" \
- -s "server hello, adding use_srtp extension" \
- -s "DTLS-SRTP key material is"\
- -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
- -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -s "selected srtp profile" \
- -s "server hello, adding use_srtp extension" \
- -s "DTLS-SRTP key material is"\
- -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
- -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -s "selected srtp profile" \
- -s "server hello, adding use_srtp extension" \
- -s "DTLS-SRTP key material is"\
- -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
- -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \
- "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -s "found srtp profile" \
- -S "selected srtp profile" \
- -S "server hello, adding use_srtp extension" \
- -S "DTLS-SRTP key material is"\
- -C "SRTP Extension negotiated, profile"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \
- "$P_SRV dtls=1 debug_level=3" \
- "$O_CLI -dtls1 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- 0 \
- -s "found use_srtp extension" \
- -S "server hello, adding use_srtp extension" \
- -S "DTLS-SRTP key material is"\
- -C "SRTP Extension negotiated, profile"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP all profiles supported. openssl server" \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile" \
- -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \
- -c "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile" \
- -c "selected srtp profile" \
- -c "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
- -c "selected srtp profile" \
- -c "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
- -c "selected srtp profile" \
- -c "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
- -c "selected srtp profile" \
- -c "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -C "found use_srtp extension" \
- -C "found srtp profile" \
- -C "selected srtp profile" \
- -C "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \
- "$O_SRV -dtls1" \
- "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -C "found use_srtp extension" \
- -C "found srtp profile" \
- -C "selected srtp profile" \
- -C "DTLS-SRTP key material is"\
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
-run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \
- "$O_SRV -dtls1 -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
- "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
- 0 \
- -c "client hello, adding use_srtp extension" \
- -c "found use_srtp extension" \
- -c "found srtp profile" \
- -c "selected srtp profile" \
- -c "DTLS-SRTP key material is"\
- -c "DTLS-SRTP no mki value negotiated"\
- -c "dumping 'sending mki' (8 bytes)" \
- -C "dumping 'received mki' (8 bytes)" \
- -C "error"
-
-requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
run_test "DTLS-SRTP all profiles supported. gnutls client." \
"$P_SRV dtls=1 use_srtp=1 debug_level=3" \