commit f75c70bb8141ed28487c46ea333fb42876f9908e
author Gilles Peskine <Gilles.Peskine@arm.com> Tue May 28 19:18:46 2024 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 26 20:03:27 2024 +0200
tree 6eb3260e3fb28321708887e81a8dfca5617b749e
parent c08d5bfda734b3379a9ceb45e9d7465d61bf6455

Explain why we require TLS client and server simultaneously

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

scripts/generate_config_tests.py

diff --git a/scripts/generate_config_tests.py b/scripts/generate_config_tests.py
index 8121d1b..921c635 100755
--- a/scripts/generate_config_tests.py
+++ b/scripts/generate_config_tests.py
@@ -81,6 +81,14 @@
             return 'MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC'
         if name.startswith('MBEDTLS_PK_PARSE_EC_'):
             return 'MBEDTLS_PK_C:MBEDTLS_PK_HAVE_ECC_KEYS'
+        # For TLS options, insist on having them once off and once on in
+        # a configuration where both client support and server support are
+        # enabled. The options are also meaningful when only one side is
+        # enabled, but there isn't much point in having separate records
+        # for client-side and server-side, so we keep things simple.
+        # Requiring both sides to be enabled also means we know we'll run
+        # tests that only run Mbed TLS against itself, which only run in
+        # configurations with both sides enabled.
         if name.startswith('MBEDTLS_SSL_TLS1_3_') or \
            name == 'MBEDTLS_SSL_EARLY_DATA':
             return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3'