Address review comments regarding ssl_client2 and ssl tests
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d4c73fc..e13c7cb 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -470,7 +470,7 @@
* set of trusted certificates (such as a hashtable) and only
* return those trusted certificates which satisfy basic
* parental checks, such as the matching of child `Issuer`
- * and parent `Subject` field. */
+ * and parent `Subject` field or matching key identifiers. */
((void) child);
first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6f967da..e9322ec 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -947,10 +947,6 @@
"$P_CLI ca_callback=1 debug_level=3 " \
0 \
-c "use CA callback for X.509 CRT verification"\
- -s "Protocol is TLSv1.2" \
- -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
- -s "client hello v3, signature_algorithm ext: 6" \
- -s "ECDHE curve: secp521r1" \
-S "error" \
-C "error"
@@ -2602,7 +2598,8 @@
0 \
-c "Handshake was completed" \
-# Tests for auth_mode
+# Tests for auth_mode, there are duplicated tests using ca callback for authentication
+# When updating these tests, modify the matching authentication tests accordingly
run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \
@@ -2981,7 +2978,8 @@
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
-# Tests for auth_mode, using CA callback
+# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
+# When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \