TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / fd8332e15ff7395e58703433a17c34a3cfdae8ac^! / .
commitfd8332e15ff7395e58703433a17c34a3cfdae8ac[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Wed May 03 16:25:07 2017 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Wed May 03 16:25:07 2017 +0200
treec30244b2cf71fae59597cd54ee9dd26ae33734c4
parentf982852bf056d1106f87b974252b276ec0ede061 [diff]
SSL tests: server requires auth, client has no certificate

Added explicit test cases where the client has no certificate but the
server requires one.

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7f68249..4f633fc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -1794,6 +1794,38 @@
             -c "Supported Signature Algorithm found: 4," \
             -c "Supported Signature Algorithm found: 5,"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test    "Authentication: client has no cert, server required (SSLv3)" \
+            "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
+            "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
+             key_file=data_files/server5.key" \
+            1 \
+            -S "skip write certificate request" \
+            -C "skip parse certificate request" \
+            -c "got a certificate request" \
+            -c "got no certificate to send" \
+            -S "x509_verify_cert() returned" \
+            -s "client has no certificate" \
+            -s "! mbedtls_ssl_handshake returned" \
+            -c "! mbedtls_ssl_handshake returned" \
+            -s "No client certification received from the client, but required by the authentication mode"
+
+run_test    "Authentication: client has no cert, server required (TLS)" \
+            "$P_SRV debug_level=3 auth_mode=required" \
+            "$P_CLI debug_level=3 crt_file=none \
+             key_file=data_files/server5.key" \
+            1 \
+            -S "skip write certificate request" \
+            -C "skip parse certificate request" \
+            -c "got a certificate request" \
+            -c "= write certificate$" \
+            -C "skip write certificate$" \
+            -S "x509_verify_cert() returned" \
+            -s "client has no certificate" \
+            -s "! mbedtls_ssl_handshake returned" \
+            -c "! mbedtls_ssl_handshake returned" \
+            -s "No client certification received from the client, but required by the authentication mode"
+
 run_test    "Authentication: client badcert, server required" \
             "$P_SRV debug_level=3 auth_mode=required" \
             "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -1882,6 +1914,16 @@
             -c "skip write certificate verify" \
             -C "! mbedtls_ssl_handshake returned"
 
+run_test    "Authentication: client no cert, openssl server required" \
+            "$O_SRV -Verify 10" \
+            "$P_CLI debug_level=3 crt_file=none key_file=none" \
+            1 \
+            -C "skip parse certificate request" \
+            -c "got a certificate request" \
+            -C "skip write certificate$" \
+            -c "skip write certificate verify" \
+            -c "! mbedtls_ssl_handshake returned"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
 run_test    "Authentication: client no cert, ssl3" \
             "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \