From 6c3d821ff18ea671bc2ebfd0c94aa4db22a32247 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Feb 2022 15:23:23 +0800 Subject: [PATCH] update ssl-opt test cases Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 296 ++++++++++++++++++++++------------------------- 1 file changed, 139 insertions(+), 157 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 35401e043..7b82f0991 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9789,47 +9789,45 @@ run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \ -S "Version: TLS1.2" \ -C "Protocol : TLSv1.2" -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ - "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ - key_file=none" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" - requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ +run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none \ key_file=none" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -s "TLS 1.3" \ + -c "HTTP/1.0 200 ok" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --verify-client-cert" \ + "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=none \ + key_file=none" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ + -s "Version: TLS1.3" \ + -c "HTTP/1.0 200 OK" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no middlebox - openssl" \ +run_test "TLS 1.3: Client authentication, no server middlebox compatibility - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" @@ -9838,14 +9836,12 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ +run_test "TLS 1.3: Client authentication, no server middlebox compatibility - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got a certificate request" \ - -c "<= parse certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" @@ -9853,154 +9849,140 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ - key_file=data_files/ecdsa_secp256r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ - key_file=data_files/ecdsa_secp256r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ - key_file=data_files/ecdsa_secp384r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ - key_file=data_files/ecdsa_secp384r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ - key_file=data_files/ecdsa_secp521r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ - key_file=data_files/ecdsa_secp521r1.key" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ - "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ - "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ - key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_gnutls_tls1_3 -requires_gnutls_next_no_ticket -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_RSA_C -run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ - "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ - key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ - 0 \ - -c "=> parse certificate request" \ - -c "got a certificate request" \ - -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" - -requires_openssl_tls1_3 -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no client certificate - openssl" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: No client authentication, client has certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -no_middlebox" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C -run_test "TLS 1.3: CertificateRequest check, no client certificate - gnutls" \ +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: No client authentication, client has certificate- gnutls" \ "$G_NEXT_SRV --disable-client-cert --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 min_version=tls13 max_version=tls13 crt_file=data_files/cli2.crt \ key_file=data_files/cli2.key" \ 0 \ - -c "=> parse certificate request" \ -c "got no certificate request" \ - -c "<= parse certificate request" + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -C "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox " \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE