lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Also activate PSK-only mode when PSK-ephemeral key exchanges are available

Browse Source 
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-09-06 19:08:41 +02:00
parent 0a9f9d6f4f
commit d98b363bec
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/ssl-opt.sh
View File

@ -598,15 +598,19 @@ maybe_adapt_for_psk() {
adapt_cmd_for_psk SRV_CMD "$SRV_CMD" adapt_cmd_for_psk SRV_CMD "$SRV_CMD"
} }
# PSK_PRESENT="YES" if at least one protocol versions supports pure-PSK. # PSK_PRESENT="YES" if at least one protocol versions supports at least
# one PSK key exchange mode.
PSK_PRESENT="NO" PSK_PRESENT="NO"
# PSK_ONLY="YES" if no key exchange is enabled except pure-PSK. # PSK_ONLY="YES" if all the available key exchange modes are PSK-based
# (pure-PSK or PSK-ephemeral, possibly both).
PSK_ONLY="" PSK_ONLY=""
for c in $CONFIGS_ENABLED; do for c in $CONFIGS_ENABLED; do
case $c in case $c in
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";; MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";;
MBEDTLS_KEY_EXCHANGE_PSK_*_ENABLED) PSK_PRESENT="YES";;
MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";; MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";;
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";;
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";;
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";; MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";;
esac esac
done done