mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Prefer SHA-1 certificates for pre-1.2 clients
This commit is contained in:
@ -956,6 +956,60 @@ run_test "Authentication: client no cert, ssl3" \
|
||||
-C "! ssl_handshake returned" \
|
||||
-S "X509 - Certificate verification failed"
|
||||
|
||||
# Tests for certificate selection based on SHA verson
|
||||
|
||||
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server5-sha1.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1_2" \
|
||||
0 \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server5-sha1.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-C "signed using.*ECDSA with SHA256" \
|
||||
-c "signed using.*ECDSA with SHA1"
|
||||
|
||||
run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server5-sha1.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1" \
|
||||
0 \
|
||||
-C "signed using.*ECDSA with SHA256" \
|
||||
-c "signed using.*ECDSA with SHA1"
|
||||
|
||||
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
|
||||
"$P_SRV crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key \
|
||||
crt_file2=data_files/server6.crt \
|
||||
key_file2=data_files/server6.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "serial number.*09" \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
|
||||
"$P_SRV crt_file=data_files/server6.crt \
|
||||
key_file=data_files/server6.key \
|
||||
crt_file2=data_files/server5.crt \
|
||||
key_file2=data_files/server5.key" \
|
||||
"$P_CLI force_version=tls1_1" \
|
||||
0 \
|
||||
-c "serial number.*0A" \
|
||||
-c "signed using.*ECDSA with SHA256" \
|
||||
-C "signed using.*ECDSA with SHA1"
|
||||
|
||||
# tests for SNI
|
||||
|
||||
run_test "SNI: no SNI callback" \
|
||||
|
Reference in New Issue
Block a user