lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Fix 1.3 failure to update flags for (ext)KeyUsage

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2024-08-08 10:28:56 +02:00
parent 36d1b4a80f
commit ef41d8ccbe
2 changed files with 35 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tests/ssl-opt.sh
View File

@ -7816,13 +7816,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
#-c "send alert level=2 message=43" \
#-C "! Usage does not match the keyUsage extension"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-C "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
@ -7831,13 +7831,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
#-c "send alert level=2 message=43" \
#-C "! Usage does not match the keyUsage extension"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-C "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
@ -7858,13 +7858,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
#-c "send alert level=2 message=43" \
#-C "! Usage does not match the keyUsage extension"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-C "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral
@ -7873,13 +7873,13 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \
"$P_CLI debug_level=3" \
1 \
-c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
#-c "send alert level=2 message=43" \
#-C "! Usage does not match the keyUsage extension"
-C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-C "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for keyUsage in leaf certificates, part 3:
@ -7985,8 +7985,8 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
0 \
-s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
#-s "! Usage does not match the keyUsage extension" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -7998,10 +7998,9 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
0 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "! mbedtls_ssl_handshake returned" \
#-s "send alert level=2 message=43" \
-s "send alert level=2 message=43" \
-s "! mbedtls_ssl_handshake returned"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# (not working now, getting alert 46 instead)
#
# OpenSSL client does not seem to mind that the server aborts the
# handshake with a fatal alert and still exits 0...
@ -8027,8 +8026,8 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed"
#-s "! Usage does not match the keyUsage extension" \
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -8040,10 +8039,9 @@ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
0 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "send alert level=2 message=43" \
-s "! mbedtls_ssl_handshake returned"
#-s "send alert level=2 message=43" \
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# (not working now, getting alert 46 instead)
#
# OpenSSL client does not seem to mind that the server aborts the
# handshake with a fatal alert and still exits 0...