Explain why we require TLS client and server simultaneously

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2024-05-28 19:18:46 +02:00
parent c08d5bfda7
commit f75c70bb81
1 changed files with 8 additions and 0 deletions
--- a/scripts/generate_config_tests.py
+++ b/scripts/generate_config_tests.py
@ -81,6 +81,14 @@ def find_super_option(cfg: config.Config,
            return 'MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC'
        if name.startswith('MBEDTLS_PK_PARSE_EC_'):
            return 'MBEDTLS_PK_C:MBEDTLS_PK_HAVE_ECC_KEYS'
+        # For TLS options, insist on having them once off and once on in
+        # a configuration where both client support and server support are
+        # enabled. The options are also meaningful when only one side is
+        # enabled, but there isn't much point in having separate records
+        # for client-side and server-side, so we keep things simple.
+        # Requiring both sides to be enabled also means we know we'll run
+        # tests that only run Mbed TLS against itself, which only run in
+        # configurations with both sides enabled.
        if name.startswith('MBEDTLS_SSL_TLS1_3_') or \
           name == 'MBEDTLS_SSL_EARLY_DATA':
            return 'MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_PROTO_TLS1_3'