77a447ba97
Actually set exporter defaults in ssl_client2
...
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com >
2025-04-16 11:20:49 +02:00
de3d5fdc83
Add TLS-Exporter options to ssl_client2
...
Prints out the exported key on the command line for testing purposes.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com >
2025-04-16 11:20:49 +02:00
7a95d16a31
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-18 16:28:26 +00:00
eec6eb9cd4
programs -> ssl_client2.c: Added option renego_delay to set record buffer depth.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-14 00:10:10 +00:00
b3de9da6b0
mbedtls_ssl_set_hostname tests: baseline
...
Test the current behavior.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-13 21:24:01 +01:00
5544b280ed
Merge pull request #9118 from jetm/ssl-client2-get-req-host-3.6
...
Backport 3.6: ssl_client2: Add Host to HTTP GET request
2024-10-31 11:32:55 +00:00
aa80f5380c
Use libary default in ssl_client2 for new_session_tickets
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-06 10:06:38 +02:00
9f10979853
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2024-08-28 20:48:27 +01:00
9f44c883f4
Rename some "new_session_tickets" symbols
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-08-28 17:47:46 +02:00
d67f801c63
Do not add a new field in the SSL config
...
We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-08-28 10:41:54 +02:00
57ad182644
ssl_client2: Fix new_session_tickets option parsing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-08-28 10:30:24 +02:00
23303a47f4
Enable TLS 1.3 ticket handling in resumption tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-08-27 16:20:40 +02:00
cd4da16eea
Don't call psa_crypto_init in test programs when not required for TLS 1.3
...
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.
This commit changes our test programs to validate that the library
does not have the compatibility-breaking requirement.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-08-25 10:44:39 +02:00
4002e6fdee
Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted
2024-08-23 11:15:11 +02:00
013d0798c0
Always print detailed cert errors in test programs
...
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.
This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-08-08 12:34:56 +02:00
82984bc1be
Adjust spacing in sample programs
...
Signed-off-by: Michael Schuster <michael@schuster.ms >
2024-08-06 12:09:13 +01:00
6fa32fd12d
Fix missing-prototype errors in sample programs
...
Signed-off-by: Michael Schuster <michael@schuster.ms >
2024-08-06 12:09:13 +01:00
7a312d7247
ssl_client2: Add Host to HTTP GET request
...
If an IP address shares multiple domain names with different SSL
certificates and makes a GET request without the remote server name
(host), it will fail with a 421 Misdirect Request.
Signed-off-by: Javier Tia <javier.tia@linaro.org >
2024-05-06 14:01:28 -06:00
7201bc6b05
ssl_client2: Fix early data log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-08 16:03:09 +01:00
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848
...
Deprecate or remove mbedtls_pk_wrap_as_opaque
2024-03-01 15:54:32 +00:00
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data
...
TLS 1.3: Add mbedtls_ssl_write_early_data() API
2024-02-29 14:31:55 +00:00
7541ebea52
programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests
...
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-02-27 10:44:33 +01:00
0aead12706
ssl_client2: Improve loop writing early data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-21 17:37:33 +01:00
b4fd47e897
ssl_client2: Default to library default for early data enablement
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-21 17:37:33 +01:00
a5561893e7
ssl_client2: Add support for early data writing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-07 08:06:46 +01:00
2fe0ec8c31
ssl_client2: Add buffer overflow check
...
Add buffer overflow check to build_http_request().
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-07 08:06:46 +01:00
ccfaefa361
ssl_client2: Switch from int to size_t
...
Switch from int to size_t for some
data lengths and counter local
variables.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-07 08:06:46 +01:00
4e1bd470fb
ssl_client2: Move code to build http request
...
Move code to build http request into a
dedicated function.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-07 08:06:46 +01:00
54a3829453
ssl_client2: Simplify early_data option
...
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-07 08:06:46 +01:00
6d0a093582
use mbedtls_ssl_session_init() to init session variable
...
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described
Signed-off-by: Benson Liou <benson.liou@sony.com >
2023-12-27 22:03:24 +08:00
a9581d2d5f
Fix CI failure of uninitialized fp
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-11 01:50:34 +00:00
aedfc0932b
Revert to ae952174a7 and addressing some comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-08 10:43:24 +00:00
963468035d
Add the test framework of early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-07 09:19:43 +00:00
daddfb520d
Open the file once read in the file path
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-07 08:14:30 +00:00
35c026c09e
Read early data file
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-07 06:10:34 +00:00
2a8035b495
Add read early data code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-07 03:54:40 +00:00
57db590586
Rework to revert the early_data enabled flag
...
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-07 03:29:22 +00:00
ae952174a7
Enable early data depend on whether the early data file exist
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 10:27:27 +00:00
611c717c02
Sync the early_data option with internal parameters in ssl_client2
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 09:24:58 +00:00
f8fe11d14d
Remove the generic file read functions and simply the early data read
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 07:40:50 +00:00
eaebedb30b
Refine the detect code to enable early data or not
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 02:55:16 +00:00
b1db72923e
Rename the generic read functions to ssl_read_file_text
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 02:33:38 +00:00
6c678d7543
Improve the comments of early data input
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-06 02:20:51 +00:00
70fbdcf904
Change early data flag to input file
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-12-05 05:50:08 +00:00
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-07 11:49:24 +08:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
...
Cleanups in test code
2023-10-30 18:08:01 +00:00
a0e810de4b
Convey that it's ok for mbedtls_ssl_session_save to fail
...
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-17 16:04:27 +02:00
f745e5b8de
Merge remote-tracking branch 'development' into HEAD
2023-08-23 20:35:32 +02:00
acd32c005f
programs: add helper functions for supported EC curves
...
- get full list, or
- get TLS ID from name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
