diff options
Diffstat (limited to 'tests/tls-crt_type-neg.c')
-rw-r--r-- | tests/tls-crt_type-neg.c | 373 |
1 files changed, 256 insertions, 117 deletions
diff --git a/tests/tls-crt_type-neg.c b/tests/tls-crt_type-neg.c index ff5aa08885..f09d3cb27f 100644 --- a/tests/tls-crt_type-neg.c +++ b/tests/tls-crt_type-neg.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2017 - 2018 ARPA2 project * - * Author: Tom Vrancken + * Author: Tom Vrancken (dev@tomvrancken.nl) * * This file is part of GnuTLS. * @@ -15,7 +15,7 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU Lesser General Public License + * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/> */ @@ -40,254 +40,393 @@ test_case_st tests[] = { /* Tests with only a single credential set for client/server. * Tests for X.509 cases. */ - { + { /* Default case A * * Priority cli: NORMAL * Priority srv: NORMAL - * Certificate negotiation mechanism: disabled * Cli creds: None * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Default case A. Neg off (default). Creds set (CLI/SRV): None/X509.", + .name = "Default case A. Creds set (CLI/SRV): None/X509.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_EMPTY, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { /* Default case B * * Priority: NORMAL - * Certificate negotiation mechanism: disabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Default case B. Neg off (default). Creds set (CLI/SRV): X509/X509.", + .name = "Default case B. Creds set (CLI/SRV): X509/X509. No cli cert asked.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, - { - /* No server credentials - * - * Priority: NORMAL - * Certificate negotiation mechanism: disabled - * Cli creds: None - * Srv creds: None - * Handshake: results in errors - * Negotiation: cert types are not evaluated - */ - .name = "No server creds. Creds set (CLI/SRV): None/None.", - .client_prio = "NORMAL", - .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, - .set_srv_creds = CRED_EMPTY, - .client_err = GNUTLS_E_AGAIN, - .server_err = GNUTLS_E_NO_CIPHER_SUITES, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Client can negotiate, server not + /* Default case C * * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): enabled/disabled - * Cli creds: None + * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Client can negotiate, server not", + .name = "Default case C. Creds set (CLI/SRV): X509/X509. Cli cert asked.", .client_prio = "NORMAL", .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, + .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = false}, + .request_cli_crt = true}, { - /* Server can negotiate, client not + /* No server credentials * * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): disabled/enabled * Cli creds: None - * Srv creds: X.509 - * Handshake: should complete without errors - * Negotiation: cert types should default to X.509 + * Srv creds: None + * Handshake: results in errors + * Negotiation: cert types are not evaluated */ - .name = "Server can negotiate, client not", + .name = "No server creds. Creds set (CLI/SRV): None/None.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_EMPTY, - .set_srv_creds = CRED_X509, - .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = true}, + .set_srv_creds = CRED_EMPTY, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, { - /* Client and server can negotiate + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 * - * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): enabled/enabled - * Cli creds: None + * Priority: NORMAL + request x509 for cli and srv + * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: cert types should default to X.509 + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Client and server can negotiate", - .client_prio = "NORMAL", - .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, + .name = "Negotiate CLI X.509 + SRV X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Negotiate both, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, no cli cert asked * - * Priority: NORMAL + request x509 for cli and srv - * Certificate negotiation mechanism (cli/srv): enabled/enabled + * Priority: NORMAL + request x509 for cli * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate CLI X.509 + SRV X.509, cli/srv X.509 creds set", - .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", - .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Negotiate cli x509, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, cli cert asked * * Priority: NORMAL + request x509 for cli - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate CLI X.509, cli/srv X.509 creds set", + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-X509", .server_prio = "NORMAL:+CTYPE-CLI-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .request_cli_crt = true}, { - /* Negotiate srv x509, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 * * Priority: NORMAL + request x509 for srv - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate SRV X.509, cli/srv X.509 creds set", + .name = "Negotiate SRV X.509. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-SRV-X509", .server_prio = "NORMAL:+CTYPE-SRV-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for CLI, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for CLI, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all client cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate CLI all, cli/srv X.509 creds set", + .name = "Negotiate CLI all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-ALL", .server_prio = "NORMAL:+CTYPE-CLI-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for SRV, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for SRV, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all server cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate SRV all, cli/srv X.509 creds set", + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-SRV-ALL", .server_prio = "NORMAL:+CTYPE-SRV-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for CLI/SRV, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for CLI/SRV, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all client and server cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate CLI/SRV all, cli/srv X.509 creds set", + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true} + .expected_srv_ctype = GNUTLS_CRT_X509}, /* Tests with only a single credential set for client/server. * Tests for Raw public-key cases. */ - //TODO implement when Raw public key support is finished - - /* Tests with only a single credential set for client/server. - * Tests for KDH cases. - */ - //TODO implement when KDH support is finished + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, Req. cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: both parties should have a Raw PK cert negotiated + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK. Cert req.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.2), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert. A diverged state for the client + * cert type. The server picks Raw PK but does not send a response + * to the client (under TLS 1.2). The client therefore falls back to default (X.509). + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.3), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert and client cert. Under TLS 1.3 + * a respons is always sent by the server also when no client + * cert is requested. This is necessary for post-handshake authentication + * to work. + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: fails because no valid cred (X.509) can be found for the server. + * Negotiation: - + */ + .name = "Negotiate CLI Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, request cli cert. + * + * Priority: NORMAL + request rawpk for srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for server. Client will + * default to X.509. + */ + .name = "Negotiate SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds X.509, Request cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: X.509 + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for client. Server will + * default to X.509. + */ + .name = "Negotiate CLI and SRV Raw PK. Creds set (CLI/SRV): RawPK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI, cli creds Raw PK, srv creds X.509 + * + * Priority: NORMAL + allow all client cert types + * Cli creds: Raw PK + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv X.509 because + * that are the only credentials set. + */ + .name = "Negotiate CLI all. Creds set (CLI/SRV): Raw PK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for SRV, cli creds x509, srv creds Raw PK + * + * Priority: NORMAL + allow all server cert types + * Cli creds: X.509 + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/Raw PK.", + .client_prio = "NORMAL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI/SRV, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + allow all client and server cert types + * Cli creds: Raw PK + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): Raw PK/Raw PK.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, - /* Tests with multiple credentials set for client/server. */ - //TODO implement when support for more cert types is ready }; void doit(void) |