summaryrefslogtreecommitdiff
path: root/tests/tls-crt_type-neg.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/tls-crt_type-neg.c')
-rw-r--r--tests/tls-crt_type-neg.c373
1 files changed, 256 insertions, 117 deletions
diff --git a/tests/tls-crt_type-neg.c b/tests/tls-crt_type-neg.c
index ff5aa08885..f09d3cb27f 100644
--- a/tests/tls-crt_type-neg.c
+++ b/tests/tls-crt_type-neg.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2017 - 2018 ARPA2 project
*
- * Author: Tom Vrancken
+ * Author: Tom Vrancken (dev@tomvrancken.nl)
*
* This file is part of GnuTLS.
*
@@ -15,7 +15,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
- * You should have received a copy of the GNU Lesser General Public License
+ * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>
*/
@@ -40,254 +40,393 @@ test_case_st tests[] = {
/* Tests with only a single credential set for client/server.
* Tests for X.509 cases.
*/
- {
+ {
/* Default case A
*
* Priority cli: NORMAL
* Priority srv: NORMAL
- * Certificate negotiation mechanism: disabled
* Cli creds: None
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: cert types should default to X.509
*/
- .name = "Default case A. Neg off (default). Creds set (CLI/SRV): None/X509.",
+ .name = "Default case A. Creds set (CLI/SRV): None/X509.",
.client_prio = "NORMAL",
.server_prio = "NORMAL",
.set_cli_creds = CRED_EMPTY,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = false,
- .enable_cert_type_neg_srv = false},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
/* Default case B
*
* Priority: NORMAL
- * Certificate negotiation mechanism: disabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: cert types should default to X.509
*/
- .name = "Default case B. Neg off (default). Creds set (CLI/SRV): X509/X509.",
+ .name = "Default case B. Creds set (CLI/SRV): X509/X509. No cli cert asked.",
.client_prio = "NORMAL",
.server_prio = "NORMAL",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = false,
- .enable_cert_type_neg_srv = false},
- {
- /* No server credentials
- *
- * Priority: NORMAL
- * Certificate negotiation mechanism: disabled
- * Cli creds: None
- * Srv creds: None
- * Handshake: results in errors
- * Negotiation: cert types are not evaluated
- */
- .name = "No server creds. Creds set (CLI/SRV): None/None.",
- .client_prio = "NORMAL",
- .server_prio = "NORMAL",
- .set_cli_creds = CRED_EMPTY,
- .set_srv_creds = CRED_EMPTY,
- .client_err = GNUTLS_E_AGAIN,
- .server_err = GNUTLS_E_NO_CIPHER_SUITES,
- .enable_cert_type_neg_cli = false,
- .enable_cert_type_neg_srv = false},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* Client can negotiate, server not
+ /* Default case C
*
* Priority: NORMAL
- * Certificate negotiation mechanism (cli/srv): enabled/disabled
- * Cli creds: None
+ * Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: cert types should default to X.509
*/
- .name = "Client can negotiate, server not",
+ .name = "Default case C. Creds set (CLI/SRV): X509/X509. Cli cert asked.",
.client_prio = "NORMAL",
.server_prio = "NORMAL",
- .set_cli_creds = CRED_EMPTY,
+ .set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
.expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = false},
+ .request_cli_crt = true},
{
- /* Server can negotiate, client not
+ /* No server credentials
*
* Priority: NORMAL
- * Certificate negotiation mechanism (cli/srv): disabled/enabled
* Cli creds: None
- * Srv creds: X.509
- * Handshake: should complete without errors
- * Negotiation: cert types should default to X.509
+ * Srv creds: None
+ * Handshake: results in errors
+ * Negotiation: cert types are not evaluated
*/
- .name = "Server can negotiate, client not",
+ .name = "No server creds. Creds set (CLI/SRV): None/None.",
.client_prio = "NORMAL",
.server_prio = "NORMAL",
.set_cli_creds = CRED_EMPTY,
- .set_srv_creds = CRED_X509,
- .expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = false,
- .enable_cert_type_neg_srv = true},
+ .set_srv_creds = CRED_EMPTY,
+ .client_err = GNUTLS_E_AGAIN,
+ .server_err = GNUTLS_E_NO_CIPHER_SUITES},
{
- /* Client and server can negotiate
+ /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509
*
- * Priority: NORMAL
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
- * Cli creds: None
+ * Priority: NORMAL + request x509 for cli and srv
+ * Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
- * Negotiation: cert types should default to X.509
+ * Negotiation: Fallback to default cli X.509, srv X.509 because
+ * we advertise with only the cert type defaults. Extensions
+ * will therefore not be activated.
*/
- .name = "Client and server can negotiate",
- .client_prio = "NORMAL",
- .server_prio = "NORMAL",
- .set_cli_creds = CRED_EMPTY,
+ .name = "Negotiate CLI X.509 + SRV X.509. Creds set (CLI/SRV): X.509/X.509.",
+ .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509",
+ .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509",
+ .set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* Negotiate both, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, no cli cert asked
*
- * Priority: NORMAL + request x509 for cli and srv
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
+ * Priority: NORMAL + request x509 for cli
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * we advertise with only the cert type defaults. Extensions
+ * will therefore not be activated.
*/
- .name = "Negotiate CLI X.509 + SRV X.509, cli/srv X.509 creds set",
- .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509",
- .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509",
+ .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.",
+ .client_prio = "NORMAL:+CTYPE-CLI-X509",
+ .server_prio = "NORMAL:+CTYPE-CLI-X509",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* Negotiate cli x509, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, cli cert asked
*
* Priority: NORMAL + request x509 for cli
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * we advertise with only the cert type defaults. Extensions
+ * will therefore not be activated.
*/
- .name = "Negotiate CLI X.509, cli/srv X.509 creds set",
+ .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.",
.client_prio = "NORMAL:+CTYPE-CLI-X509",
.server_prio = "NORMAL:+CTYPE-CLI-X509",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
.expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .request_cli_crt = true},
{
- /* Negotiate srv x509, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509
*
* Priority: NORMAL + request x509 for srv
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
* Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * we advertise with only the cert type defaults. Extensions
+ * will therefore not be activated.
*/
- .name = "Negotiate SRV X.509, cli/srv X.509 creds set",
+ .name = "Negotiate SRV X.509. Creds set (CLI/SRV): X.509/X.509.",
.client_prio = "NORMAL:+CTYPE-SRV-X509",
.server_prio = "NORMAL:+CTYPE-SRV-X509",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* All types allowed for CLI, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, all types allowed for CLI, cli creds x509, srv creds x509
*
* Priority: NORMAL + allow all client cert types
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
- * Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * Negotiation: cli X.509 and srv X.509 because
+ * we only have X.509 credentials set.
*/
- .name = "Negotiate CLI all, cli/srv X.509 creds set",
+ .name = "Negotiate CLI all. Creds set (CLI/SRV): X.509/X.509.",
.client_prio = "NORMAL:+CTYPE-CLI-ALL",
.server_prio = "NORMAL:+CTYPE-CLI-ALL",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* All types allowed for SRV, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, all types allowed for SRV, cli creds x509, srv creds x509
*
* Priority: NORMAL + allow all server cert types
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
- * Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * Negotiation: cli X.509 and srv X.509 because
+ * we only have X.509 credentials set.
*/
- .name = "Negotiate SRV all, cli/srv X.509 creds set",
+ .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/X.509.",
.client_prio = "NORMAL:+CTYPE-SRV-ALL",
.server_prio = "NORMAL:+CTYPE-SRV-ALL",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true},
+ .expected_srv_ctype = GNUTLS_CRT_X509},
{
- /* All types allowed for CLI/SRV, cli creds x509, srv creds x509
+ /* Explicit cli/srv ctype negotiation, all types allowed for CLI/SRV, cli creds x509, srv creds x509
*
* Priority: NORMAL + allow all client and server cert types
- * Certificate negotiation mechanism (cli/srv): enabled/enabled
* Cli creds: X.509
* Srv creds: X.509
* Handshake: should complete without errors
- * Negotiation: Fallback to default cli X.509, srv X.509 because
- * we advertise with only the cert type defaults.
+ * Negotiation: cli X.509 and srv X.509 because
+ * we only have X.509 credentials set.
*/
- .name = "Negotiate CLI/SRV all, cli/srv X.509 creds set",
+ .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): X.509/X.509.",
.client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL",
.server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL",
.set_cli_creds = CRED_X509,
.set_srv_creds = CRED_X509,
.expected_cli_ctype = GNUTLS_CRT_X509,
- .expected_srv_ctype = GNUTLS_CRT_X509,
- .enable_cert_type_neg_cli = true,
- .enable_cert_type_neg_srv = true}
+ .expected_srv_ctype = GNUTLS_CRT_X509},
/* Tests with only a single credential set for client/server.
* Tests for Raw public-key cases.
*/
- //TODO implement when Raw public key support is finished
-
- /* Tests with only a single credential set for client/server.
- * Tests for KDH cases.
- */
- //TODO implement when KDH support is finished
+ {
+ /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, Req. cli cert.
+ *
+ * Priority: NORMAL + request rawpk for cli and srv
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Request client cert: yes
+ * Handshake: should complete without errors
+ * Negotiation: both parties should have a Raw PK cert negotiated
+ */
+ .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK. Cert req.",
+ .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
+ {
+ /* Explicit cli/srv ctype negotiation (TLS 1.2), cli creds Raw PK, srv creds Raw PK
+ *
+ * Priority: NORMAL + request rawpk for cli and srv
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Request client cert: no
+ * Handshake: should complete without errors
+ * Negotiation: a Raw PK server cert. A diverged state for the client
+ * cert type. The server picks Raw PK but does not send a response
+ * to the client (under TLS 1.2). The client therefore falls back to default (X.509).
+ */
+ .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.",
+ .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_cli_ctype = GNUTLS_CRT_X509,
+ .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = false,
+ .cli_srv_may_diverge = true},
+ {
+ /* Explicit cli/srv ctype negotiation (TLS 1.3), cli creds Raw PK, srv creds Raw PK
+ *
+ * Priority: NORMAL + request rawpk for cli and srv
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Request client cert: no
+ * Handshake: should complete without errors
+ * Negotiation: a Raw PK server cert and client cert. Under TLS 1.3
+ * a respons is always sent by the server also when no client
+ * cert is requested. This is necessary for post-handshake authentication
+ * to work.
+ */
+ .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.",
+ .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = false,
+ .cli_srv_may_diverge = true},
+ {
+ /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK
+ *
+ * Priority: NORMAL + request rawpk for cli
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Request client cert: no
+ * Handshake: fails because no valid cred (X.509) can be found for the server.
+ * Negotiation: -
+ */
+ .name = "Negotiate CLI Raw PK. Creds set (CLI/SRV): RawPK/RawPK.",
+ .client_prio = "NORMAL:+CTYPE-CLI-RAWPK",
+ .server_prio = "NORMAL:+CTYPE-CLI-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .client_err = GNUTLS_E_AGAIN,
+ .server_err = GNUTLS_E_NO_CIPHER_SUITES},
+ {
+ /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, request cli cert.
+ *
+ * Priority: NORMAL + request rawpk for srv
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Request client cert: yes
+ * Handshake: should complete without errors
+ * Negotiation: Raw PK will be negotiated for server. Client will
+ * default to X.509.
+ */
+ .name = "Negotiate SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.",
+ .client_prio = "NORMAL:+CTYPE-SRV-RAWPK",
+ .server_prio = "NORMAL:+CTYPE-SRV-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_ctype = GNUTLS_CRT_X509,
+ .expected_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
+ {
+ /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds X.509, Request cli cert.
+ *
+ * Priority: NORMAL + request rawpk for cli and srv
+ * Cli creds: Raw PK
+ * Srv creds: X.509
+ * Request client cert: yes
+ * Handshake: should complete without errors
+ * Negotiation: Raw PK will be negotiated for client. Server will
+ * default to X.509.
+ */
+ .name = "Negotiate CLI and SRV Raw PK. Creds set (CLI/SRV): RawPK/X.509.",
+ .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_X509,
+ .expected_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_ctype = GNUTLS_CRT_X509,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
+ {
+ /* All types allowed for CLI, cli creds Raw PK, srv creds X.509
+ *
+ * Priority: NORMAL + allow all client cert types
+ * Cli creds: Raw PK
+ * Srv creds: X.509
+ * Handshake: should complete without errors
+ * Negotiation: cli Raw PK and srv X.509 because
+ * that are the only credentials set.
+ */
+ .name = "Negotiate CLI all. Creds set (CLI/SRV): Raw PK/X.509.",
+ .client_prio = "NORMAL:+CTYPE-CLI-ALL",
+ .server_prio = "NORMAL:+CTYPE-CLI-ALL",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_X509,
+ .expected_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_ctype = GNUTLS_CRT_X509,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
+ {
+ /* All types allowed for SRV, cli creds x509, srv creds Raw PK
+ *
+ * Priority: NORMAL + allow all server cert types
+ * Cli creds: X.509
+ * Srv creds: Raw PK
+ * Handshake: should complete without errors
+ * Negotiation: cli X.509 and srv Raw PK because
+ * that are the only credentials set.
+ */
+ .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/Raw PK.",
+ .client_prio = "NORMAL:+CTYPE-SRV-ALL",
+ .server_prio = "NORMAL:+CTYPE-SRV-ALL",
+ .set_cli_creds = CRED_X509,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_ctype = GNUTLS_CRT_X509,
+ .expected_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
+ {
+ /* All types allowed for CLI/SRV, cli creds Raw PK, srv creds Raw PK
+ *
+ * Priority: NORMAL + allow all client and server cert types
+ * Cli creds: Raw PK
+ * Srv creds: Raw PK
+ * Handshake: should complete without errors
+ * Negotiation: cli Raw PK and srv Raw PK because
+ * that are the only credentials set.
+ */
+ .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): Raw PK/Raw PK.",
+ .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL",
+ .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL",
+ .set_cli_creds = CRED_RAWPK,
+ .set_srv_creds = CRED_RAWPK,
+ .expected_cli_ctype = GNUTLS_CRT_RAWPK,
+ .expected_srv_ctype = GNUTLS_CRT_RAWPK,
+ .init_flags_cli = GNUTLS_ENABLE_RAWPK,
+ .init_flags_srv = GNUTLS_ENABLE_RAWPK,
+ .request_cli_crt = true},
- /* Tests with multiple credentials set for client/server. */
- //TODO implement when support for more cert types is ready
};
void doit(void)
View Lorry Controller Status