diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d417afb1a..8a44687c52 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5952,6 +5952,18 @@ run_test "Authentication: hostname match, client required" \ -C "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname match, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \ + 0 \ + -C "does not match with the expected CN" \ + -C "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -C "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname mismatch (wrong), client required" \ "$P_SRV" \ "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \ @@ -6058,6 +6070,19 @@ run_test "Authentication: hostname unset, client required" \ -c "! mbedtls_ssl_handshake returned" \ -C "X509 - Certificate verification failed" +run_test "Authentication: hostname unset, client required, CA callback" \ + "$P_SRV" \ + "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \ + 1 \ + -C "does not match with the expected CN" \ + -c "Certificate verification without having set hostname" \ + -C "Certificate verification without CN verification" \ + -c "get_hostname_for_verification() returned -" \ + -C "use CA callback for X.509 CRT verification" \ + -C "x509_verify_cert() returned -" \ + -c "! mbedtls_ssl_handshake returned" \ + -C "X509 - Certificate verification failed" + run_test "Authentication: hostname unset, client optional" \ "$P_SRV" \ "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \