From 868bea42a17339fcafa782e363e0a800284296ce Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 12 Mar 2026 17:50:03 +0000 Subject: [PATCH] Only check for verify skipped if we have certs Check for the 'Certificate verification was skipped' message only when the testcase depends on MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED since in other cases certificates may not be enabled at all and this message will not be printed in the output. Signed-off-by: David Horstmann --- tests/opt-testcases/tls13-kex-modes.sh | 275 +++++++++++++------------ 1 file changed, 139 insertions(+), 136 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 8229dd01ae..f0984c5fb2 100644 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -26,8 +26,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" \ + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -88,8 +87,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -150,8 +148,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -212,8 +209,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -294,8 +290,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -359,8 +354,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -424,8 +418,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -489,7 +482,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -510,7 +504,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -531,7 +526,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -553,7 +549,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -574,7 +571,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -595,7 +593,8 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -618,7 +617,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -641,7 +641,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -663,7 +664,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -685,7 +687,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -708,7 +711,8 @@ run_test "TLS 1.3: G->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -730,7 +734,8 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -752,7 +757,8 @@ run_test "TLS 1.3: G->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -775,7 +781,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -797,7 +804,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -820,7 +828,8 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -842,7 +851,8 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -863,7 +873,8 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -885,7 +896,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -906,7 +918,8 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, fail, key materia -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -923,8 +936,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -941,8 +953,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -959,8 +970,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -977,8 +987,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -995,8 +1004,7 @@ run_test "TLS 1.3: G->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1034,8 +1042,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \ -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1093,8 +1100,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1152,8 +1158,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1212,8 +1217,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1274,8 +1278,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1336,7 +1339,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1356,7 +1360,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1376,7 +1381,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mism -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1397,7 +1403,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1417,7 +1424,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1437,7 +1445,8 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1459,7 +1468,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1480,7 +1490,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1501,7 +1512,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1523,7 +1535,8 @@ run_test "TLS 1.3: O->m: all/all, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1544,7 +1557,8 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1565,7 +1579,8 @@ run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1587,7 +1602,8 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1608,7 +1624,8 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -s "key exchange mode: ephemeral" + -s "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1628,7 +1645,8 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ -s "Invalid binder." \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" + -S "key exchange mode: ephemeral" \ + -s "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1645,8 +1663,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ -s "write selected_group: secp256r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1663,8 +1680,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ -s "write selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1681,8 +1697,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ -s "write selected_group: secp521r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1699,8 +1714,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ -s "write selected_group: x25519" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1717,8 +1731,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ -s "write selected_group: x448" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1735,8 +1748,7 @@ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -1755,8 +1767,7 @@ run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "HRR selected_group: secp384r1" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ - -S "key exchange mode: ephemeral" \ - -s "! Certificate verification was skipped" + -S "key exchange mode: ephemeral" # Add psk test cases for mbedtls client code @@ -1775,9 +1786,7 @@ run_test "TLS 1.3: m->m: psk/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1861,9 +1870,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1970,9 +1977,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2072,9 +2077,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2314,7 +2317,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2408,7 +2413,9 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2455,9 +2462,7 @@ run_test "TLS 1.3: m->m: psk_all/psk, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2500,9 +2505,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2608,9 +2611,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" \ - -s "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2818,7 +2819,9 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2915,7 +2918,9 @@ run_test "TLS 1.3: m->m: all/all, good" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" \ + -s "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2964,8 +2969,7 @@ run_test "TLS 1.3: m->O: psk/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3000,8 +3004,7 @@ run_test "TLS 1.3: m->O: psk_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3019,8 +3022,7 @@ run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" #OPENSSL-SERVER psk_ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3038,8 +3040,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3056,8 +3057,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 ok" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 ok" #OPENSSL-SERVER ephemeral mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3101,7 +3101,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3119,7 +3120,8 @@ run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #OPENSSL-SERVER all mode requires_openssl_tls1_3_with_compatible_ephemeral @@ -3139,7 +3141,8 @@ run_test "TLS 1.3: m->O: all/all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" requires_openssl_tls1_3_with_compatible_ephemeral requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3158,7 +3161,8 @@ run_test "TLS 1.3: m->O: all/ephemeral_all, good" \ -c "client hello, adding PSK binder list" \ -c "Selected key exchange mode: psk_ephemeral" \ -c "<= write client hello" \ - -c "HTTP/1.0 200 ok" + -c "HTTP/1.0 200 ok" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER psk mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3178,8 +3182,7 @@ run_test "TLS 1.3: m->G: psk/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk$" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3218,8 +3221,7 @@ run_test "TLS 1.3: m->G: psk_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3239,8 +3241,7 @@ run_test "TLS 1.3: m->G: psk_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" #GNUTLS-SERVER psk_ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3260,8 +3261,7 @@ run_test "TLS 1.3: m->G: psk_ephemeral/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3280,8 +3280,7 @@ run_test "TLS 1.3: m->G: psk_ephemeral/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" \ - -c "! Certificate verification was skipped" + -c "HTTP/1.0 200 OK" #GNUTLS-SERVER ephemeral mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3327,7 +3326,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3347,7 +3347,8 @@ run_test "TLS 1.3: m->G: ephemeral_all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" #GNUTLS-SERVER all mode requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -3369,7 +3370,8 @@ run_test "TLS 1.3: m->G: all/all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_gnutls_tls1_3 @@ -3390,4 +3392,5 @@ run_test "TLS 1.3: m->G: all/ephemeral_all, good" \ -s "Parsing extension 'Pre Shared Key/41'" \ -c "<= write client hello" \ -c "Selected key exchange mode: psk_ephemeral" \ - -c "HTTP/1.0 200 OK" + -c "HTTP/1.0 200 OK" \ + -c "! Certificate verification was skipped"