Add non-regression test for verify_result init

Write a testcase to get verify_result before we have performed a
handshake and make sure that it is initialised to a failure value.

Signed-off-by: David Horstmann <david.horstmann@arm.com>

tests/suites/test_suite_ssl.data

@@ -3524,3 +3524,6 @@ ssl_tls_exporter_rejects_bad_parameters:MBEDTLS_SSL_VERSION_TLS1_3:24:250:10
 TLS 1.3 Keying Material Exporter: Handshake not done
 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_X509_RSASSA_PSS_SUPPORT
 ssl_tls_exporter_too_early:MBEDTLS_SSL_VERSION_TLS1_3:1:MBEDTLS_SSL_SERVER_CERTIFICATE
+
+Default verify_result before doing a handshake
+verify_result_without_handshake

tests/suites/test_suite_ssl.function

@@ -5999,3 +5999,36 @@ exit:
     MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+void verify_result_without_handshake(void)
+{
+    /* Test the result of verification before we perform a handshake. */
+    mbedtls_ssl_context ssl;
+    mbedtls_ssl_config conf;
+
+    PSA_INIT();
+
+    mbedtls_ssl_init(&ssl);
+    mbedtls_ssl_config_init(&conf);
+
+    TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
+                                           MBEDTLS_SSL_IS_CLIENT,
+                                           MBEDTLS_SSL_TRANSPORT_STREAM,
+                                           MBEDTLS_SSL_PRESET_DEFAULT), 0);
+
+    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+    mbedtls_ssl_conf_ca_chain(&conf, NULL, NULL);
+
+    TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
+
+    uint32_t verify_result = mbedtls_ssl_get_verify_result(&ssl);
+
+    TEST_EQUAL(verify_result, MBEDTLS_X509_VERIFY_NOT_STARTED);
+
+exit:
+    mbedtls_ssl_config_free(&conf);
+    mbedtls_ssl_free(&ssl);
+    PSA_DONE();
+}
+/* END_CASE */