diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index a7b154a7e1..c38d24aa8e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -71,7 +71,7 @@ void mbedtls_test_init_handshake_options( opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; opts->pk_alg = MBEDTLS_PK_RSA; - opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; + opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; @@ -876,7 +876,11 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } - mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + if (MBEDTLS_SSL_IS_SERVER == endpoint_type) { + mbedtls_ssl_conf_authmode(&(ep->conf), options->srv_auth_mode); + } else { + mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); + } #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); @@ -2440,7 +2444,6 @@ void mbedtls_test_ssl_perform_handshake( TEST_EQUAL(mbedtls_test_ssl_endpoint_init(server, MBEDTLS_SSL_IS_SERVER, options), 0); - mbedtls_ssl_conf_authmode(&server->conf, options->srv_auth_mode); if (options->dtls) { TEST_EQUAL(mbedtls_test_ssl_dtls_join_endpoints(client, server), 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 052a9d8f4a..652576b127 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3043,6 +3043,7 @@ void handshake_ciphersuite_select(char *cipher, int pk_alg, data_t *psk_str, options.opaque_alg = psa_alg; options.opaque_alg2 = psa_alg2; options.opaque_usage = psa_usage; + options.srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; options.expected_handshake_result = expected_handshake_result; options.expected_ciphersuite = expected_ciphersuite;