Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/1cc8e3472ab6d02ea17f99dc1b478ac9c3061cd2^!/./tests/ssl-opt.sh
commit
1cc8e3472ab6d02ea17f99dc1b478ac9c3061cd2
[log]
author
Gilles Peskine <Gilles.Peskine@arm.com>
Wed May 03 16:28:34 2017 +0200
committer
Gilles Peskine <Gilles.Peskine@arm.com>
Wed May 03 16:28:34 2017 +0200
tree
0da559b3ddc928c71afad7355a82d0d8eee3a2fe
parent
071db41627758963a1cedbed923c5e2a51543985 [diff] [blame]
Send TLS alerts in many more cases

The TLS client and server code was usually closing the connection in
case of a fatal error without sending an alert. This commit adds
alerts in many cases.

Added one test case to detect that we send the alert, where a server
complains that the client's certificate is from an unknown CA (case
tracked internally as IOTSSL-1330).

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4f633fc..f7b43f6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -1840,8 +1840,12 @@
             -s "x509_verify_cert() returned" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
+            -s "send alert level=2 message=48" \
             -c "! mbedtls_ssl_handshake returned" \
             -s "X509 - Certificate verification failed"
+# We don't check that the client receives the alert because it might
+# detect that its write end of the connection is closed and abort
+# before reading the alert message.
 
 run_test    "Authentication: client badcert, server optional" \
             "$P_SRV debug_level=3 auth_mode=optional" \