ssl-opt.sh: Explain use of --insecure in GnuTLS client tests

commit: b9a0086975fa966bf113db2d853bd978c4498475 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Aug 28 10:20:22 2018 +0100
committer: Hanno Becker <hanno.becker@arm.com> Tue Aug 28 10:20:22 2018 +0100
tree: 92cfaa07fe94b9ae398b1fe4a20c586e0a584f28
parent: bc2498a9ffc3d80816cef82055309eb5ab4f915c [diff] [blame]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ff36e6c..01867e1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -5535,6 +5535,13 @@
             -c "fragmenting handshake message" \
             -C "error"
 
+# We use --insecure for the GnuTLS client because it expects
+# the hostname / IP it connects to to be the name used in the
+# certificate obtained from the server. Here, however, it
+# connects to 127.0.0.1 while our test certificates use 'localhost'
+# as the server name in the certificate. This will make the
+# certifiate validation fail, but passing --insecure makes
+# GnuTLS continue the connection nonetheless.
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5549,6 +5556,7 @@
             0 \
             -s "fragmenting handshake message"
 
+# See previous test for the reason to use --insecure
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
commit	b9a0086975fa966bf113db2d853bd978c4498475	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Aug 28 10:20:22 2018 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Tue Aug 28 10:20:22 2018 +0100
tree	92cfaa07fe94b9ae398b1fe4a20c586e0a584f28
parent	bc2498a9ffc3d80816cef82055309eb5ab4f915c [diff] [blame]