From 5de538c9dd546ad0c3af9d6fe2c23a3b0585ad0c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 20 Oct 2022 14:47:56 +0200 Subject: [PATCH] ssl-opt.sh: Remove requires_key_exchange_with_cert_in_tls12_enabled Remove requires_key_exchange_with_cert_in_tls12_enabled and use `requires_any_configs_enabled` directly instead. Signed-off-by: Ronald Cron --- tests/scripts/generate_tls13_compat_tests.py | 1 - tests/ssl-opt.sh | 95 +++++++++----------- 2 files changed, 44 insertions(+), 52 deletions(-) diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 5c445df72..764c0ee3f 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -357,7 +357,6 @@ class MbedTLSBase(TLSProgram): def pre_checks(self): ret = ['requires_config_enabled MBEDTLS_DEBUG_C', - 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3', 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED'] if self._compat_mode: diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 707249457..8945bdf83 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -259,17 +259,10 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" -requires_key_exchange_with_cert_in_tls12_enabled() { - if ! $P_QUERY -any $TLS1_2_KEY_EXCHANGES_WITH_CERT - then - SKIP_NEXT="YES" - fi -} - requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then - requires_key_exchange_with_cert_in_tls12_enabled + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED then SKIP_NEXT="YES" @@ -5195,7 +5188,7 @@ run_test "Authentication: server badcert, client required" \ -c "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5207,7 +5200,7 @@ run_test "Authentication: server badcert, client optional" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ @@ -5239,7 +5232,7 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \ requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5251,7 +5244,7 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5262,7 +5255,7 @@ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsuppo -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5274,7 +5267,7 @@ run_test "Authentication: server badcert, client none" \ -C "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA256, server required" \ "$P_SRV auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -5285,7 +5278,7 @@ run_test "Authentication: client SHA256, server required" \ -c "Supported Signature Algorithm found: 5," requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client SHA384, server required" \ "$P_SRV auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -5419,7 +5412,7 @@ run_test "Authentication: client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI" \ @@ -5431,7 +5424,7 @@ run_test "Authentication: openssl client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client no cert, openssl server optional" \ "$O_SRV -verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -5443,7 +5436,7 @@ run_test "Authentication: client no cert, openssl server optional" \ -C "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: client no cert, openssl server required" \ "$O_SRV -Verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -5487,7 +5480,7 @@ run_test "Authentication: server max_int+1 chain, client default" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5499,7 +5492,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server max_int+1 chain, client none" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5551,7 +5544,7 @@ run_test "Authentication: client max_int chain, server required" \ # Tests for CA list in CertificateRequest messages requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send CA list in CertificateRequest (default)" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI crt_file=data_files/server6.crt \ @@ -5560,7 +5553,7 @@ run_test "Authentication: send CA list in CertificateRequest (default)" \ -s "requested DN" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: do not send CA list in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI crt_file=data_files/server6.crt \ @@ -5569,7 +5562,7 @@ run_test "Authentication: do not send CA list in CertificateRequest" \ -S "requested DN" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -5583,7 +5576,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig -s "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ crt_file2=data_files/server1.crt \ @@ -5595,7 +5588,7 @@ run_test "Authentication: send alt conf DN hints in CertificateRequest" \ -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ crt_file2=data_files/server2.crt \ @@ -5607,7 +5600,7 @@ run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ -c "DN hint: C=NL, O=PolarSSL, CN=localhost" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send alt hs DN hints in CertificateRequest" \ "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ crt_file2=data_files/server1.crt \ @@ -5623,7 +5616,7 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5637,7 +5630,7 @@ run_test "Authentication, CA callback: server badcert, client required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5659,7 +5652,7 @@ run_test "Authentication, CA callback: server badcert, client optional" \ requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5673,7 +5666,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5686,7 +5679,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA256, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -5699,7 +5692,7 @@ run_test "Authentication, CA callback: client SHA256, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client SHA384, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ @@ -5712,7 +5705,7 @@ run_test "Authentication, CA callback: client SHA384, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -5737,7 +5730,7 @@ run_test "Authentication, CA callback: client badcert, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -5758,7 +5751,7 @@ run_test "Authentication, CA callback: client cert not trusted, server requir requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -5781,7 +5774,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ @@ -5794,7 +5787,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server max_int+1 chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5807,7 +5800,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ key_file=data_files/dir-maxpath/10.key" \ @@ -5821,7 +5814,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5834,7 +5827,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int+1 chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ @@ -5847,7 +5840,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_full_size_output_buffer requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client max_int chain, server required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ @@ -6185,7 +6178,7 @@ run_test "Non-blocking I/O: client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Non-blocking I/O: ticket" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1" \ @@ -6195,7 +6188,7 @@ run_test "Non-blocking I/O: ticket" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Non-blocking I/O: ticket + client auth" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1" \ @@ -6205,7 +6198,7 @@ run_test "Non-blocking I/O: ticket + client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Non-blocking I/O: ticket + client auth + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -6215,7 +6208,7 @@ run_test "Non-blocking I/O: ticket + client auth + resume" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Non-blocking I/O: ticket + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -6225,7 +6218,7 @@ run_test "Non-blocking I/O: ticket + resume" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Non-blocking I/O: session-id resume" \ "$P_SRV nbio=2 tickets=0 auth_mode=none" \ "$P_CLI nbio=2 tickets=0 reconnect=1" \ @@ -6255,7 +6248,7 @@ run_test "Event-driven I/O: client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Event-driven I/O: ticket" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1" \ @@ -6265,7 +6258,7 @@ run_test "Event-driven I/O: ticket" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Event-driven I/O: ticket + client auth" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1" \ @@ -6275,7 +6268,7 @@ run_test "Event-driven I/O: ticket + client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Event-driven I/O: ticket + client auth + resume" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -6285,7 +6278,7 @@ run_test "Event-driven I/O: ticket + client auth + resume" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Event-driven I/O: ticket + resume" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -6295,7 +6288,7 @@ run_test "Event-driven I/O: ticket + resume" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_key_exchange_with_cert_in_tls12_enabled +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Event-driven I/O: session-id resume" \ "$P_SRV event=1 tickets=0 auth_mode=none" \ "$P_CLI event=1 tickets=0 reconnect=1" \