Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full and fix tests
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.
Add a missing dependency on !MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 to
some test cases that either were testing that v3 extensions are only
accepted in v3 certificates, or where parsing returns a different
error when MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 is enabled.
Add a few positive and negative test cases with
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 enabled.
Fix one test case with MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 where the
intended output of mbedtls_x509_crt_info had changed in
890819a597 but the test case was missed
because it was never executed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
72d40fc6ca
commit
6710e15921
2 changed files with 26 additions and 7 deletions
|
|
@ -196,7 +196,6 @@ EXCLUDE_FROM_FULL = frozenset([
|
|||
'MBEDTLS_SSL_PROTO_SSL3',
|
||||
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
|
||||
'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
|
||||
'MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3',
|
||||
'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # variant toggle
|
||||
'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
|
||||
])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue