Skip to content

Commit

Permalink
Test TLS1.3 connection forcing all ops on token
Browse files Browse the repository at this point in the history
This is used primarily to test TLS13-KDF.
Note that we have to disable digest ops on the token as OpenSSL requires
context duplication to work, and most tokens do not really offer it.

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
simo5 committed Sep 27, 2024
1 parent 9cca079 commit f936dd7
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions tests/ttls
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,18 @@ run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2"
title PARA "Run test with TLS 1.2 and ECDH"
run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1"

#Try again forcing all operations on the token
#We need to disable digest operations as OPenSSL depens on context duplication working
ORIG_OPENSSL_CONF=${OPENSSL_CONF}
sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
-e "s/#pkcs11-module-block-operations/pkcs11-module-block-operations = digest/" \
"${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
OPENSSL_CONF=${OPENSSL_CONF}.forcetoken

title PARA "Run test with TLS 1.3 preferring token functions"
run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_3"

OPENSSL_CONF=${ORIG_OPENSSL_CONF}


exit 0;

0 comments on commit f936dd7

Please sign in to comment.