Skip to content

Commit

Permalink
Test TLS1.3 connection forcing all ops on token
Browse files Browse the repository at this point in the history
This is used primarily to test TLS13-KDF.
Note that we have to disable digest ops on the token as OpenSSL requires
context duplication to work, and most tokens do not really offer it.

Signed-off-by: Simo Sorce <simo@redhat.com>
  • Loading branch information
simo5 committed Oct 1, 2024
1 parent 4f034a2 commit b7c9bb6
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions tests/ttls
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,18 @@ run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2"
title PARA "Run test with TLS 1.2 and ECDH"
run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_2 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -groups secp256r1"

#Try again forcing all operations on the token
#We need to disable digest operations as OpenSSL depends on context duplication working
ORIG_OPENSSL_CONF=${OPENSSL_CONF}
sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
-e "s/#pkcs11-module-block-operations/pkcs11-module-block-operations = digest/" \
"${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
OPENSSL_CONF=${OPENSSL_CONF}.forcetoken

title PARA "Run test with TLS 1.3 preferring token functions"
run_test "$ECPRIURI" "$ECCRTURI" "" "-tls1_3"

OPENSSL_CONF=${ORIG_OPENSSL_CONF}


exit 0;

0 comments on commit b7c9bb6

Please sign in to comment.