espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'examples/tls_removed_deprecated_version_v4.4' into 'release/v4.4'

Browse Source 
test_apps: removed verification of TLS v1.1 (v4.4)

See merge request espressif/esp-idf!19290
This commit is contained in:
David Čermák
2022-09-21 16:35:40 +08:00
parent 7d4d75c507 b0a5b100ea
commit c6fd8752b0
2 changed files with 2 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tools/test_apps/protocols/openssl/app_test.py
View File

@@ -100,23 +100,13 @@ def test_app_esp_openssl(env, extra_data):
return case return case
# start test cases # start test cases
start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE',
desc='Connect with verify_none mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
result='SSL Connection Succeed')
start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER',
desc='Connect with verify_peer mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_1,
result='SSL Connection Failed')
start_case( start_case(
case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE', case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE',
desc='Connect with verify_none mode using wrong certs', desc='Connect with verify_none mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_2, negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
result='SSL Connection Succeed') result='SSL Connection Succeed')
start_case( start_case(
case='CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER', case='CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_PEER',
desc='Connect with verify_peer mode using wrong certs', desc='Connect with verify_peer mode using wrong certs',
negotiated_protocol=ssl.PROTOCOL_TLSv1_2, negotiated_protocol=ssl.PROTOCOL_TLSv1_2,
result='SSL Connection Failed') result='SSL Connection Failed')

10
tools/test_apps/protocols/openssl/main/connect_test.c
View File

@@ -35,15 +35,7 @@ static SSL_CTX* init_ctx(const char *test_case)
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
const SSL_METHOD *method = NULL; const SSL_METHOD *method = NULL;
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) { if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
method = TLSv1_1_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
} else if (strcmp(test_case, "CONFIG_TLSV1_1_CONNECT_WRONG_CERT_VERIFY_PEER") == 0) {
method = TLSv1_1_client_method();
ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
} else if (strcmp(test_case, "CONFIG_TLSV1_2_CONNECT_WRONG_CERT_VERIFY_NONE") == 0) {
method = TLSv1_2_client_method(); method = TLSv1_2_client_method();
ctx = SSL_CTX_new(method); /* Create new context */ ctx = SSL_CTX_new(method); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);