diff --git a/tests/suites.c b/tests/suites.c index 75c277b6e..0d7a283cb 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -509,6 +509,8 @@ static void test_harness(void* vargs) int cliArgsSz; char* cursor; char* comment; + char lastChar = '\0'; + int do_it = 0; const char* fname = "tests/test.conf"; const char* addArgs = NULL; @@ -571,20 +573,27 @@ static void test_harness(void* vargs) cliArgs[0] = args->argv[0]; while (*cursor != 0) { - int do_it = 0; - switch (*cursor) { case '\n': /* A blank line triggers test case execution or switches to client mode if we don't have the client command yet */ - if (cliMode == 0) - cliMode = 1; /* switch to client mode processing */ - /* skip extra newlines */ - else - do_it = 1; /* Do It, we have server and client */ + if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) { + if (cliMode == 0) + cliMode = 1; /* switch to client mode processing */ + else + do_it = 1; /* Do It, we have server and client */ + } + #ifdef DEBUG_SUITE_TESTS + else { + /* skip extra new-lines */ + printf("skipping extra new line\n"); + } + #endif + lastChar = *cursor; cursor++; break; case '#': + lastChar = *cursor; /* Ignore lines that start with a # */ comment = XSTRSEP(&cursor, "\n"); #ifdef DEBUG_SUITE_TESTS @@ -597,6 +606,7 @@ static void test_harness(void* vargs) default: /* Parameters start with a -. They end in either a newline * or a space. Capture until either, save in Args list. */ + lastChar = *cursor; if (cliMode) cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); else @@ -659,6 +669,7 @@ static void test_harness(void* vargs) svrArgsSz = 1; cliArgsSz = 1; cliMode = 0; + do_it = 0; } } diff --git a/tests/test-altchains.conf b/tests/test-altchains.conf index 9bd52741d..ee4106add 100644 --- a/tests/test-altchains.conf +++ b/tests/test-altchains.conf @@ -1,6 +1,7 @@ -# Tests will use complete chain with intermediate CA for testing +# Tests using a longer certificate chain (with intermediate CA's) # The tests with chains have the CRL checking disabled # CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted + # For these tests we are loading root and sending intermediate and peer certs # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain -v 3 @@ -82,11 +83,12 @@ -c ./certs/intermediate/client-chain-ecc.pem -C + # Test will load intermediate CA as trusted and only present the peer cert (partial chain) # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 -l DHE-RSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem -V @@ -94,7 +96,7 @@ # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 -l DHE-RSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem -C @@ -102,7 +104,7 @@ # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem -V @@ -110,7 +112,7 @@ # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem -C @@ -118,7 +120,7 @@ # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-ecc-cert.pem +-A ./certs/intermediate/ca-int2-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem -V @@ -126,7 +128,7 @@ # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-ecc-cert.pem +-A ./certs/intermediate/ca-int2-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem -C @@ -134,7 +136,7 @@ # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 -l TLS13-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/server-key.pem -c ./certs/intermediate/server-int-cert.pem -V @@ -142,7 +144,7 @@ # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain -v 4 -l TLS13-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-cert.pem +-A ./certs/intermediate/ca-int2-cert.pem -k ./certs/client-key.pem -c ./certs/intermediate/client-int-cert.pem -C @@ -150,7 +152,7 @@ # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 -l TLS13-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-ecc-cert.pem +-A ./certs/intermediate/ca-int2-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-int-ecc-cert.pem -V @@ -158,11 +160,94 @@ # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain -v 4 -l TLS13-AES128-GCM-SHA256 --A ./certs/intermediate/ca-int-ecc-cert.pem +-A ./certs/intermediate/ca-int2-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-int-ecc-cert.pem -C + +# Test will load intermediate2 CA as trusted and present full chain (where intermediate CA is not trusted) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem +-V + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem +-C + + # Test will use alternate chain where chain contains extra cert # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain -v 3 diff --git a/wolfssl/test.h b/wolfssl/test.h index 67e28842d..a321d918b 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1729,7 +1729,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) -/* avoid printing duplicate certs */ + /* avoid printing duplicate certs */ if (store->depth == 1) { /* retrieve x509 certs and display them on stdout */ sk = wolfSSL_X509_STORE_GetCerts(store);