From e9b711e42b34b93d757dce1574be9abc99cb3d0e Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 4 Feb 2026 21:28:28 -0800 Subject: [PATCH] Tests for mutual authentication --- .github/workflows/async-examples.yml | 9 ++++++--- examples/async/Makefile | 1 + examples/async/async_server.c | 15 +++++++++------ 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/async-examples.yml b/.github/workflows/async-examples.yml index 7ff5481a1b..f8a1a0ae56 100644 --- a/.github/workflows/async-examples.yml +++ b/.github/workflows/async-examples.yml @@ -76,10 +76,13 @@ jobs: run_pair ecc_tls12 --tls12 --ecc run_pair x25519_tls12 --tls12 --x25519 - # BELOW ARE NOT WORKING YET # TLS 1.3 mutual auth - #run_pair ecc_tls13_mutual --mutual --ecc - #run_pair x25519_tls13_mutual --mutual --x25519 + run_pair ecc_tls13_mutual --mutual --ecc + run_pair x25519_tls13_mutual --mutual --x25519 + + # TLS 1.2 mutual auth + run_pair ecc_tls12_mutual --mutual --tls12 --ecc + run_pair x25519_tls12_mutual --mutual --tls12 --x25519 - name: Print async logs diff --git a/examples/async/Makefile b/examples/async/Makefile index 445e5fabbb..340dce71ee 100644 --- a/examples/async/Makefile +++ b/examples/async/Makefile @@ -51,6 +51,7 @@ $(OBJDIR)/%.o: $(WOLFSSL_TOP)/%.c $(OBJDIR)/wolfcrypt/src/ecc_fp.o: CFLAGS += -Wno-pedantic $(OBJDIR)/wolfcrypt/src/fips.o: CFLAGS += -Wno-pedantic $(OBJDIR)/wolfcrypt/src/fips_test.o: CFLAGS += -Wno-pedantic +$(OBJDIR)/wolfcrypt/src/fipsv2.o: CFLAGS += -Wno-pedantic $(OBJDIR)/wolfcrypt/src/selftest.o: CFLAGS += -Wno-pedantic $(OBJDIR)/wolfcrypt/src/wolfcrypt_first.o: CFLAGS += -Wno-pedantic $(OBJDIR)/wolfcrypt/src/wolfcrypt_last.o: CFLAGS += -Wno-pedantic diff --git a/examples/async/async_server.c b/examples/async/async_server.c index 933ddda396..db669377e9 100644 --- a/examples/async/async_server.c +++ b/examples/async/async_server.c @@ -316,11 +316,12 @@ int server_async_test(int argc, char** argv) } if (mutual) { - ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ed25519_cert, - sizeof_ca_ed25519_cert, WOLFSSL_FILETYPE_ASN1); + /* client-ed25519 is self-signed, so load it as its own CA */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, client_ed25519_cert, + sizeof_client_ed25519_cert, WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, - "ERROR: failed to load ED25519 CA cert.\n"); + "ERROR: failed to load ED25519 client CA cert.\n"); goto exit; } } @@ -345,10 +346,12 @@ int server_async_test(int argc, char** argv) } if (mutual) { - ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256, - sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1); + /* client-ecc-cert is self-signed, so load it as its own CA */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, cliecc_cert_der_256, + sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load ECC CA cert.\n"); + fprintf(stderr, + "ERROR: failed to load ECC client CA cert.\n"); goto exit; } }