Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: combine TLS1.2 and TLS1.3 sig scheme representations #4498

Merged
merged 6 commits into from
Apr 13, 2024
Merged

refactor: combine TLS1.2 and TLS1.3 sig scheme representations #4498

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
667e4fd
refactor: combine TLS1.2 and TLS1.3 sig scheme representations
lrstewart Apr 10, 2024
d7acfaa
PR comments
lrstewart Apr 12, 2024
f0ded61
Add so many missing EXPECT_SUCCESS :(
lrstewart Apr 12, 2024
3eb7873
Fix comments
lrstewart Apr 12, 2024
1e1356c
Words
lrstewart Apr 12, 2024
583f9a8
Merge branch 'main' into fix_p521
lrstewart Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 34 additions & 30 deletions tests/unit/s2n_auth_selection_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@
#define RSA_PKCS1_SIG_SCHEME &s2n_rsa_pkcs1_md5_sha1
#define RSA_PSS_PSS_SIG_SCHEME &s2n_rsa_pss_pss_sha256
#define RSA_PSS_RSAE_SIG_SCHEME &s2n_rsa_pss_rsae_sha256
#define ECDSA_SIG_SCHEME &s2n_ecdsa_secp384r1_sha384
#define ECDSA_SIG_SCHEME_OTHER_CURVE &s2n_ecdsa_secp256r1_sha256
#define ECDSA_SIG_SCHEME &s2n_ecdsa_sha384
#define ECDSA_SIG_SCHEME_OTHER_CURVE &s2n_ecdsa_sha256

#define EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(x) \
if (s2n_is_rsa_pss_certs_supported()) { \
Expand Down Expand Up @@ -102,31 +102,31 @@ int main(int argc, char **argv)
/* Test: not valid if certs not available */
{
/* No certs exist */
s2n_connection_set_config(conn, no_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, no_certs_config));
EXPECT_FAILURE(s2n_is_cipher_suite_valid_for_auth(conn, RSA_AUTH_CIPHER_SUITE));
EXPECT_FAILURE(s2n_is_cipher_suite_valid_for_auth(conn, ECDSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, NO_AUTH_CIPHER_SUITE));

/* RSA certs exist */
s2n_connection_set_config(conn, rsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_cert_config));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, RSA_AUTH_CIPHER_SUITE));
EXPECT_FAILURE(s2n_is_cipher_suite_valid_for_auth(conn, ECDSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, NO_AUTH_CIPHER_SUITE));

/* RSA-PSS certs exist */
s2n_connection_set_config(conn, rsa_pss_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_pss_cert_config));
EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(s2n_is_cipher_suite_valid_for_auth(conn, RSA_AUTH_CIPHER_SUITE));
EXPECT_FAILURE(s2n_is_cipher_suite_valid_for_auth(conn, ECDSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, NO_AUTH_CIPHER_SUITE));

/* ECDSA certs exist */
s2n_connection_set_config(conn, ecdsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, ecdsa_cert_config));
EXPECT_FAILURE(s2n_is_cipher_suite_valid_for_auth(conn, RSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, ECDSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, NO_AUTH_CIPHER_SUITE));

/* All certs exist */
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, RSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, ECDSA_AUTH_CIPHER_SUITE));
EXPECT_SUCCESS(s2n_is_cipher_suite_valid_for_auth(conn, NO_AUTH_CIPHER_SUITE));
Expand All @@ -144,43 +144,47 @@ int main(int argc, char **argv)
conn->secure->cipher_suite = NO_AUTH_CIPHER_SUITE;

/* No certs exist */
s2n_connection_set_config(conn, no_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, no_certs_config));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PKCS1_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_PSS_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_RSAE_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));

/* RSA certs exist */
s2n_connection_set_config(conn, rsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_cert_config));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PKCS1_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_PSS_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_RSAE_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));

/* RSA-PSS certs exist */
s2n_connection_set_config(conn, rsa_pss_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_pss_cert_config));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PKCS1_SIG_SCHEME));
EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_PSS_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_RSAE_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));

/* ECDSA certs exist */
s2n_connection_set_config(conn, ecdsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, ecdsa_cert_config));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PKCS1_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_PSS_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_RSAE_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));

/* All certs exist */
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PKCS1_SIG_SCHEME));
EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_PSS_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, RSA_PSS_RSAE_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));
}

/* Test: If signature algorithm specifies curve, must match cert curve */
/* Test: If signature algorithm is TLS1.3 ECDSA, must match cert curve */
{
DEFER_CLEANUP(struct s2n_connection *test_conn = s2n_connection_new(S2N_CLIENT),
s2n_connection_ptr_free);
test_conn->actual_protocol_version = S2N_TLS13;

struct s2n_cert_chain_and_key *ecdsa_cert_chain_for_other_curve = NULL;
EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&ecdsa_cert_chain_for_other_curve,
S2N_ECDSA_P256_PKCS1_CERT_CHAIN, S2N_ECDSA_P256_PKCS1_KEY));
Expand All @@ -189,23 +193,23 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(
ecdsa_cert_config_for_other_curve, ecdsa_cert_chain_for_other_curve));

conn->secure->cipher_suite = NO_AUTH_CIPHER_SUITE;
test_conn->secure->cipher_suite = NO_AUTH_CIPHER_SUITE;

s2n_connection_set_config(conn, ecdsa_cert_config);
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME_OTHER_CURVE));
EXPECT_SUCCESS(s2n_connection_set_config(test_conn, ecdsa_cert_config));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME_OTHER_CURVE));

s2n_connection_set_config(conn, ecdsa_cert_config_for_other_curve);
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME_OTHER_CURVE));
EXPECT_SUCCESS(s2n_connection_set_config(test_conn, ecdsa_cert_config_for_other_curve));
EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME));
EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME_OTHER_CURVE));

EXPECT_SUCCESS(s2n_config_free(ecdsa_cert_config_for_other_curve));
EXPECT_SUCCESS(s2n_cert_chain_and_key_free(ecdsa_cert_chain_for_other_curve));
}

/* Test: If cipher suite specifies auth type, auth type must be valid for sig alg on server */
{
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));

/* RSA auth type */
conn->secure->cipher_suite = RSA_AUTH_CIPHER_SUITE;
Expand Down Expand Up @@ -243,7 +247,7 @@ int main(int argc, char **argv)

/* Test: RSA-PSS requires a non-ephemeral kex */
{
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));

/* ephemeral key */
conn->secure->cipher_suite = &s2n_dhe_rsa_with_3des_ede_cbc_sha; /* kex = (dhe) */
Expand Down Expand Up @@ -301,7 +305,7 @@ int main(int argc, char **argv)
struct s2n_cert_chain_and_key *chosen_certs = NULL;

/* Requested cert chain exists */
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));

struct s2n_signature_scheme test_sig_scheme = { 0 };
conn->handshake_params.server_cert_sig_scheme = &test_sig_scheme;
Expand All @@ -326,7 +330,7 @@ int main(int argc, char **argv)
EXPECT_EQUAL(chosen_certs, ecdsa_cert_chain);

/* Requested cert chain does NOT exist */
s2n_connection_set_config(conn, no_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, no_certs_config));

/* cppcheck-suppress redundantAssignment */
test_sig_scheme.sig_alg = S2N_SIGNATURE_RSA;
Expand Down Expand Up @@ -354,10 +358,10 @@ int main(int argc, char **argv)
/* Test all possible combos */
{
struct s2n_connection *conn = s2n_connection_new(S2N_SERVER);
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));

/* No certs exist */
s2n_connection_set_config(conn, no_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, no_certs_config));

EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PKCS1_SIG_SCHEME, NULL));
EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PSS_PSS_SIG_SCHEME, NULL));
Expand All @@ -375,7 +379,7 @@ int main(int argc, char **argv)
EXPECT_FAILURE(s2n_test_auth_combo(conn, NO_AUTH_CIPHER_SUITE, ECDSA_SIG_SCHEME, NULL));

/* RSA certs exist */
s2n_connection_set_config(conn, rsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_cert_config));

EXPECT_SUCCESS(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PKCS1_SIG_SCHEME, rsa_cert_chain));
EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PSS_PSS_SIG_SCHEME, NULL));
Expand All @@ -393,7 +397,7 @@ int main(int argc, char **argv)
EXPECT_FAILURE(s2n_test_auth_combo(conn, NO_AUTH_CIPHER_SUITE, ECDSA_SIG_SCHEME, NULL));

/* RSA_PSS certs exist */
s2n_connection_set_config(conn, rsa_pss_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, rsa_pss_cert_config));

EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PKCS1_SIG_SCHEME, NULL));
EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PSS_PSS_SIG_SCHEME, rsa_pss_cert_chain));
Expand All @@ -411,7 +415,7 @@ int main(int argc, char **argv)
EXPECT_FAILURE(s2n_test_auth_combo(conn, NO_AUTH_CIPHER_SUITE, ECDSA_SIG_SCHEME, NULL));

/* ECDSA certs exist */
s2n_connection_set_config(conn, ecdsa_cert_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, ecdsa_cert_config));

EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PKCS1_SIG_SCHEME, NULL));
EXPECT_FAILURE(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PSS_PSS_SIG_SCHEME, NULL));
Expand All @@ -429,7 +433,7 @@ int main(int argc, char **argv)
EXPECT_SUCCESS(s2n_test_auth_combo(conn, NO_AUTH_CIPHER_SUITE, ECDSA_SIG_SCHEME, ecdsa_cert_chain));

/* All certs exist */
s2n_connection_set_config(conn, all_certs_config);
EXPECT_SUCCESS(s2n_connection_set_config(conn, all_certs_config));

EXPECT_SUCCESS(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PKCS1_SIG_SCHEME, rsa_cert_chain));
EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(s2n_test_auth_combo(conn, RSA_AUTH_CIPHER_SUITE, RSA_PSS_PSS_SIG_SCHEME, rsa_pss_cert_chain));
Expand Down
6 changes: 3 additions & 3 deletions tests/unit/s2n_client_auth_handshake_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ int s2n_test_client_auth_negotiation(struct s2n_config *server_config, struct s2
client_conn->server_protocol_version = S2N_TLS13;
client_conn->client_protocol_version = S2N_TLS13;
client_conn->actual_protocol_version = S2N_TLS13;
client_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256;
client_conn->handshake_params.client_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256;
client_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_sha256;
client_conn->handshake_params.client_cert_sig_scheme = &s2n_ecdsa_sha256;
client_conn->secure->cipher_suite = &s2n_tls13_aes_128_gcm_sha256;
if (!no_cert) {
client_conn->handshake_params.our_chain_and_key = ecdsa_cert;
Expand All @@ -58,7 +58,7 @@ int s2n_test_client_auth_negotiation(struct s2n_config *server_config, struct s2
server_conn->server_protocol_version = S2N_TLS13;
server_conn->client_protocol_version = S2N_TLS13;
server_conn->actual_protocol_version = S2N_TLS13;
server_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256;
server_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_sha256;
server_conn->secure->cipher_suite = &s2n_tls13_aes_128_gcm_sha256;

if (no_cert) {
Expand Down
1 change: 0 additions & 1 deletion tests/unit/s2n_fips_rules_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,6 @@ int main(int argc, char **argv)
const struct s2n_signature_scheme *valid[] = {
&s2n_ecdsa_sha256,
&s2n_rsa_pkcs1_sha384,
&s2n_ecdsa_secp521r1_sha512,
&s2n_rsa_pss_pss_sha256,
};
for (size_t i = 0; i < s2n_array_len(valid); i++) {
Expand Down
102 changes: 0 additions & 102 deletions tests/unit/s2n_security_policies_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,60 +54,6 @@ static S2N_RESULT s2n_test_security_policies_compatible(const struct s2n_securit
return S2N_RESULT_OK;
}

static S2N_RESULT s2n_test_get_missing_duplicate_signature_scheme(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥳

Copy link
Contributor Author

@lrstewart lrstewart Apr 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It served its purpose 😔

const struct s2n_signature_scheme *const *policy_schemes, size_t policy_schemes_count,
uint8_t minimum_policy_version, uint8_t maximum_policy_version,
const struct s2n_signature_scheme **duplicate)
{
if (policy_schemes_count > 0) {
RESULT_ENSURE_REF(policy_schemes);
}
RESULT_ENSURE_REF(duplicate);
*duplicate = NULL;

const struct s2n_signature_preferences *all_schemes = security_policy_test_all.signature_preferences;

/* Check all schemes in target policy */
for (int i = 0; i < policy_schemes_count; i++) {
const struct s2n_signature_scheme *from_policy = policy_schemes[i];
EXPECT_NOT_NULL(from_policy);

/* Check if duplicates exist for the scheme */
for (size_t j = 0; j < all_schemes->count; j++) {
const struct s2n_signature_scheme *from_all = all_schemes->signature_schemes[j];
EXPECT_NOT_NULL(from_all);

/* Skip if not a duplicate */
if (from_all == from_policy) {
continue;
} else if (from_all->iana_value != from_policy->iana_value) {
continue;
} else if (from_all->maximum_protocol_version
&& from_all->maximum_protocol_version < minimum_policy_version) {
continue;
} else if (from_all->minimum_protocol_version
&& from_all->minimum_protocol_version > maximum_policy_version) {
continue;
}
*duplicate = from_all;

/* Check whether duplicate is also in the target policy */
for (size_t k = 0; k < policy_schemes_count; k++) {
const struct s2n_signature_scheme *possible_match = policy_schemes[k];
EXPECT_NOT_NULL(possible_match);
if (*duplicate == possible_match) {
*duplicate = NULL;
break;
}
}
if (*duplicate) {
return S2N_RESULT_OK;
}
}
}
return S2N_RESULT_OK;
}

int main(int argc, char **argv)
{
BEGIN_TEST();
Expand Down Expand Up @@ -875,7 +821,6 @@ int main(int argc, char **argv)

/* If scheme will be used for pre-tls1.3 */
if (min_version < S2N_TLS13) {
EXPECT_NULL(scheme->signature_curve);
EXPECT_NOT_EQUAL(scheme->sig_alg, S2N_SIGNATURE_RSA_PSS_PSS);
}
}
Expand Down Expand Up @@ -1075,52 +1020,5 @@ int main(int argc, char **argv)
};
};

/* Policies must include all signature schemes that share an IANA value */
{
for (int i = 0; security_policy_selection[i].version != NULL; i++) {
security_policy = security_policy_selection[i].security_policy;
EXPECT_NOT_NULL(security_policy);
const uint8_t max_protocol_version = security_policy_selection[i].supports_tls13 ?
s2n_highest_protocol_version :
S2N_TLS12;

/* Check signature scheme preferences */
{
const struct s2n_signature_scheme *duplicate = NULL;
EXPECT_OK(s2n_test_get_missing_duplicate_signature_scheme(
security_policy->signature_preferences->signature_schemes,
security_policy->signature_preferences->count,
security_policy->minimum_protocol_version,
max_protocol_version,
&duplicate));

if (duplicate) {
fprintf(stderr, "Policy: %s Scheme: %04x\n",
security_policy_selection[i].version,
duplicate->iana_value);
FAIL_MSG("Missing signature scheme");
}
}

/* Check certificate signature scheme preferences */
if (security_policy->certificate_signature_preferences) {
const struct s2n_signature_scheme *duplicate = NULL;
EXPECT_OK(s2n_test_get_missing_duplicate_signature_scheme(
security_policy->certificate_signature_preferences->signature_schemes,
security_policy->certificate_signature_preferences->count,
security_policy->minimum_protocol_version,
max_protocol_version,
&duplicate));

if (duplicate) {
fprintf(stderr, "Policy: %s Scheme: %04x\n",
security_policy_selection[i].version,
duplicate->iana_value);
FAIL_MSG("Missing certificate signature scheme");
}
}
}
}

END_TEST();
}
Loading
Loading