Commit graph

233 commits

Author SHA1 Message Date
Jouni Malinen
ecd07de40c tests: EAP-FAST and different TLS cipher suites
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:53:43 +02:00
Jouni Malinen
9353f07f3b tests: Clear BSS table at the end of rsn_ie_proto_eap_sta
rsn_ie_proto_eap_sta followed by eap_ttls_mschapv2_session_resumption
showed a failure case where the special RSNE from rsn_ie_proto_eap_sta
ended up remaining in a wpa_supplicant BSS entry and the SELECT_NETWORK
command used the previous scan results without checking for changed AP
configuration. This resulted in test failure due to RSN IE being claimed
to be different in EAPOL-Key msg 3/4. This is not really a real world
issue, but try to avoid false failure reports by explicitly clearing the
BSS table at the end of rsn_ie_proto_eap_sta.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 00:53:20 +02:00
Jouni Malinen
412c60309a tests: Increase connection timeout for number of EAP test cases
The previously used 10 second timeout allowed only two scan attempts
(five seconds between scans) and it was possible to hit a failure every
now and then when running under heavy load and the Probe Response frame
got delayed by 40 ms or so twice in a row. Add more time for one more
scan attempt to reduce the likelihood of this happening.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 20:00:01 +02:00
Jouni Malinen
52811b8c90 tests: EAP-TLS with intermediate CAs and OCSP multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
98d125cafa tests: Minimal testing of OCSP stapling with ocsp_multi
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-23 00:32:52 +02:00
Jouni Malinen
8adce07a73 tests: Add dh_file parameter for integrated EAP server
This is needed for number of EAP test cases at least when using the
internal TLS server implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:51:54 +02:00
Jouni Malinen
3b6f3b37b8 tests: WPA2-Enterprise connection using EAP-EKE (many connections)
This tries to make it more likely to hit the special case of pub_len <
prime_len for additional code coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-21 23:57:16 +02:00
Jouni Malinen
d5f5d260b8 tests: EAP-PEAP phase1 TLS flags
This adds some more test coverage for phase1 parameters that had not
previously been included in any of the test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:36:51 +02:00
Jouni Malinen
5382712518 tests: EAP-TTLS with unsupported Phase 2 EAP method in configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:33:03 +02:00
Jouni Malinen
7cb27f89f2 tests: EAP-TLS and TLS Message Length in unfragmented packets
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
cef42a44e2 tests: EAP-TLS and config blob missing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
bfdb90d40f tests: EAP-TTLS/MSCHAP with password hash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
09a4404a33 tests: EAP-PEAP version forcing
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:59:14 +02:00
Jouni Malinen
81e1ab85bc tests: EAP-PEAP session resumption with crypto binding
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:23:51 +02:00
Jouni Malinen
09ad98c58a tests: EAP-PEAP with peap_outer_success=0
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 20:05:50 +02:00
Jouni Malinen
c4e06b9b7b tests: EAP-TTLS with invalid phase2 parameter values
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 00:24:51 +02:00
Jouni Malinen
138903f91f tests: Run OCSP test cases with internal TLS library
There is no sufficient OCSP support to go through these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 21:19:59 +02:00
Jouni Malinen
58a406202a tests: OCSP certificate signed OCSP response using key ID
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:49:26 +02:00
Jouni Malinen
8e416cecdb tests: Make key-lifetime-in-memory more robust for GTK check
The decrypted copy of a GTK from EAPOL-Key is cleared from memory only
after having sent out CTRL-EVENT-CONNECTED. As such, there was a race
condition on the test case reading the wpa_supplicant process memory
after the connection. This was unlikely to occur due to the one second
sleep, but even with that, it would be at least theorically possible to
hit this race under heavy load (e.g., when using large number of VMs to
run parallel testing). Avoid this by running a PING command to make sure
wpa_supplicant has returned to eloop before reading the process memory.
This should make it less likely to report false positives on GTK being
found in memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-14 17:23:47 +02:00
Jouni Malinen
16c43d2a8f tests: Run PKCS#12 tests with internal TLS crypto
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
ca27ee0998 tests: External server certificate chain validation
This tests tls_ext_cert_check=1 behavior with EAP-TLS, EAP-TTLS,
EAP-PEAP, and EAP-FAST.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-13 21:12:20 +02:00
Jouni Malinen
0ceff76e7b tests: WPA2 AP processing of RSN IE differences
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 20:00:10 +02:00
Jouni Malinen
8eb45bde38 tests: Write GTK locations into debug log in key_lifetime_in_memory
It looks like it is possible for the GTK to be found from memory every
now and then. This makes these test cases fail. Write the memory
addresses in which the GTK was found to the log to make it somewhat
easier to try to figure out where the key can be left in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 17:48:43 +02:00
Jouni Malinen
96bf8fe104 tests: PKCS #8 private key with PKCS #5 v1.5 and v2.0 format
This verifies client private key use in encrypted PKCS #8 format with
PKCS #5 v1.5 format using pbeWithMD5AndDES-CBC and PKCS #5 v2.0 format
using PBES2 with des-ede3-cbc.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-05 20:27:27 +02:00
Jouni Malinen
d6ba709aa3 tests: EAP-TLS with SHA512/SHA384 signature
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-30 00:39:38 +02:00
Jouni Malinen
cc71035f6c tests: ap_wpa2_eap_fast_prf_oom with internal TLS implementation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 23:57:39 +02:00
Jouni Malinen
404597e630 tests: Skip ap_wpa2_eap_ttls_dh_params_dsa with internal TLS
DH DSA parameters are not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:09:44 +02:00
Jouni Malinen
686eee77d2 tests: Skip PKCS#12 tests with internal TLS client implementation
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 21:07:39 +02:00
Jouni Malinen
e78eb40442 tests: Skip domain_match and domain_suffix_match with internal TLS
The internal TLS client in wpa_supplicant does not yet support the
functionality needed for these test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:35:05 +02:00
Jouni Malinen
2286578fe0 tests: TLS v1.2 check in ap_wpa2_eap_tls_versions for internal TLS
The internal TLS implementation in wpa_supplicant supports TLS v1.2, so
verify that this version can be disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 20:04:26 +02:00
Jouni Malinen
bb0a72ab46 tests: Skip OCSP test cases with the internal TLS implementation
The internal TLS client implementation does not yet support OCSP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:32:45 +02:00
Jouni Malinen
0fc1b583e2 tests: ap_wpa2_eap_ttls_server_cert_hash with internal TLS client
Since the internal TLS client implementation in wpa_supplicant now has
sufficient support for this functionality, allow the test case to be
executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-29 19:02:04 +02:00
Jouni Malinen
f2d789f20b tests: EAP-pwd with Brainpool EC
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 11:30:48 +02:00
Jouni Malinen
d4c3c055d5 tests: EAP-SIM DB error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 16:28:33 +02:00
Jouni Malinen
bf0ec17a51 tests: EAP-GPSK error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 21:42:36 +03:00
Jouni Malinen
7c0d66cf7a tests: EAP-MSCHAPv2 error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-12 01:55:00 +03:00
Jouni Malinen
0d2a7bad0f tests: MSCHAP UTF-8 to UCS-2 conversion error cases
This triggers all three error cases in utf8_to_ucs2().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 18:41:22 +03:00
Jouni Malinen
d79ce4a6ce tests: Additional OCSP coverage
Verify OCSP stapling response that is signed by the CA rather than a
separate OCSP responder. In addition, verify that invalid signer
certificate (missing OCSP delegation) gets rejected.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-10 17:32:53 +03:00
Jouni Malinen
0c6185fc73 tests: Run through OCSP tests with BoringSSL
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-09 23:48:30 +03:00
Jouni Malinen
a359c7bb23 tests: Read monitor messages more frequently
These test cases left at least one of the attached monitor sockets
blocking for excessive time: ap_wpa2_eap_aka_ext,
ap_hs20_req_conn_capab_and_roaming_partner_preference,
ap_hs20_min_bandwidth_and_roaming_partner_preference, ap_wpa_ie_parsing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 20:45:20 +03:00
Jouni Malinen
4b9d79b66e tests: Make it less likely to overflow wlan5 control iface socket
Number of test cases did not read all control interface socket events
from the dynamically added wlan5 interface. This could result in hitting
maximum socket TX queue length and failures in the following test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 01:42:42 +03:00
Jouni Malinen
403610d386 tests: Update server and user certificates (2015)
The previous versions expired, so need to re-sign these to fix number of
the EAP test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-01 01:37:47 +03:00
Jouni Malinen
f455998afe tests: WPA2-Enterprise interactive identity entry and ENABLE_NETWORK
This verifies that ENABLE_NETWORK does not trigger reconnection if
already connected. The previous commit fixed a case where it was
possible for that to happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-22 12:03:53 +03:00
Jouni Malinen
f9dd43eac2 tests: EAP-TLS/TTLS/PEAP session resumption
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 19:28:12 +03:00
Jouni Malinen
0dae8c9974 tests: Skip TLS OCSP stapling test cases with BoringSSL builds
BoringSSL removed the OpenSSL API used to implement OCSP stapling
support.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 20:21:44 +03:00
Jouni Malinen
5f2e454790 tests: Allow group 25 to fail in ap_wpa2_eap_pwd_groups with BoringSSL
It looks like NID_X9_62_prime192v1 is not available, so allow that group
to fail without failing the full ap_wpa2_eap_pwd_groups test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 19:52:38 +03:00
Jouni Malinen
6da3b745f1 tests: Try users2.pkcs12 twice to add coverage
This allows manual verification of extra PKCS#12 certificate processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 01:10:15 +03:00
Jouni Malinen
ecafa0cf47 tests: RSN element protocol testing for STA side
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 20:04:07 +03:00
Jouni Malinen
38934ed100 tests: Skip ap_wpa2_eap_psk_oom and ap_ft_oom in FIPS mode
omac1_aes_128() implementation within crypto_openssl.c is used in this
case and that cannot fail the memory allocation similarly to the
non-FIPS case and aes-omac1.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
06cdd1cd79 tests: Allow FIPS error case for openssl_cipher_suite_config_wpas
OpenSSL rejects the cipher string 'EXPORT' in FIPS mode in a way that
results in the locally generated error showing up before the EAP method
has been accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
0392867b6b tests: Skip EAP-pwd NTHash test in FIPS build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
c8e82c94da tests: Skip EAP-IKEV2 tests if not included in the build
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
e7ac04ceaf tests: Skip EAP-MD5 and EAP-MSCHAPV2 test cases in FIPS mode
These would require MD5 or MD4 which are not allowed in FIPS mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
ca158ea621 tests: Skip EAP-TTLS/CHAP, MSCHAP, MSCHAPV2 test cases in FIPS mode
In addition, replace some of the CHAP cases with PAP since that enables
more coverage without breaking the main test focus.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
9dd21d5183 tests: Allow local disconnect in openssl_cipher_suite_config_wpas
The openssl_ciphers="EXPORT" case may result in locally generated
disconnection event if the OpenSSL version used in the build rejects
export ciphers in default configuration (which is what OpenSSL 1.1.0
will likely do). Don't report a test case failure in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
6c4b5da46d tests: EAP-TLS and TLS version configuration
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:52:14 +03:00
Jouni Malinen
85774b70a1 tests: EAP server and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-01 00:42:09 +03:00
Jouni Malinen
405c621cdb tests: WPA2-Enterprise connection using MAC ACL
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-01 00:34:27 +03:00
Jouni Malinen
df7ad0fa11 tests: EAP-TLS and unknown OCSP signer
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 22:05:37 +03:00
Jouni Malinen
d2a1047e67 tests: Invalid OCSP data (parsing failure)
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 22:01:05 +03:00
Jouni Malinen
7be5ec991d tests: Invalid openssl_ciphers value
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:55:59 +03:00
Jouni Malinen
6eddd5303c tests: EAP-FAST/MSCHAPv2 and server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-30 21:36:12 +03:00
Jouni Malinen
b3ff3decf6 tests: DH parameter file DSA conversion and error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
0c83ae0469 tests: EAP-TLS with PKCS12 that includes additional certificates
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
b1fb42751a tests: EAP-TLS and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
b197a8194b tests: EAP-TLS and server checking CRL
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
486f4e3c83 tests: EAP-SIM and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
f1ab79c34c tests: WPA2-Enterprise connection using EAP-IKEv2 and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
8c4e4c01f6 tests: WPA2-Enterprise connection using EAP-PSK and OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
27f2fab021 tests: WPA2-Enterprise connection using EAP-FAST and OOM in PRF
This is a regression test case for a memory leak on a TLS PRF error
path. In addition, this provides more coverage for this error path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-19 01:23:24 +03:00
Jouni Malinen
5e0bedc63c tests: EAP-EKE with server OOM
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 13:36:16 +03:00
Jouni Malinen
f7e3c17b68 tests: WPA2-Enterprise connection using EAP-EKE with serverid NAI
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 12:48:52 +03:00
Jouni Malinen
5748d1e5f8 tests: EAP-TTLS with server certificate valid beyond UNIX time 2^31
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:24:35 +03:00
Jouni Malinen
768ea0bc32 tests: DH params with 2048-bit key
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 11:03:42 +03:00
Jouni Malinen
febf575200 tests: EAP-TTLS with TLS session ticket enabled
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-01 12:57:11 +03:00
Jouni Malinen
0d33f5040f tests: EAP-PEAP/MSCHAPv2 with domain name
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 22:06:06 +03:00
Jouni Malinen
b898a6ee72 tests: WPA2-Enterprise connection using EAP-pwd and NTHash
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 09:45:25 +02:00
Jouni Malinen
52352802ee tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 16:06:23 +02:00
Jouni Malinen
b638f70316 tests: Replace subprocess.call for rm with os.remove()
There is no need to use sudo and external rm to remove files now that
run-tests.py is required to run as root.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-07 15:37:13 +02:00
Jouni Malinen
f4cd0f6454 tests: EAP-PEAP/MSCHAPv2 password failure
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 17:37:35 +02:00
Jouni Malinen
54f2cae2e6 tests: Make *_key_lifetime_in_memory more robust
It was possible for the GTK-found-in-memory case to be triggered due to
a retransmission of EAPOL-Key msg 3/4 especially when running test cases
under heavy load (i.e., timeout on hostapd due to not receiving the 4/4
response quickly enough). Make this false failure report less likely by
waiting a bit longer after the connection has been completed before
fetching the process memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 18:06:06 +02:00
Jouni Malinen
ef318402f6 tests: EAP-MSCHAPv2 server out-of-memory cases
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 16:17:25 +02:00
Jouni Malinen
95a15d793e tests: EAP-GTC server error cases
In addition, no-password-configured coverage extended to EAP-MD5 and
EAP-MSCHAPv2 as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 15:59:36 +02:00
Jouni Malinen
467775c5ac tests: Pending EAP peer processing with VENDOR-TEST
This extends the VENDOR-TEST EAP method peer implementation to allow
pending processing case to be selected at run time. The
ap_wpa2_eap_vendor_test test case is similarly extended to include this
option as the second case for full coverage.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
a08fdb17aa tests: EAPOL supplicant invalid frame handling
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
48bb2e68c0 tests: STATUS-VERBOSE
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
90ad11e625 tests: Make active scans more robust
This makes testing under very heavy load or under extensive kernel
debugging options more robust by allowing number of test cases to scan
multiple times before giving up on active scans. The main reason for
many of the related test failures is in Probe Response frame from
hostapd not getting out quickly enough especially when multiple BSSes
are operating.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-23 00:52:40 +02:00
Jouni Malinen
0258cf1006 tests: Clean up ap_wpa2_eap_aka_ext
Use a loop over set of test values instead of duplicated functionality
implemented separately for each case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:09:46 +02:00
Jouni Malinen
584e4197bd tests: Make ap_wpa2_eap_aka_ext faster and more robust
Use SELECT_NETWORK instead of REASSOCIATE for the first reconnection to
avoid unnecessary long wait for temporary network disabling to be
cleared. In addition, wait for the disconnect event after issuing the
DISCONNECT commands to avoid issues due to any pending events during the
immediately following reconnection attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 16:59:40 +02:00
Jouni Malinen
ee9533eb0e tests: EAP-MD5 server error cases
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 12:02:11 +02:00
Jouni Malinen
061cbb258f tests: domain_match checking against server certificate
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
37b4a66ce6 tests: Valid OCSP response with revoked and unknown cert status
This increases testing coverage for OCSP processing by confirming that
valid OCSP response showing revoked certificate status prevents
successful handshake completion. In addition, unknown certificate status
is verified to prevent connection if OCSP is required and allow
connection if OCSP is optional.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
4bf4e9db86 tests: Skip ap_wpa2_eap_ttls_server_cert_hash if probing not supported
The ca_cert="probe://" functionality is currently supported only with
OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
62750c3e80 tests: Use RSA key format in ap_wpa2_eap_tls_blob
This format as a DER encoded blob is supported by both OpenSSL and
GnuTLS while the previous OpenSSL specific format did not get accepted
by GnuTLS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
24579e7047 tests: Split domain_suffix_match test cases based on match type
With GnuTLS, domain_suffix_match is currently requiring full match, so
split the test cases in a way that can be reported more cleanly as PASS
or SKIP based on TLS library behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
506b2f05f2 tests: Split subject_match and altsubject_match to separate test cases
These parameters are supported only with OpenSSL, so split any test case
that used those for a successful connection into two test cases. Skip
all test cases where these are used without the selected TLS library
supporting them to avoid reporting failures incorrectly. Though, verify
that subject_match and altsubject_match get rejected properly if TLS
library does not support these.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
3b51cc6359 tests: Skip EAP-pwd and EAP-FAST test cases if not supported
Check wpa_supplicant EAP capability and skip EAP-pwd and EAP-FAST test
cases if the build did not include support for these. This is cleaner
than reporting failures for such test cases when the selected TLS
library does not support the EAP method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
a783340d04 tests: Skip OpenSSL cipher string tests with other TLS libraries
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-12 00:19:21 +02:00
Jouni Malinen
37d6135507 tests: Increase altsubject_match testing coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-11 00:27:01 +02:00
Jouni Malinen
81e787b750 tests: Convert test skipping to use exception
Instead of returning "skip" from the test function, raise the new
HwsimSkip exception to indicate a test case was skipped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-08 22:43:47 +02:00