ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix TLSSocket tests 

- set certs and keys after socket open() as required by offloaded TLSSocket
- Added more checks for invalid handshake test and removed google.com test as
  as some modems (e.g. BG96) might contains root CA for google.com
pull/11357/head
Kimmo Vaisanen 2019-08-26 10:38:28 +03:00
parent 6ba0efc969
commit 986204f269
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
TESTS/netsocket/tls/main.cpp
View File

@ -84,15 +84,15 @@ nsapi_error_t tlssocket_connect_to_srv(TLSSocket &sock, uint16_t port)
printf("MBED: Server '%s', port %d\n", tls_addr.get_ip_address(), tls_addr.get_port());
nsapi_error_t err = sock.set_root_ca_cert(tls_global::cert);
nsapi_error_t err = sock.open(NetworkInterface::get_default_instance());
if (err != NSAPI_ERROR_OK) {
printf("Error from sock.set_root_ca_cert: %d\n", err);
printf("Error from sock.open: %d\n", err);
return err;
}
err = sock.open(NetworkInterface::get_default_instance());
err = sock.set_root_ca_cert(tls_global::cert);
if (err != NSAPI_ERROR_OK) {
printf("Error from sock.open: %d\n", err);
printf("Error from sock.set_root_ca_cert: %d\n", err);
return err;
}

5
TESTS/netsocket/tls/tlssocket_endpoint_close.cpp
View File

@ -48,6 +48,10 @@ static nsapi_error_t _tlssocket_connect_to_daytime_srv(TLSSocket &sock)
return err;
}
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, sock.set_root_ca_cert(tls_global::cert));
sock.set_timeout(10000); // Set timeout for case TLSSocket does not support peer closed indication
return sock.connect(tls_addr);
}
@ -62,7 +66,6 @@ void TLSSOCKET_ENDPOINT_CLOSE()
tc_exec_time.start();
TLSSocket sock;
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, sock.set_root_ca_cert(tls_global::cert));
if (_tlssocket_connect_to_daytime_srv(sock) != NSAPI_ERROR_OK) {
TEST_FAIL();
return;

10
TESTS/netsocket/tls/tlssocket_handshake_invalid.cpp
View File

@ -28,12 +28,18 @@ using namespace utest::v1;
void TLSSOCKET_HANDSHAKE_INVALID()
{
const int https_port = 443;
SKIP_IF_TCP_UNSUPPORTED();
TLSSocket sock;
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, sock.open(NetworkInterface::get_default_instance()));
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, sock.set_root_ca_cert(tls_global::cert));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE,
sock.connect("google.com", 443)); // 443 is https port.
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("expired.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("wrong.host.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("self-signed.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("untrusted-root.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("revoked.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("pinning-test.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_AUTH_FAILURE, sock.connect("sha1-intermediate.badssl.com", https_port));
TEST_ASSERT_EQUAL(NSAPI_ERROR_OK, sock.close());
}