tests: Additional tls_flags coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-11-28 18:28:23 -05:00 · 2019-08-10 17:22:32 +03:00 · 2019-08-10 17:22:32 +03:00 · 3bfa7f798b
commit 3bfa7f798b
parent 8d231c5e3b
2 changed files with 27 additions and 0 deletions
--- a/tests/hwsim/test_ap_config.py
+++ b/tests/hwsim/test_ap_config.py
@ -527,6 +527,7 @@ def test_ap_config_set_errors(dev, apdev):
    # Various extra coverage (not really errors)
    hapd.set("logger_syslog_level", '1')
    hapd.set("logger_syslog", '0')
+    hapd.set("tls_flags", "[ALLOW-SIGN-RSA-MD5][DISABLE-TIME-CHECKS][DISABLE-TLSv1.0]")

    for i in range(50000):
        if "OK" not in hapd.request("SET hs20_conn_capab 17:5060:0"):
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@ -5655,6 +5655,9 @@ def check_tls_ver(dev, hapd, phase1, expected):
    ver = dev.get_status_field("eap_tls_version")
    if ver != expected:
        raise Exception("Unexpected TLS version (expected %s): %s" % (expected, ver))
+    dev.request("REMOVE_NETWORK all")
+    dev.wait_disconnected()
+    dev.dump_monitor()

 def test_ap_wpa2_eap_tls_versions(dev, apdev):
    """EAP-TLS and TLS version configuration"""
@ -5684,6 +5687,29 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
        check_tls_ver(dev[0], hapd,
                      "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")

+def test_ap_wpa2_eap_tls_versions_server(dev, apdev):
+    """EAP-TLS and TLS version configuration on server side"""
+    params = {"ssid": "test-wpa2-eap",
+              "wpa": "2",
+              "wpa_key_mgmt": "WPA-EAP",
+              "rsn_pairwise": "CCMP",
+              "ieee8021x": "1",
+              "eap_server": "1",
+              "eap_user_file": "auth_serv/eap_user.conf",
+              "ca_cert": "auth_serv/ca.pem",
+              "server_cert": "auth_serv/server.pem",
+              "private_key": "auth_serv/server.key"}
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+             ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+             ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
+    for exp, flags in tests:
+        hapd.disable()
+        hapd.set("tls_flags", flags)
+        hapd.enable()
+        check_tls_ver(dev[0], hapd, "", exp)
+
 def test_ap_wpa2_eap_tls_13(dev, apdev):
    """EAP-TLS and TLS 1.3"""
    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")