From: Jouni Malinen Date: Mon, 10 Aug 2015 21:38:44 +0000 (+0300) Subject: tests: Try users2.pkcs12 twice to add coverage X-Git-Tag: hostap_2_5~168 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6da3b745f196e33f594e285d8abc53ea217061aa;p=thirdparty%2Fhostap.git tests: Try users2.pkcs12 twice to add coverage This allows manual verification of extra PKCS#12 certificate processing. Signed-off-by: Jouni Malinen --- diff --git a/tests/hwsim/auth_serv/user3.pkcs12 b/tests/hwsim/auth_serv/user3.pkcs12 new file mode 100644 index 000000000..953d7cb91 Binary files /dev/null and b/tests/hwsim/auth_serv/user3.pkcs12 differ diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index a4f2e67c3..1fc0bfd4b 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -1341,11 +1341,18 @@ def test_ap_wpa2_eap_tls_pkcs12(dev, apdev): dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected() - eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem", - private_key="auth_serv/user2.pkcs12", - private_key_passwd="whatever") - dev[0].request("REMOVE_NETWORK all") - dev[0].wait_disconnected() + # Run this twice to verify certificate chain handling with OpenSSL. Use two + # different files to cover both cases of the extra certificate being the + # one that signed the client certificate and it being unrelated to the + # client certificate. + for pkcs12 in "auth_serv/user2.pkcs12", "auth_serv/user3.pkcs12": + for i in range(2): + eap_connect(dev[0], apdev[0], "TLS", "tls user", + ca_cert="auth_serv/ca.pem", + private_key=pkcs12, + private_key_passwd="whatever") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() def test_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev): """WPA2-Enterprise connection using EAP-TLS and PKCS#12 from configuration blob"""