From 3bfa7f798baae95a080bf8f8f0f9efd6595bbcd5 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 10 Aug 2019 17:22:32 +0300
Subject: [PATCH] tests: Additional tls_flags coverage

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/test_ap_config.py |  1 +
 tests/hwsim/test_ap_eap.py    | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/tests/hwsim/test_ap_config.py b/tests/hwsim/test_ap_config.py
index fcd2955c4..0e8cbcca1 100644
--- a/tests/hwsim/test_ap_config.py
+++ b/tests/hwsim/test_ap_config.py
@@ -527,6 +527,7 @@ def test_ap_config_set_errors(dev, apdev):
     # Various extra coverage (not really errors)
     hapd.set("logger_syslog_level", '1')
     hapd.set("logger_syslog", '0')
+    hapd.set("tls_flags", "[ALLOW-SIGN-RSA-MD5][DISABLE-TIME-CHECKS][DISABLE-TLSv1.0]")
 
     for i in range(50000):
         if "OK" not in hapd.request("SET hs20_conn_capab 17:5060:0"):
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 1734f9dfa..c21df480f 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -5655,6 +5655,9 @@ def check_tls_ver(dev, hapd, phase1, expected):
     ver = dev.get_status_field("eap_tls_version")
     if ver != expected:
         raise Exception("Unexpected TLS version (expected %s): %s" % (expected, ver))
+    dev.request("REMOVE_NETWORK all")
+    dev.wait_disconnected()
+    dev.dump_monitor()
 
 def test_ap_wpa2_eap_tls_versions(dev, apdev):
     """EAP-TLS and TLS version configuration"""
@@ -5684,6 +5687,29 @@ def test_ap_wpa2_eap_tls_versions(dev, apdev):
         check_tls_ver(dev[0], hapd,
                       "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
 
+def test_ap_wpa2_eap_tls_versions_server(dev, apdev):
+    """EAP-TLS and TLS version configuration on server side"""
+    params = {"ssid": "test-wpa2-eap",
+              "wpa": "2",
+              "wpa_key_mgmt": "WPA-EAP",
+              "rsn_pairwise": "CCMP",
+              "ieee8021x": "1",
+              "eap_server": "1",
+              "eap_user_file": "auth_serv/eap_user.conf",
+              "ca_cert": "auth_serv/ca.pem",
+              "server_cert": "auth_serv/server.pem",
+              "private_key": "auth_serv/server.key"}
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+             ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
+             ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
+    for exp, flags in tests:
+        hapd.disable()
+        hapd.set("tls_flags", flags)
+        hapd.enable()
+        check_tls_ver(dev[0], hapd, "", exp)
+
 def test_ap_wpa2_eap_tls_13(dev, apdev):
     """EAP-TLS and TLS 1.3"""
     params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")