From 6c4b5da46db21c5413a8670ba89435e520f9b146 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 8 Jul 2015 19:52:14 +0300 Subject: [PATCH] tests: EAP-TLS and TLS version configuration Signed-off-by: Jouni Malinen --- tests/hwsim/test_ap_eap.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 949ebce47..579b04e12 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -3332,3 +3332,28 @@ def test_ap_wpa2_eap_oom(dev, apdev): client_cert="auth_serv/user.pem", private_key="auth_serv/user.key", scan_freq="2412") + +def check_tls_ver(dev, ap, phase1, expected): + eap_connect(dev, ap, "TLS", "tls user", ca_cert="auth_serv/ca.pem", + client_cert="auth_serv/user.pem", + private_key="auth_serv/user.key", + phase1=phase1) + ver = dev.get_status_field("eap_tls_version") + if ver != expected: + raise Exception("Unexpected TLS version (expected %s): %s" % (expected, ver)) + +def test_ap_wpa2_eap_tls_versions(dev, apdev): + """EAP-TLS and TLS version configuration""" + params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") + hostapd.add_ap(apdev[0]['ifname'], params) + + tls = dev[0].request("GET tls_library") + if tls.startswith("OpenSSL"): + if "build=OpenSSL 1.0.2" in tls and "run=OpenSSL 1.0.2" in tls: + check_tls_ver(dev[0], apdev[0], + "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1", + "TLSv1.2") + check_tls_ver(dev[1], apdev[0], + "tls_disable_tlsv1_0=1 tls_disable_tlsv1_2=1", "TLSv1.1") + check_tls_ver(dev[2], apdev[0], + "tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")