From 6da3b745f196e33f594e285d8abc53ea217061aa Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 11 Aug 2015 00:38:44 +0300
Subject: [PATCH] tests: Try users2.pkcs12 twice to add coverage

This allows manual verification of extra PKCS#12 certificate processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/auth_serv/user3.pkcs12 | Bin 0 -> 2356 bytes
 tests/hwsim/test_ap_eap.py         |  17 ++++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)
 create mode 100644 tests/hwsim/auth_serv/user3.pkcs12

diff --git a/tests/hwsim/auth_serv/user3.pkcs12 b/tests/hwsim/auth_serv/user3.pkcs12
new file mode 100644
index 0000000000000000000000000000000000000000..953d7cb91b8b1be0bec33e2324e9552548e48337
GIT binary patch
literal 2356
zcmY+Ec{~%28^>p3ZRMI4Np8*6*c?O7$XRR65wQ_9iCl@Csky?+ol?%_nj=T<bFP$}
zeI4ZtO~^GlBK-7v{eHiGzdt^&=XrfT&+GZ?dEO{86a{1fp~#R;FjOYoD13{9<p@g#
z88XL8hRht=lPEIVo4*k_gUpt3XuSfm01ivi--HEq8hrHM8`xREC{9+$`H`=>t_0^n
zAP@q0NM>`&x1;(x?``8`!FbWLFFT1FfgIOQG(0%78+Q~7yx&LU!PJuq7$wSA^x$jf
zEOAX$&%GDzA@vEdHU$y<eTnYbnaCIQH*<mnk4q4QoaTLlTu^D@IgUO#Z-8z)GE?cn
z%yP{~Z5<_&!~LrQZ(dnz!VBeZuDm=~$id@DSbVmrt$VhYk`PUy6mM42FHY7nt%Mf@
z0;sp|NfilnM;WWOH9b?t=alp7$?p!2N;Wds;z(MIoDVovvs~%kp5;O9G?Z(;m;q3Z
zU5}s%MI9Jj_N=U)mXyxo?eHxt)lBm<?BR=B&uMcxd$rZ&9dWIXV_z)fQYCNxj%i`8
ziavcSoBNTNx4lJ3!%!C;ujP6hA7d6)(47^N<<idO@27T7*oBANZuXx>E#+kqTztj?
z-Lob5TWdRH4&;|2lQNoaXECw9FlK1nZmTKNCEZ+hO_b)ZJeHU#ll<w37ddL~^~Ug9
zSt)fRtq|_WrL<k(XA*SH<J7^IrObmCF7NoEyA;n~8Uqlvxg^Ns#h^Wpy;db6L`|1y
z*KFHPNWKvUzvCl1S(v8>zcZUEb8#tWZj3o=r1M?MSCZLDYY{)SCbeN2aozPo^>{qR
zp@hJ*UNQL8FIVMvaL`@Jj0Vl#3l(94Mp_!qTCa>cZW_3hT7D?$yTnDa6v=^L2AaOB
zI&kB}(b_@)-yUlaWK@D9(5Jv>qUnocYW_fDzxmJrn)h4r$(F*h1q?UBYXVub@FH~P
zixdLC&TOE%{-RpV6kl2S7&x(@7(L;19+4_H>mCtoziR*F=~jyvYMca%iY1~4s81=`
z{qCoS@-HCYz2P85_zlN7UvTbL7b$v_rB7*neA(s6b5Hy97kb}SQoIQg3ThvgI)W1w
zY@X^D{Z3>oPS2}s>tU@)`seq<WLBYY1v{y<-_7?QJZhVhc>V0Nd{&Aqmcb&D<Or)i
z5W4%-QtN7Wl3eCJIK%3+m|!V$=W>0AuC7u-wE^qVI2l0CakB$=Dx5CZ+q~FM1D30(
zzZ9<UTedRjSUwGX`(VARb>fml-FYbUo5H*Td)3*#Cv73BJZzY@#zhl=wt+)qtgVeM
z{J1oh4%XRgPszjP^r{MJM_sB+xE965RMGtG5v}T!Y#s4XatSq%Y&8N#Vx;d+pN6oG
ziL5qPsO4i~qx0IslW12KImIRBEOuobPm&ys`R6HEQ>OWt{IR_%*nZfUpm;vQxZW$m
z-!0IpakSRUgCstnddI-j$jgwJJaNl$qp+K)pX!^m7e!$vO-iW$@bQTK>6<Z5)=-t7
zm5kYt4K7MqEV|bhED3_MZsQs9rmJ0rw#r-MXXrR5;G#mOwB{*+Izw5F7@tYLkm}LM
zcS5{6e!800Tj*I-s3vG{o>{nS$e^2w<>$#UbtZHD^Tn@a!Gu&2or&!mmW;Yh7Mo^S
z88OK@d20`V<2r59R00*M{yD7<`u$N9y)bb$;XY~VsxEIIPRGr|ftRz`-eM6+`RL43
zw<B94crZc>Rh-JLU78As^cJsPqG_m^@D^i=@LzAR40bRkq+voQbvco|PFyi$6Klim
znTriJ+WP&fI^lQHr3^O}S7?u$4TmIn!HBhkD$53uiaC<-(R{98wm_~V*OFBmx9(Ej
zp-)5)wWarWF|o1#NX!q5<|D#8s$eng!v4P_3eb4)dynT_?9pVXFKnfL%Fy;r_7lZ>
z(M_sWYC1}M)Yh8Pf--k{aX_AZdT<Z(M@j6thRMyHWQTH-d5W;0$%-Bk+kY+1OUX~c
zQ#rAWpTk5ITS>Y_+0EyRt9d|13p`|9rag~*kI~N7VHpZUkwH@b1Lh1eh@X`VI&o;j
z4#fdJ_8&|iWdUZ8fjKBLFzf&54f;cG=QGOvVm>(9A9}Nrfe#H~BdJosbKcyb0BYJ;
zLkzG!{9IjK9~xLNYjE(oirrh%WCzo9G>>p>T1u=%-Nv}V%*zckueFWi5CvzTMXrt>
zIldi|Uhaa|4SHYeqVxO*qq2H7_KO|iQ-5iqRf*WQA!>N=$UO`lml(H@o?KX!Q4f@v
z?$Lo=jBeI7iRccWsr{_b)Ae=qN=`24iu>vTs0?{W1M9%=k(>$(_;RJ8G%x-~q1>^U
zunvOZnb2}$)Zp8zBJ?ON2M_^PA2~MQojR(mez4!Es8flwo|ut4iI48Lk*|5};HdG;
zJ|sc^=cn^XoWmF8qRfE^f}^|fY((T<Xmj*rS36<l^_pB99JnpqP{Sa6thj8>M~kHg
ze0;m_Bs8_ywC~qZC;MWyb}f9k%gg=4FbZ-($6Iiu`n)35!jo3j<)x(PX6}sqg%Ou|
z`Iz`>Kv^GITpXo7=JIQH5REM6h9H*Tze^nFJJQ0O%9=<ZsLKF#pPX##S`;&;BfQ%Z
zCayHSQ(+ff&GZYkGzl1qzh8C7+Tw1Dz;1AK|AU%NH*<+0d+cJ|{7;|Soao2n89qvg
z>=m4#QD0C2CT65E<dpAm8#(~k(qCATJ!w|XaD=EJ#`cXo>o^L&ddBoB=4FP>|6og@
zVk0H9zh5%{sdUo}_%yrr;QPT@xxE&*a3#fDX|4FFmgOvpX*%cI%}?L_vx}lu_6%$6
zq5kYM<$4LHe<KGI<TZFqUXn6APXrx9B+j71n5_f^Q3HV=>TI%kcO-6e!YeS40LQ`w
zazXy@rMITD@sH%pL%izDlI6~ZsYyYD+G%rQ@ze90y(+hHAM3_z^B#BYE|d?6%o%ar
zutb}q#Q%HM&=Y80R(QZgTO_F{GnsfR2@k{Afp-_0H&DpGLvXZ+kPyHX;0F)^+yIaO
zcLDbRw*iiax&g31>`4GG6dEOpf`Zv(IYGcvYyehxe7WU6*YoIA{CS-*_;6?zpl_0m
R6+)qgZsn?jqyId^zW~YnPOSg{

literal 0
HcmV?d00001

diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index a4f2e67c3..1fc0bfd4b 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -1341,11 +1341,18 @@ def test_ap_wpa2_eap_tls_pkcs12(dev, apdev):
     dev[0].request("REMOVE_NETWORK all")
     dev[0].wait_disconnected()
 
-    eap_connect(dev[0], apdev[0], "TLS", "tls user", ca_cert="auth_serv/ca.pem",
-                private_key="auth_serv/user2.pkcs12",
-                private_key_passwd="whatever")
-    dev[0].request("REMOVE_NETWORK all")
-    dev[0].wait_disconnected()
+    # Run this twice to verify certificate chain handling with OpenSSL. Use two
+    # different files to cover both cases of the extra certificate being the
+    # one that signed the client certificate and it being unrelated to the
+    # client certificate.
+    for pkcs12 in "auth_serv/user2.pkcs12", "auth_serv/user3.pkcs12":
+        for i in range(2):
+            eap_connect(dev[0], apdev[0], "TLS", "tls user",
+                        ca_cert="auth_serv/ca.pem",
+                        private_key=pkcs12,
+                        private_key_passwd="whatever")
+            dev[0].request("REMOVE_NETWORK all")
+            dev[0].wait_disconnected()
 
 def test_ap_wpa2_eap_tls_pkcs12_blob(dev, apdev):
     """WPA2-Enterprise connection using EAP-TLS and PKCS#12 from configuration blob"""