aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-06-11 01:40:51 (GMT)
committerJouni Malinen <jouni@codeaurora.org>2019-06-14 20:10:50 (GMT)
commit1363fdb283e2ca6c6aed982ad720be09279e09d4 (patch)
tree720e1e7841249df449d90cd375644d771fc76145
parent21f1a1e66c390d55e7bc7dd62bd6a378b11e0e22 (diff)
downloadhostap-1363fdb283e2ca6c6aed982ad720be09279e09d4.zip
hostap-1363fdb283e2ca6c6aed982ad720be09279e09d4.tar.gz
hostap-1363fdb283e2ca6c6aed982ad720be09279e09d4.tar.bz2
tests: EAP-TLS server certificate validation and TOD
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--tests/hwsim/test_ap_eap.py29
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index dc0d81c..639a5f1 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -6840,3 +6840,32 @@ def run_openssl_systemwide_policy(iface, apdev, test_params):
wpas.wait_connected()
wpas.request("TERMINATE")
+
+def test_ap_wpa2_eap_tls_tod(dev, apdev):
+ """EAP-TLS server certificate validation and TOD"""
+ params = int_eap_server_params()
+ params["server_cert"] = "auth_serv/server-certpol.pem"
+ params["private_key"] = "auth_serv/server-certpol.key"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP",
+ eap="TLS", identity="tls user",
+ wait_connect=False, scan_freq="2412",
+ ca_cert="auth_serv/ca.pem",
+ client_cert="auth_serv/user.pem",
+ private_key="auth_serv/user.key")
+ tod0 = None
+ tod1 = None
+ while tod0 is None or tod1 is None:
+ ev = dev[0].wait_event(["CTRL-EVENT-EAP-PEER-CERT"], timeout=10)
+ if ev is None:
+ raise Exception("Peer certificate not reported")
+ if "depth=1 " in ev and "hash=" in ev:
+ tod1 = " tod=1" in ev
+ if "depth=0 " in ev and "hash=" in ev:
+ tod0 = " tod=1" in ev
+ dev[0].wait_connected()
+ if not tod0:
+ raise Exception("TOD policy not reported for server certificate")
+ if tod1:
+ raise Exception("TOD policy unexpectedly reported for CA certificate")