Tests for mutual authentication

Author: dgarske

.github/workflows/async-examples.yml

@@ -76,10 +76,13 @@ jobs:
           run_pair ecc_tls12              --tls12 --ecc
           run_pair x25519_tls12           --tls12 --x25519
 
-          # BELOW ARE NOT WORKING YET
           # TLS 1.3 mutual auth
-          #run_pair ecc_tls13_mutual       --mutual --ecc
-          #run_pair x25519_tls13_mutual    --mutual --x25519
+          run_pair ecc_tls13_mutual       --mutual --ecc
+          run_pair x25519_tls13_mutual    --mutual --x25519
+
+          # TLS 1.2 mutual auth
+          run_pair ecc_tls12_mutual       --mutual --tls12 --ecc
+          run_pair x25519_tls12_mutual    --mutual --tls12 --x25519
 
 
       - name: Print async logs

examples/async/Makefile

@@ -51,6 +51,7 @@ $(OBJDIR)/%.o: $(WOLFSSL_TOP)/%.c
 $(OBJDIR)/wolfcrypt/src/ecc_fp.o: CFLAGS += -Wno-pedantic
 $(OBJDIR)/wolfcrypt/src/fips.o: CFLAGS += -Wno-pedantic
 $(OBJDIR)/wolfcrypt/src/fips_test.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/fipsv2.o: CFLAGS += -Wno-pedantic
 $(OBJDIR)/wolfcrypt/src/selftest.o: CFLAGS += -Wno-pedantic
 $(OBJDIR)/wolfcrypt/src/wolfcrypt_first.o: CFLAGS += -Wno-pedantic
 $(OBJDIR)/wolfcrypt/src/wolfcrypt_last.o: CFLAGS += -Wno-pedantic

examples/async/async_server.c

@@ -316,11 +316,12 @@ int server_async_test(int argc, char** argv)
         }
 
         if (mutual) {
-            ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ed25519_cert,
-                sizeof_ca_ed25519_cert, WOLFSSL_FILETYPE_ASN1);
+            /* client-ed25519 is self-signed, so load it as its own CA */
+            ret = wolfSSL_CTX_load_verify_buffer(ctx, client_ed25519_cert,
+                sizeof_client_ed25519_cert, WOLFSSL_FILETYPE_ASN1);
             if (ret != WOLFSSL_SUCCESS) {
                 fprintf(stderr,
-                    "ERROR: failed to load ED25519 CA cert.\n");
+                    "ERROR: failed to load ED25519 client CA cert.\n");
                 goto exit;
             }
         }
@@ -345,10 +346,12 @@ int server_async_test(int argc, char** argv)
         }
 
         if (mutual) {
-            ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
-                sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
+            /* client-ecc-cert is self-signed, so load it as its own CA */
+            ret = wolfSSL_CTX_load_verify_buffer(ctx, cliecc_cert_der_256,
+                sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1);
             if (ret != WOLFSSL_SUCCESS) {
-                fprintf(stderr, "ERROR: failed to load ECC CA cert.\n");
+                fprintf(stderr,
+                    "ERROR: failed to load ECC client CA cert.\n");
                 goto exit;
             }
         }