Make support for certificate status messages optional via policy

Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message.
author: Harry Reimann <[email protected]> 2017-11-29 08:35:27 +0100
committer: Harry Reimann <[email protected]> 2017-12-04 10:54:14 +0100
commit: 805bb27dff20e491e76142db2b5fe1bd586d4788 (patch)
tree: 64cc4c6ea4633a86509a8b18635c802ec3c3a8e8 /src/tests/unit_tls.cpp
parent: b236a8aa0803bac4fba3c1de840379fb01f54ca1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index b22028a0e..026eeb62d 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -1308,6 +1308,9 @@ class TLS_Unit_Tests final : public Test
          test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",
             { { "signature_methods", "RSA" } });
 
+         test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",
+            { { "support_cert_status_message", "false" } });
+
 #if defined(BOTAN_HAS_DSA)
          test_modern_versions(results, *client_ses, *server_ses, *creds, "DH", "AES-128/GCM", "AEAD",
             { { "signature_methods", "DSA" } });
author	Harry Reimann <[email protected]>	2017-11-29 08:35:27 +0100
committer	Harry Reimann <[email protected]>	2017-12-04 10:54:14 +0100
commit	805bb27dff20e491e76142db2b5fe1bd586d4788 (patch)
tree	64cc4c6ea4633a86509a8b18635c802ec3c3a8e8 /src/tests/unit_tls.cpp
parent	b236a8aa0803bac4fba3c1de840379fb01f54ca1 (diff)