tests: http_server: fix failing TLS tests due to moved certificates

Testcase uses certificates from the sample application at samples/net/sockets/http_server. These were modified and moved into a different folder by a previous commit, causing a build failure in the test. Testcase updated to: - use new path to certificates - update available cipher suites, since certificates now use ECDSA - update expected hostname in certificate The CA certificate in the sample app is also converted to .der format for inclusion in the test (the content is exactly the same as the PEM version, just converted to DER). Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
zephyrproject-rtos · Dec 11, 2024 · 8f07784 · 8f07784
1 parent 90ff9c0
commit 8f07784
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/samples/net/sockets/http_server/src/certs/ca_cert.der b/samples/net/sockets/http_server/src/certs/ca_cert.der
diff --git a/tests/net/lib/http_server/tls/CMakeLists.txt b/tests/net/lib/http_server/tls/CMakeLists.txt
@@ -12,33 +12,33 @@ set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/)
 if (${CONFIG_TLS_CREDENTIALS})
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/ca.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/ca_cert.der
     ${gen_dir}/ca.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/server.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/server_privkey.inc
   )
 
   # we reuse the same certificate / private key for client
   # since it seems to be the only one that is signed by a ca
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/client.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/client_privkey.inc
   )
 endif()

diff --git a/tests/net/lib/http_server/tls/prj.conf b/tests/net/lib/http_server/tls/prj.conf
@@ -31,6 +31,14 @@ CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
 CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6
+CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_ECP_C=y
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 
 # Network buffers / packets / sizes
 CONFIG_NET_BUF_TX_COUNT=32

diff --git a/tests/net/lib/http_server/tls/src/main.c b/tests/net/lib/http_server/tls/src/main.c
@@ -167,8 +167,8 @@ static void test_tls(void)
 				       sec_tag_list, sec_tag_list_size);
 		zassert_not_equal(ret, -1, "failed to set TLS_SEC_TAG_LIST (%d)", errno);
 
-		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME,
-				       "localhost", sizeof("localhost"));
+		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME, "zephyr.local",
+				       sizeof("zephyr.local"));
 		zassert_not_equal(ret, -1, "failed to set TLS_HOSTNAME (%d)", errno);
 	}