From 8f07784e9fff4f5db5ba18a6e0be168cc4f70530 Mon Sep 17 00:00:00 2001
From: Matt Rodgers <mrodgers@witekio.com>
Date: Wed, 11 Dec 2024 08:27:44 +0000
Subject: [PATCH] tests: http_server: fix failing TLS tests due to moved
 certificates

Testcase uses certificates from the sample application at
samples/net/sockets/http_server. These were modified and moved into a
different folder by a previous commit, causing a build failure in the
test.

Testcase updated to:
- use new path to certificates
- update available cipher suites, since certificates now use ECDSA
- update expected hostname in certificate

The CA certificate in the sample app is also converted to .der format
for inclusion in the test (the content is exactly the same as the PEM
version, just converted to DER).

Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
---
 .../net/sockets/http_server/src/certs/ca_cert.der | Bin 0 -> 488 bytes
 tests/net/lib/http_server/tls/CMakeLists.txt      |  10 +++++-----
 tests/net/lib/http_server/tls/prj.conf            |   8 ++++++++
 tests/net/lib/http_server/tls/src/main.c          |   4 ++--
 4 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 samples/net/sockets/http_server/src/certs/ca_cert.der

diff --git a/samples/net/sockets/http_server/src/certs/ca_cert.der b/samples/net/sockets/http_server/src/certs/ca_cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..d2d00cd84115a50c54c0968d059ad77466f26ebe
GIT binary patch
literal 488
zcmXqLVtiuI#MrrjnTe5!NhGGqRVbriyTPZeuZ(|A>1$W9I&Nyf#m1r4=5fxJg_+5~
z%}~rhgpE0rg^PzbDzzY^vZ$aaKPxr4#8AgT3nb3Wql_Z15S*A>kdvz5l3JFUlV6aV
znpdLW>}a4M&TC|1XlP_^XlQC-Y7iyCZ)6A(FffJ+P|c=D17S9Hu=|-9p&nsoWM_6_
zVA-Sk{mCir(AyQBrt=o%u=YK=`l-P9$661?bN*{T{GA)&o%(rFdY#|bD@Tleel7Xi
zv(js^{u(jnDxrCwbc4@k@h=WG2sDrddRmr`MT|w{qSLqK^`2^4Zx_7R$(DH#y<4m<
z#y}n<t;`}}Al86g0Y6BAFeBrC7FGjhAcY*-%$^JeZcK^{TQ~0xerqyK@7vMY%o&Z{
zLU{|;efr?lG$G;T#do`A@UH?YIc;~N<lX1igV!3Dim%wC8n%3A(dkg5L+>A&oj%C1
H@8Bl@eD19W

literal 0
HcmV?d00001

diff --git a/tests/net/lib/http_server/tls/CMakeLists.txt b/tests/net/lib/http_server/tls/CMakeLists.txt
index f277bc750b2..e5b6813a30f 100644
--- a/tests/net/lib/http_server/tls/CMakeLists.txt
+++ b/tests/net/lib/http_server/tls/CMakeLists.txt
@@ -12,19 +12,19 @@ set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/)
 if (${CONFIG_TLS_CREDENTIALS})
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/ca.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/ca_cert.der
     ${gen_dir}/ca.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/server.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/server_privkey.inc
   )
 
@@ -32,13 +32,13 @@ if (${CONFIG_TLS_CREDENTIALS})
   # since it seems to be the only one that is signed by a ca
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/client.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/client_privkey.inc
   )
 endif()
diff --git a/tests/net/lib/http_server/tls/prj.conf b/tests/net/lib/http_server/tls/prj.conf
index ecc95780d15..8affe9ba414 100644
--- a/tests/net/lib/http_server/tls/prj.conf
+++ b/tests/net/lib/http_server/tls/prj.conf
@@ -31,6 +31,14 @@ CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
 CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6
+CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_ECP_C=y
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 
 # Network buffers / packets / sizes
 CONFIG_NET_BUF_TX_COUNT=32
diff --git a/tests/net/lib/http_server/tls/src/main.c b/tests/net/lib/http_server/tls/src/main.c
index 34c5c8fe7f0..1928e968b94 100644
--- a/tests/net/lib/http_server/tls/src/main.c
+++ b/tests/net/lib/http_server/tls/src/main.c
@@ -167,8 +167,8 @@ static void test_tls(void)
 				       sec_tag_list, sec_tag_list_size);
 		zassert_not_equal(ret, -1, "failed to set TLS_SEC_TAG_LIST (%d)", errno);
 
-		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME,
-				       "localhost", sizeof("localhost"));
+		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME, "zephyr.local",
+				       sizeof("zephyr.local"));
 		zassert_not_equal(ret, -1, "failed to set TLS_HOSTNAME (%d)", errno);
 	}