tests: http_server: fix failing TLS tests due to moved certificates

Testcase uses certificates from the sample application at
samples/net/sockets/http_server. These were modified and moved into a
different folder by a previous commit, causing a build failure in the
test.

Testcase updated to:
- use new path to certificates
- update available cipher suites, since certificates now use ECDSA
- update expected hostname in certificate

The CA certificate in the sample app is also converted to .der format
for inclusion in the test (the content is exactly the same as the PEM
version, just converted to DER).

Signed-off-by: Matt Rodgers <[email protected]>

Author: mrodgers-witekio

samples/net/sockets/http_server/src/certs/ca_cert.der

@@ -12,33 +12,33 @@ set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/)
 if (${CONFIG_TLS_CREDENTIALS})
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/ca.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/ca_cert.der
     ${gen_dir}/ca.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/server.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/server_privkey.inc
   )
 
   # we reuse the same certificate / private key for client
   # since it seems to be the only one that is signed by a ca
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_cert.der
     ${gen_dir}/client.inc
   )
 
   generate_inc_file_for_target(
     app
-    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/server_privkey.der
+    ${ZEPHYR_BASE}/samples/net/sockets/http_server/src/certs/server_privkey.der
     ${gen_dir}/client_privkey.inc
   )
 endif()

tests/net/lib/http_server/tls/CMakeLists.txt

@@ -31,6 +31,14 @@ CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
 CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6
+CONFIG_MBEDTLS_ECDH_C=y
+CONFIG_MBEDTLS_ECDSA_C=y
+CONFIG_MBEDTLS_ECP_C=y
+CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=n
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
 
 # Network buffers / packets / sizes
 CONFIG_NET_BUF_TX_COUNT=32

tests/net/lib/http_server/tls/prj.conf

@@ -167,8 +167,8 @@ static void test_tls(void)
 				       sec_tag_list, sec_tag_list_size);
 		zassert_not_equal(ret, -1, "failed to set TLS_SEC_TAG_LIST (%d)", errno);
 
-		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME,
-				       "localhost", sizeof("localhost"));
+		ret = zsock_setsockopt(client_fd, SOL_TLS, TLS_HOSTNAME, "zephyr.local",
+				       sizeof("zephyr.local"));
 		zassert_not_equal(ret, -1, "failed to set TLS_HOSTNAME (%d)", errno);
 	}