Closed gapelbaum closed 5 years ago
awaizkhan
commented
6 years ago Hi Gustavo, Please refer to the readme file for cert generation. All negative tests for TLS are mainly checking CBSD functionality to ensure in these -ve scenarios CBSD is able to take appropriate action.
Please provide Wireshark trace for us to take a look? -Awaiz
gapelbaum
commented
6 years ago Hi Awaiz,
Attached wireshark file, 192.168.4.125 is the Ip of MockSAS
Regards Gustavo
idanrazisr
commented
6 years ago Hi Gustavo, I tested again WINNF.FT.C.SCS.5 with the sample SAS corrupted certificate - and it is rejected properly as being corrupted. I tested both using Airspan Domain Proxy and CURL utility and got the correct result - both rejected the TLS session by sending a TLS Alert message and and identified "certificate signature cannot be verified" or "decrypt error". So your CBSD UUT failed to recognize this condition and wrongly continued to establish the TLS connection. I also noted that there are many TCP retrasnmissions from your SAS Harness machine - not sure why.
awaizkhan
commented
5 years ago Hi Gustavo, Please close if you are ok with resolution.
gapelbaum
commented
5 years ago Closed
Hi,
I tested WINNF.FT.C.SCS.5 using the file sasharnesscertnotvalid.pem available on folder "WINNF.FT.C.SCS.5_TLS failure certificate is corrupted" but TLS is established.
Someone tested it ? Any advice.
Regards Gustavo