tests: resumption: enhanced and avoid the use of gnutls-cli insecure option

This test was improved to test resumption with TLS 1.3 in addition to TLS 1.2
as well as improve fallback on centos10. This patch introduces validation using
the right CA file.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>

tests/resumption

@@ -44,14 +44,26 @@ PID=$!
 
 wait_server $PID
 
-echo -n "Connecting to resume... "
-( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -r --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 $ADDRESS --port $PORT --insecure > $TMPFILE 2>/dev/null </dev/null ) ||
-	(cat ${TMPFILE} && fail $PID "Could not connect to resume!" )
+echo -n " * Connecting to resume - TLS 1.2... "
+( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
+	{ cat ${TMPFILE} && fail $PID "TLS1.2: Could not connect to resume!"; }
 
-grep "This is a resumed session" ${TMPFILE}
+grep "This is a resumed session" ${TMPFILE} >/dev/null
 if test $? != 0;then
 	cat ${TMPFILE}
-	fail $PID "failed, session was not resumed"
+	fail $PID "failed, TLS 1.2 session was not resumed"
+fi
+
+echo "ok"
+
+echo -n " * Connecting to resume - TLS 1.3... "
+( LD_PRELOAD=libsocket_wrapper.so gnutls-cli -d 9999 -r $ADDRESS --port $PORT --sni-hostname localhost --verify-hostname localhost --x509cafile="${srcdir}/certs/ca.pem" > $TMPFILE 2>&1 </dev/null ) ||
+	{ cat ${TMPFILE} && fail $PID "TLS1.3: Could not connect to resume!"; }
+
+grep "Resume Handshake was completed" ${TMPFILE} >/dev/null
+if test $? != 0;then
+	cat ${TMPFILE}
+	fail $PID "failed, TLS 1.3 session was not resumed"
 fi
 
 echo "ok"