]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/ssl-tests/04-client_auth.conf
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add ExpectedClientCANames
[thirdparty/openssl.git] / test / ssl-tests / 04-client_auth.conf
CommitLineData
63936115
EK		 1# Generated with generate_ssl_tests.pl
2
49619ab0 3num_tests = 30
63936115
EK		 4
5test-0 = 0-server-auth-flex
6test-1 = 1-client-auth-flex-request
7test-2 = 2-client-auth-flex-require-fail
8test-3 = 3-client-auth-flex-require
9test-4 = 4-client-auth-flex-noroot
10test-5 = 5-server-auth-TLSv1
11test-6 = 6-client-auth-TLSv1-request
12test-7 = 7-client-auth-TLSv1-require-fail
13test-8 = 8-client-auth-TLSv1-require
14test-9 = 9-client-auth-TLSv1-noroot
15test-10 = 10-server-auth-TLSv1.1
16test-11 = 11-client-auth-TLSv1.1-request
17test-12 = 12-client-auth-TLSv1.1-require-fail
18test-13 = 13-client-auth-TLSv1.1-require
19test-14 = 14-client-auth-TLSv1.1-noroot
20test-15 = 15-server-auth-TLSv1.2
21test-16 = 16-client-auth-TLSv1.2-request
22test-17 = 17-client-auth-TLSv1.2-require-fail
23test-18 = 18-client-auth-TLSv1.2-require
24test-19 = 19-client-auth-TLSv1.2-noroot
49619ab0
EK		 25test-20 = 20-server-auth-DTLSv1
26test-21 = 21-client-auth-DTLSv1-request
27test-22 = 22-client-auth-DTLSv1-require-fail
28test-23 = 23-client-auth-DTLSv1-require
29test-24 = 24-client-auth-DTLSv1-noroot
30test-25 = 25-server-auth-DTLSv1.2
31test-26 = 26-client-auth-DTLSv1.2-request
32test-27 = 27-client-auth-DTLSv1.2-require-fail
33test-28 = 28-client-auth-DTLSv1.2-require
34test-29 = 29-client-auth-DTLSv1.2-noroot
63936115
EK		 35# ===========================================================
36
37[0-server-auth-flex]
38ssl_conf = 0-server-auth-flex-ssl
39
40[0-server-auth-flex-ssl]
41server = 0-server-auth-flex-server
42client = 0-server-auth-flex-client
43
44[0-server-auth-flex-server]
45Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
46CipherString = DEFAULT
47PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
48
63936115
EK		 49[0-server-auth-flex-client]
50CipherString = DEFAULT
51VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
52VerifyMode = Peer
53
63936115
EK		 54[test-0]
55ExpectedResult = Success
56
57
58# ===========================================================
59
60[1-client-auth-flex-request]
61ssl_conf = 1-client-auth-flex-request-ssl
62
63[1-client-auth-flex-request-ssl]
64server = 1-client-auth-flex-request-server
65client = 1-client-auth-flex-request-client
66
67[1-client-auth-flex-request-server]
68Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
69CipherString = DEFAULT
70PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
71VerifyMode = Request
72
63936115
EK		 73[1-client-auth-flex-request-client]
74CipherString = DEFAULT
75VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
76VerifyMode = Peer
77
63936115
EK		 78[test-1]
79ExpectedResult = Success
80
81
82# ===========================================================
83
84[2-client-auth-flex-require-fail]
85ssl_conf = 2-client-auth-flex-require-fail-ssl
86
87[2-client-auth-flex-require-fail-ssl]
88server = 2-client-auth-flex-require-fail-server
89client = 2-client-auth-flex-require-fail-client
90
91[2-client-auth-flex-require-fail-server]
92Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
93CipherString = DEFAULT
94PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
95VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
96VerifyMode = Require
97
63936115
EK		 98[2-client-auth-flex-require-fail-client]
99CipherString = DEFAULT
100VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
101VerifyMode = Peer
102
63936115
EK		 103[test-2]
104ExpectedResult = ServerFail
9f48bbac 105ExpectedServerAlert = HandshakeFailure
63936115
EK		 106
107
108# ===========================================================
109
110[3-client-auth-flex-require]
111ssl_conf = 3-client-auth-flex-require-ssl
112
113[3-client-auth-flex-require-ssl]
114server = 3-client-auth-flex-require-server
115client = 3-client-auth-flex-require-client
116
117[3-client-auth-flex-require-server]
118Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
119CipherString = DEFAULT
120PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
121VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
122VerifyMode = Request
123
63936115
EK		 124[3-client-auth-flex-require-client]
125Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
126CipherString = DEFAULT
127PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
128VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
129VerifyMode = Peer
130
63936115 131[test-3]
a470f023 132ExpectedClientCertType = RSA
63936115
EK		 133ExpectedResult = Success
134
135
136# ===========================================================
137
138[4-client-auth-flex-noroot]
139ssl_conf = 4-client-auth-flex-noroot-ssl
140
141[4-client-auth-flex-noroot-ssl]
142server = 4-client-auth-flex-noroot-server
143client = 4-client-auth-flex-noroot-client
144
145[4-client-auth-flex-noroot-server]
146Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
147CipherString = DEFAULT
148PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
149VerifyMode = Require
150
63936115
EK		 151[4-client-auth-flex-noroot-client]
152Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
153CipherString = DEFAULT
154PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
155VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
156VerifyMode = Peer
157
63936115
EK		 158[test-4]
159ExpectedResult = ServerFail
9f48bbac 160ExpectedServerAlert = UnknownCA
63936115
EK		 161
162
163# ===========================================================
164
165[5-server-auth-TLSv1]
166ssl_conf = 5-server-auth-TLSv1-ssl
167
168[5-server-auth-TLSv1-ssl]
169server = 5-server-auth-TLSv1-server
170client = 5-server-auth-TLSv1-client
171
172[5-server-auth-TLSv1-server]
173Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
174CipherString = DEFAULT
78cbe94f
MC		 175MaxProtocol = TLSv1
176MinProtocol = TLSv1
63936115 177PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 178
63936115
EK		 179[5-server-auth-TLSv1-client]
180CipherString = DEFAULT
78cbe94f
MC		 181MaxProtocol = TLSv1
182MinProtocol = TLSv1
63936115
EK		 183VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
184VerifyMode = Peer
185
63936115
EK		 186[test-5]
187ExpectedResult = Success
188
189
190# ===========================================================
191
192[6-client-auth-TLSv1-request]
193ssl_conf = 6-client-auth-TLSv1-request-ssl
194
195[6-client-auth-TLSv1-request-ssl]
196server = 6-client-auth-TLSv1-request-server
197client = 6-client-auth-TLSv1-request-client
198
199[6-client-auth-TLSv1-request-server]
200Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
201CipherString = DEFAULT
78cbe94f
MC		 202MaxProtocol = TLSv1
203MinProtocol = TLSv1
63936115 204PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 205VerifyMode = Request
206
63936115
EK		 207[6-client-auth-TLSv1-request-client]
208CipherString = DEFAULT
78cbe94f
MC		 209MaxProtocol = TLSv1
210MinProtocol = TLSv1
63936115
EK		 211VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
212VerifyMode = Peer
213
63936115
EK		 214[test-6]
215ExpectedResult = Success
216
217
218# ===========================================================
219
220[7-client-auth-TLSv1-require-fail]
221ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
222
223[7-client-auth-TLSv1-require-fail-ssl]
224server = 7-client-auth-TLSv1-require-fail-server
225client = 7-client-auth-TLSv1-require-fail-client
226
227[7-client-auth-TLSv1-require-fail-server]
228Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
229CipherString = DEFAULT
78cbe94f
MC		 230MaxProtocol = TLSv1
231MinProtocol = TLSv1
63936115 232PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 233VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
234VerifyMode = Require
235
63936115
EK		 236[7-client-auth-TLSv1-require-fail-client]
237CipherString = DEFAULT
78cbe94f
MC		 238MaxProtocol = TLSv1
239MinProtocol = TLSv1
63936115
EK		 240VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
241VerifyMode = Peer
242
63936115
EK		 243[test-7]
244ExpectedResult = ServerFail
9f48bbac 245ExpectedServerAlert = HandshakeFailure
63936115
EK		 246
247
248# ===========================================================
249
250[8-client-auth-TLSv1-require]
251ssl_conf = 8-client-auth-TLSv1-require-ssl
252
253[8-client-auth-TLSv1-require-ssl]
254server = 8-client-auth-TLSv1-require-server
255client = 8-client-auth-TLSv1-require-client
256
257[8-client-auth-TLSv1-require-server]
258Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
259CipherString = DEFAULT
78cbe94f
MC		 260MaxProtocol = TLSv1
261MinProtocol = TLSv1
63936115 262PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 263VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
264VerifyMode = Request
265
63936115
EK		 266[8-client-auth-TLSv1-require-client]
267Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
268CipherString = DEFAULT
78cbe94f
MC		 269MaxProtocol = TLSv1
270MinProtocol = TLSv1
63936115 271PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 272VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
273VerifyMode = Peer
274
63936115 275[test-8]
a470f023 276ExpectedClientCertType = RSA
63936115
EK		 277ExpectedResult = Success
278
279
280# ===========================================================
281
282[9-client-auth-TLSv1-noroot]
283ssl_conf = 9-client-auth-TLSv1-noroot-ssl
284
285[9-client-auth-TLSv1-noroot-ssl]
286server = 9-client-auth-TLSv1-noroot-server
287client = 9-client-auth-TLSv1-noroot-client
288
289[9-client-auth-TLSv1-noroot-server]
290Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
291CipherString = DEFAULT
78cbe94f
MC		 292MaxProtocol = TLSv1
293MinProtocol = TLSv1
63936115 294PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 295VerifyMode = Require
296
63936115
EK		 297[9-client-auth-TLSv1-noroot-client]
298Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
299CipherString = DEFAULT
78cbe94f
MC		 300MaxProtocol = TLSv1
301MinProtocol = TLSv1
63936115 302PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 303VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
304VerifyMode = Peer
305
63936115
EK		 306[test-9]
307ExpectedResult = ServerFail
9f48bbac 308ExpectedServerAlert = UnknownCA
63936115
EK		 309
310
311# ===========================================================
312
313[10-server-auth-TLSv1.1]
314ssl_conf = 10-server-auth-TLSv1.1-ssl
315
316[10-server-auth-TLSv1.1-ssl]
317server = 10-server-auth-TLSv1.1-server
318client = 10-server-auth-TLSv1.1-client
319
320[10-server-auth-TLSv1.1-server]
321Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
322CipherString = DEFAULT
78cbe94f
MC		 323MaxProtocol = TLSv1.1
324MinProtocol = TLSv1.1
63936115 325PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 326
63936115
EK		 327[10-server-auth-TLSv1.1-client]
328CipherString = DEFAULT
78cbe94f
MC		 329MaxProtocol = TLSv1.1
330MinProtocol = TLSv1.1
63936115
EK		 331VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
332VerifyMode = Peer
333
63936115
EK		 334[test-10]
335ExpectedResult = Success
336
337
338# ===========================================================
339
340[11-client-auth-TLSv1.1-request]
341ssl_conf = 11-client-auth-TLSv1.1-request-ssl
342
343[11-client-auth-TLSv1.1-request-ssl]
344server = 11-client-auth-TLSv1.1-request-server
345client = 11-client-auth-TLSv1.1-request-client
346
347[11-client-auth-TLSv1.1-request-server]
348Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
349CipherString = DEFAULT
78cbe94f
MC		 350MaxProtocol = TLSv1.1
351MinProtocol = TLSv1.1
63936115 352PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 353VerifyMode = Request
354
63936115
EK		 355[11-client-auth-TLSv1.1-request-client]
356CipherString = DEFAULT
78cbe94f
MC		 357MaxProtocol = TLSv1.1
358MinProtocol = TLSv1.1
63936115
EK		 359VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
360VerifyMode = Peer
361
63936115
EK		 362[test-11]
363ExpectedResult = Success
364
365
366# ===========================================================
367
368[12-client-auth-TLSv1.1-require-fail]
369ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
370
371[12-client-auth-TLSv1.1-require-fail-ssl]
372server = 12-client-auth-TLSv1.1-require-fail-server
373client = 12-client-auth-TLSv1.1-require-fail-client
374
375[12-client-auth-TLSv1.1-require-fail-server]
376Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
377CipherString = DEFAULT
78cbe94f
MC		 378MaxProtocol = TLSv1.1
379MinProtocol = TLSv1.1
63936115 380PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 381VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
382VerifyMode = Require
383
63936115
EK		 384[12-client-auth-TLSv1.1-require-fail-client]
385CipherString = DEFAULT
78cbe94f
MC		 386MaxProtocol = TLSv1.1
387MinProtocol = TLSv1.1
63936115
EK		 388VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
389VerifyMode = Peer
390
63936115
EK		 391[test-12]
392ExpectedResult = ServerFail
9f48bbac 393ExpectedServerAlert = HandshakeFailure
63936115
EK		 394
395
396# ===========================================================
397
398[13-client-auth-TLSv1.1-require]
399ssl_conf = 13-client-auth-TLSv1.1-require-ssl
400
401[13-client-auth-TLSv1.1-require-ssl]
402server = 13-client-auth-TLSv1.1-require-server
403client = 13-client-auth-TLSv1.1-require-client
404
405[13-client-auth-TLSv1.1-require-server]
406Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
407CipherString = DEFAULT
78cbe94f
MC		 408MaxProtocol = TLSv1.1
409MinProtocol = TLSv1.1
63936115 410PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 411VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
412VerifyMode = Request
413
63936115
EK		 414[13-client-auth-TLSv1.1-require-client]
415Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
416CipherString = DEFAULT
78cbe94f
MC		 417MaxProtocol = TLSv1.1
418MinProtocol = TLSv1.1
63936115 419PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 420VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
421VerifyMode = Peer
422
63936115 423[test-13]
a470f023 424ExpectedClientCertType = RSA
63936115
EK		 425ExpectedResult = Success
426
427
428# ===========================================================
429
430[14-client-auth-TLSv1.1-noroot]
431ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
432
433[14-client-auth-TLSv1.1-noroot-ssl]
434server = 14-client-auth-TLSv1.1-noroot-server
435client = 14-client-auth-TLSv1.1-noroot-client
436
437[14-client-auth-TLSv1.1-noroot-server]
438Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
439CipherString = DEFAULT
78cbe94f
MC		 440MaxProtocol = TLSv1.1
441MinProtocol = TLSv1.1
63936115 442PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 443VerifyMode = Require
444
63936115
EK		 445[14-client-auth-TLSv1.1-noroot-client]
446Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
447CipherString = DEFAULT
78cbe94f
MC		 448MaxProtocol = TLSv1.1
449MinProtocol = TLSv1.1
63936115 450PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 451VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
452VerifyMode = Peer
453
63936115
EK		 454[test-14]
455ExpectedResult = ServerFail
9f48bbac 456ExpectedServerAlert = UnknownCA
63936115
EK		 457
458
459# ===========================================================
460
461[15-server-auth-TLSv1.2]
462ssl_conf = 15-server-auth-TLSv1.2-ssl
463
464[15-server-auth-TLSv1.2-ssl]
465server = 15-server-auth-TLSv1.2-server
466client = 15-server-auth-TLSv1.2-client
467
468[15-server-auth-TLSv1.2-server]
469Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
470CipherString = DEFAULT
78cbe94f
MC		 471MaxProtocol = TLSv1.2
472MinProtocol = TLSv1.2
63936115 473PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 474
63936115
EK		 475[15-server-auth-TLSv1.2-client]
476CipherString = DEFAULT
78cbe94f
MC		 477MaxProtocol = TLSv1.2
478MinProtocol = TLSv1.2
63936115
EK		 479VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
480VerifyMode = Peer
481
63936115
EK		 482[test-15]
483ExpectedResult = Success
484
485
486# ===========================================================
487
488[16-client-auth-TLSv1.2-request]
489ssl_conf = 16-client-auth-TLSv1.2-request-ssl
490
491[16-client-auth-TLSv1.2-request-ssl]
492server = 16-client-auth-TLSv1.2-request-server
493client = 16-client-auth-TLSv1.2-request-client
494
495[16-client-auth-TLSv1.2-request-server]
496Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
497CipherString = DEFAULT
78cbe94f
MC		 498MaxProtocol = TLSv1.2
499MinProtocol = TLSv1.2
63936115 500PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 501VerifyMode = Request
502
63936115
EK		 503[16-client-auth-TLSv1.2-request-client]
504CipherString = DEFAULT
78cbe94f
MC		 505MaxProtocol = TLSv1.2
506MinProtocol = TLSv1.2
63936115
EK		 507VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
508VerifyMode = Peer
509
63936115
EK		 510[test-16]
511ExpectedResult = Success
512
513
514# ===========================================================
515
516[17-client-auth-TLSv1.2-require-fail]
517ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
518
519[17-client-auth-TLSv1.2-require-fail-ssl]
520server = 17-client-auth-TLSv1.2-require-fail-server
521client = 17-client-auth-TLSv1.2-require-fail-client
522
523[17-client-auth-TLSv1.2-require-fail-server]
524Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
525CipherString = DEFAULT
78cbe94f
MC		 526MaxProtocol = TLSv1.2
527MinProtocol = TLSv1.2
63936115 528PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 529VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
530VerifyMode = Require
531
63936115
EK		 532[17-client-auth-TLSv1.2-require-fail-client]
533CipherString = DEFAULT
78cbe94f
MC		 534MaxProtocol = TLSv1.2
535MinProtocol = TLSv1.2
63936115
EK		 536VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
537VerifyMode = Peer
538
63936115
EK		 539[test-17]
540ExpectedResult = ServerFail
9f48bbac 541ExpectedServerAlert = HandshakeFailure
63936115
EK		 542
543
544# ===========================================================
545
546[18-client-auth-TLSv1.2-require]
547ssl_conf = 18-client-auth-TLSv1.2-require-ssl
548
549[18-client-auth-TLSv1.2-require-ssl]
550server = 18-client-auth-TLSv1.2-require-server
551client = 18-client-auth-TLSv1.2-require-client
552
553[18-client-auth-TLSv1.2-require-server]
554Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
555CipherString = DEFAULT
062540cb 556ClientSignatureAlgorithms = SHA256+RSA
78cbe94f
MC		 557MaxProtocol = TLSv1.2
558MinProtocol = TLSv1.2
63936115 559PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 560VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
561VerifyMode = Request
562
63936115
EK		 563[18-client-auth-TLSv1.2-require-client]
564Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
565CipherString = DEFAULT
78cbe94f
MC		 566MaxProtocol = TLSv1.2
567MinProtocol = TLSv1.2
63936115 568PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 569VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
570VerifyMode = Peer
571
63936115 572[test-18]
a470f023 573ExpectedClientCertType = RSA
062540cb 574ExpectedClientSignHash = SHA256
a92e710b 575ExpectedClientSignType = RSA
63936115
EK		 576ExpectedResult = Success
577
578
579# ===========================================================
580
581[19-client-auth-TLSv1.2-noroot]
582ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
583
584[19-client-auth-TLSv1.2-noroot-ssl]
585server = 19-client-auth-TLSv1.2-noroot-server
586client = 19-client-auth-TLSv1.2-noroot-client
587
588[19-client-auth-TLSv1.2-noroot-server]
589Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
590CipherString = DEFAULT
78cbe94f
MC		 591MaxProtocol = TLSv1.2
592MinProtocol = TLSv1.2
63936115 593PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 594VerifyMode = Require
595
63936115
EK		 596[19-client-auth-TLSv1.2-noroot-client]
597Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
598CipherString = DEFAULT
78cbe94f
MC		 599MaxProtocol = TLSv1.2
600MinProtocol = TLSv1.2
63936115 601PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 602VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
603VerifyMode = Peer
604
63936115
EK		 605[test-19]
606ExpectedResult = ServerFail
9f48bbac 607ExpectedServerAlert = UnknownCA
63936115
EK		 608
609
49619ab0
EK		 610# ===========================================================
611
612[20-server-auth-DTLSv1]
613ssl_conf = 20-server-auth-DTLSv1-ssl
614
615[20-server-auth-DTLSv1-ssl]
616server = 20-server-auth-DTLSv1-server
617client = 20-server-auth-DTLSv1-client
618
619[20-server-auth-DTLSv1-server]
620Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
621CipherString = DEFAULT
622MaxProtocol = DTLSv1
623MinProtocol = DTLSv1
624PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
625
626[20-server-auth-DTLSv1-client]
627CipherString = DEFAULT
628MaxProtocol = DTLSv1
629MinProtocol = DTLSv1
630VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
631VerifyMode = Peer
632
633[test-20]
634ExpectedResult = Success
635Method = DTLS
636
637
638# ===========================================================
639
640[21-client-auth-DTLSv1-request]
641ssl_conf = 21-client-auth-DTLSv1-request-ssl
642
643[21-client-auth-DTLSv1-request-ssl]
644server = 21-client-auth-DTLSv1-request-server
645client = 21-client-auth-DTLSv1-request-client
646
647[21-client-auth-DTLSv1-request-server]
648Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
649CipherString = DEFAULT
650MaxProtocol = DTLSv1
651MinProtocol = DTLSv1
652PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
653VerifyMode = Request
654
655[21-client-auth-DTLSv1-request-client]
656CipherString = DEFAULT
657MaxProtocol = DTLSv1
658MinProtocol = DTLSv1
659VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
660VerifyMode = Peer
661
662[test-21]
663ExpectedResult = Success
664Method = DTLS
665
666
667# ===========================================================
668
669[22-client-auth-DTLSv1-require-fail]
670ssl_conf = 22-client-auth-DTLSv1-require-fail-ssl
671
672[22-client-auth-DTLSv1-require-fail-ssl]
673server = 22-client-auth-DTLSv1-require-fail-server
674client = 22-client-auth-DTLSv1-require-fail-client
675
676[22-client-auth-DTLSv1-require-fail-server]
677Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
678CipherString = DEFAULT
679MaxProtocol = DTLSv1
680MinProtocol = DTLSv1
681PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
682VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
683VerifyMode = Require
684
685[22-client-auth-DTLSv1-require-fail-client]
686CipherString = DEFAULT
687MaxProtocol = DTLSv1
688MinProtocol = DTLSv1
689VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
690VerifyMode = Peer
691
692[test-22]
693ExpectedResult = ServerFail
694ExpectedServerAlert = HandshakeFailure
695Method = DTLS
696
697
698# ===========================================================
699
700[23-client-auth-DTLSv1-require]
701ssl_conf = 23-client-auth-DTLSv1-require-ssl
702
703[23-client-auth-DTLSv1-require-ssl]
704server = 23-client-auth-DTLSv1-require-server
705client = 23-client-auth-DTLSv1-require-client
706
707[23-client-auth-DTLSv1-require-server]
708Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
709CipherString = DEFAULT
710MaxProtocol = DTLSv1
711MinProtocol = DTLSv1
712PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
713VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
714VerifyMode = Request
715
716[23-client-auth-DTLSv1-require-client]
717Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
718CipherString = DEFAULT
719MaxProtocol = DTLSv1
720MinProtocol = DTLSv1
721PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
722VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
723VerifyMode = Peer
724
725[test-23]
726ExpectedClientCertType = RSA
727ExpectedResult = Success
728Method = DTLS
729
730
731# ===========================================================
732
733[24-client-auth-DTLSv1-noroot]
734ssl_conf = 24-client-auth-DTLSv1-noroot-ssl
735
736[24-client-auth-DTLSv1-noroot-ssl]
737server = 24-client-auth-DTLSv1-noroot-server
738client = 24-client-auth-DTLSv1-noroot-client
739
740[24-client-auth-DTLSv1-noroot-server]
741Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
742CipherString = DEFAULT
743MaxProtocol = DTLSv1
744MinProtocol = DTLSv1
745PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
746VerifyMode = Require
747
748[24-client-auth-DTLSv1-noroot-client]
749Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
750CipherString = DEFAULT
751MaxProtocol = DTLSv1
752MinProtocol = DTLSv1
753PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
754VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
755VerifyMode = Peer
756
757[test-24]
758ExpectedResult = ServerFail
759ExpectedServerAlert = UnknownCA
760Method = DTLS
761
762
763# ===========================================================
764
765[25-server-auth-DTLSv1.2]
766ssl_conf = 25-server-auth-DTLSv1.2-ssl
767
768[25-server-auth-DTLSv1.2-ssl]
769server = 25-server-auth-DTLSv1.2-server
770client = 25-server-auth-DTLSv1.2-client
771
772[25-server-auth-DTLSv1.2-server]
773Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
774CipherString = DEFAULT
775MaxProtocol = DTLSv1.2
776MinProtocol = DTLSv1.2
777PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
778
779[25-server-auth-DTLSv1.2-client]
780CipherString = DEFAULT
781MaxProtocol = DTLSv1.2
782MinProtocol = DTLSv1.2
783VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
784VerifyMode = Peer
785
786[test-25]
787ExpectedResult = Success
788Method = DTLS
789
790
791# ===========================================================
792
793[26-client-auth-DTLSv1.2-request]
794ssl_conf = 26-client-auth-DTLSv1.2-request-ssl
795
796[26-client-auth-DTLSv1.2-request-ssl]
797server = 26-client-auth-DTLSv1.2-request-server
798client = 26-client-auth-DTLSv1.2-request-client
799
800[26-client-auth-DTLSv1.2-request-server]
801Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
802CipherString = DEFAULT
803MaxProtocol = DTLSv1.2
804MinProtocol = DTLSv1.2
805PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
806VerifyMode = Request
807
808[26-client-auth-DTLSv1.2-request-client]
809CipherString = DEFAULT
810MaxProtocol = DTLSv1.2
811MinProtocol = DTLSv1.2
812VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
813VerifyMode = Peer
814
815[test-26]
816ExpectedResult = Success
817Method = DTLS
818
819
820# ===========================================================
821
822[27-client-auth-DTLSv1.2-require-fail]
823ssl_conf = 27-client-auth-DTLSv1.2-require-fail-ssl
824
825[27-client-auth-DTLSv1.2-require-fail-ssl]
826server = 27-client-auth-DTLSv1.2-require-fail-server
827client = 27-client-auth-DTLSv1.2-require-fail-client
828
829[27-client-auth-DTLSv1.2-require-fail-server]
830Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
831CipherString = DEFAULT
832MaxProtocol = DTLSv1.2
833MinProtocol = DTLSv1.2
834PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
835VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
836VerifyMode = Require
837
838[27-client-auth-DTLSv1.2-require-fail-client]
839CipherString = DEFAULT
840MaxProtocol = DTLSv1.2
841MinProtocol = DTLSv1.2
842VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
843VerifyMode = Peer
844
845[test-27]
846ExpectedResult = ServerFail
847ExpectedServerAlert = HandshakeFailure
848Method = DTLS
849
850
851# ===========================================================
852
853[28-client-auth-DTLSv1.2-require]
854ssl_conf = 28-client-auth-DTLSv1.2-require-ssl
855
856[28-client-auth-DTLSv1.2-require-ssl]
857server = 28-client-auth-DTLSv1.2-require-server
858client = 28-client-auth-DTLSv1.2-require-client
859
860[28-client-auth-DTLSv1.2-require-server]
861Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
862CipherString = DEFAULT
863MaxProtocol = DTLSv1.2
864MinProtocol = DTLSv1.2
865PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
866VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
867VerifyMode = Request
868
869[28-client-auth-DTLSv1.2-require-client]
870Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
871CipherString = DEFAULT
872MaxProtocol = DTLSv1.2
873MinProtocol = DTLSv1.2
874PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
875VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
876VerifyMode = Peer
877
878[test-28]
879ExpectedClientCertType = RSA
880ExpectedResult = Success
881Method = DTLS
882
883
884# ===========================================================
885
886[29-client-auth-DTLSv1.2-noroot]
887ssl_conf = 29-client-auth-DTLSv1.2-noroot-ssl
888
889[29-client-auth-DTLSv1.2-noroot-ssl]
890server = 29-client-auth-DTLSv1.2-noroot-server
891client = 29-client-auth-DTLSv1.2-noroot-client
892
893[29-client-auth-DTLSv1.2-noroot-server]
894Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
895CipherString = DEFAULT
896MaxProtocol = DTLSv1.2
897MinProtocol = DTLSv1.2
898PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
899VerifyMode = Require
900
901[29-client-auth-DTLSv1.2-noroot-client]
902Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
903CipherString = DEFAULT
904MaxProtocol = DTLSv1.2
905MinProtocol = DTLSv1.2
906PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
907VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
908VerifyMode = Peer
909
910[test-29]
911ExpectedResult = ServerFail
912ExpectedServerAlert = UnknownCA
913Method = DTLS
914
915
A mirror of the official openssl repository