]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/ssl-tests/26-tls13_client_auth.conf.in
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add TLSv1.3 post-handshake authentication (PHA)
[thirdparty/openssl.git] / test / ssl-tests / 26-tls13_client_auth.conf.in
1 # -*- mode: perl; -*-
2 # Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## Test TLSv1.3 certificate authentication
11 ## Similar to 04-client_auth.conf.in output, but specific for
12 ## TLSv1.3 and post-handshake authentication
13
14 use strict;
15 use warnings;
16
17 package ssltests;
18 use OpenSSL::Test::Utils;
19
20 our @tests = (
21 {
22 name => "server-auth-TLSv1.3",
23 server => {
24 "MinProtocol" => "TLSv1.3",
25 "MaxProtocol" => "TLSv1.3",
26 },
27 client => {
28 "MinProtocol" => "TLSv1.3",
29 "MaxProtocol" => "TLSv1.3",
30 },
31 test => {
32 "ExpectedResult" => "Success",
33 },
34 },
35 {
36 name => "client-auth-TLSv1.3-request",
37 server => {
38 "MinProtocol" => "TLSv1.3",
39 "MaxProtocol" => "TLSv1.3",
40 "VerifyMode" => "Request",
41 },
42 client => {
43 "MinProtocol" => "TLSv1.3",
44 "MaxProtocol" => "TLSv1.3",
45 },
46 test => {
47 "ExpectedResult" => "Success",
48 },
49 },
50 {
51 name => "client-auth-TLSv1.3-require-fail",
52 server => {
53 "MinProtocol" => "TLSv1.3",
54 "MaxProtocol" => "TLSv1.3",
55 "VerifyCAFile" => test_pem("root-cert.pem"),
56 "VerifyMode" => "Require",
57 },
58 client => {
59 "MinProtocol" => "TLSv1.3",
60 "MaxProtocol" => "TLSv1.3",
61 },
62 test => {
63 "ExpectedResult" => "ServerFail",
64 "ExpectedServerAlert" => "HandshakeFailure",
65 },
66 },
67 {
68 name => "client-auth-TLSv1.3-require",
69 server => {
70 "MinProtocol" => "TLSv1.3",
71 "MaxProtocol" => "TLSv1.3",
72 "ClientSignatureAlgorithms" => "PSS+SHA256",
73 "VerifyCAFile" => test_pem("root-cert.pem"),
74 "VerifyMode" => "Request",
75 },
76 client => {
77 "MinProtocol" => "TLSv1.3",
78 "MaxProtocol" => "TLSv1.3",
79 "Certificate" => test_pem("ee-client-chain.pem"),
80 "PrivateKey" => test_pem("ee-key.pem"),
81 },
82 test => {
83 "ExpectedResult" => "Success",
84 "ExpectedClientCertType" => "RSA",
85 "ExpectedClientSignType" => "RSA-PSS",
86 "ExpectedClientSignHash" => "SHA256",
87 "ExpectedClientCANames" => "empty"
88 },
89 },
90 {
91 name => "client-auth-TLSv1.3-require-non-empty-names",
92 server => {
93 "MinProtocol" => "TLSv1.3",
94 "MaxProtocol" => "TLSv1.3",
95 "ClientSignatureAlgorithms" => "PSS+SHA256",
96 "ClientCAFile" => test_pem("root-cert.pem"),
97 "VerifyCAFile" => test_pem("root-cert.pem"),
98 "VerifyMode" => "Request",
99 },
100 client => {
101 "MinProtocol" => "TLSv1.3",
102 "MaxProtocol" => "TLSv1.3",
103 "Certificate" => test_pem("ee-client-chain.pem"),
104 "PrivateKey" => test_pem("ee-key.pem"),
105 },
106 test => {
107 "ExpectedResult" => "Success",
108 "ExpectedClientCertType" => "RSA",
109 "ExpectedClientSignType" => "RSA-PSS",
110 "ExpectedClientSignHash" => "SHA256",
111 "ExpectedClientCANames" => test_pem("root-cert.pem"),
112 },
113 },
114 {
115 name => "client-auth-TLSv1.3-noroot",
116 server => {
117 "MinProtocol" => "TLSv1.3",
118 "MaxProtocol" => "TLSv1.3",
119 "VerifyMode" => "Require",
120 },
121 client => {
122 "MinProtocol" => "TLSv1.3",
123 "MaxProtocol" => "TLSv1.3",
124 "Certificate" => test_pem("ee-client-chain.pem"),
125 "PrivateKey" => test_pem("ee-key.pem"),
126 },
127 test => {
128 "ExpectedResult" => "ServerFail",
129 "ExpectedServerAlert" => "UnknownCA",
130 },
131 },
132 {
133 name => "client-auth-TLSv1.3-request-post-handshake",
134 server => {
135 "MinProtocol" => "TLSv1.3",
136 "MaxProtocol" => "TLSv1.3",
137 "VerifyMode" => "RequestPostHandshake",
138 },
139 client => {
140 "MinProtocol" => "TLSv1.3",
141 "MaxProtocol" => "TLSv1.3",
142 },
143 test => {
144 "ExpectedResult" => "ServerFail",
145 "HandshakeMode" => "PostHandshakeAuth",
146 },
147 },
148 {
149 name => "client-auth-TLSv1.3-require-fail-post-handshake",
150 server => {
151 "MinProtocol" => "TLSv1.3",
152 "MaxProtocol" => "TLSv1.3",
153 "VerifyCAFile" => test_pem("root-cert.pem"),
154 "VerifyMode" => "RequirePostHandshake",
155 },
156 client => {
157 "MinProtocol" => "TLSv1.3",
158 "MaxProtocol" => "TLSv1.3",
159 },
160 test => {
161 "ExpectedResult" => "ServerFail",
162 "HandshakeMode" => "PostHandshakeAuth",
163 },
164 },
165 {
166 name => "client-auth-TLSv1.3-require-post-handshake",
167 server => {
168 "MinProtocol" => "TLSv1.3",
169 "MaxProtocol" => "TLSv1.3",
170 "ClientSignatureAlgorithms" => "PSS+SHA256",
171 "VerifyCAFile" => test_pem("root-cert.pem"),
172 "VerifyMode" => "RequestPostHandshake",
173 },
174 client => {
175 "MinProtocol" => "TLSv1.3",
176 "MaxProtocol" => "TLSv1.3",
177 "Certificate" => test_pem("ee-client-chain.pem"),
178 "PrivateKey" => test_pem("ee-key.pem"),
179 },
180 test => {
181 "ExpectedResult" => "Success",
182 "HandshakeMode" => "PostHandshakeAuth",
183 "ExpectedClientCertType" => "RSA",
184 "ExpectedClientSignType" => "RSA-PSS",
185 "ExpectedClientSignHash" => "SHA256",
186 "ExpectedClientCANames" => "empty"
187 },
188 },
189 {
190 name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
191 server => {
192 "MinProtocol" => "TLSv1.3",
193 "MaxProtocol" => "TLSv1.3",
194 "ClientSignatureAlgorithms" => "PSS+SHA256",
195 "ClientCAFile" => test_pem("root-cert.pem"),
196 "VerifyCAFile" => test_pem("root-cert.pem"),
197 "VerifyMode" => "RequestPostHandshake",
198 },
199 client => {
200 "MinProtocol" => "TLSv1.3",
201 "MaxProtocol" => "TLSv1.3",
202 "Certificate" => test_pem("ee-client-chain.pem"),
203 "PrivateKey" => test_pem("ee-key.pem"),
204 },
205 test => {
206 "ExpectedResult" => "Success",
207 "HandshakeMode" => "PostHandshakeAuth",
208 "ExpectedClientCertType" => "RSA",
209 "ExpectedClientSignType" => "RSA-PSS",
210 "ExpectedClientSignHash" => "SHA256",
211 "ExpectedClientCANames" => test_pem("root-cert.pem"),
212 },
213 },
214 {
215 name => "client-auth-TLSv1.3-noroot-post-handshake",
216 server => {
217 "MinProtocol" => "TLSv1.3",
218 "MaxProtocol" => "TLSv1.3",
219 "VerifyMode" => "RequirePostHandshake",
220 },
221 client => {
222 "MinProtocol" => "TLSv1.3",
223 "MaxProtocol" => "TLSv1.3",
224 "Certificate" => test_pem("ee-client-chain.pem"),
225 "PrivateKey" => test_pem("ee-key.pem"),
226 },
227 test => {
228 "ExpectedResult" => "ServerFail",
229 "HandshakeMode" => "PostHandshakeAuth",
230 "ExpectedServerAlert" => "UnknownCA",
231 },
232 },
233 {
234 name => "client-auth-TLSv1.3-request-force-client-post-handshake",
235 server => {
236 "MinProtocol" => "TLSv1.3",
237 "MaxProtocol" => "TLSv1.3",
238 "VerifyMode" => "RequestPostHandshake",
239 },
240 client => {
241 "MinProtocol" => "TLSv1.3",
242 "MaxProtocol" => "TLSv1.3",
243 extra => {
244 "ForcePHA" => "Yes",
245 },
246 },
247 test => {
248 "ExpectedResult" => "Success",
249 "HandshakeMode" => "PostHandshakeAuth",
250 },
251 },
252 {
253 name => "client-auth-TLSv1.3-request-force-server-post-handshake",
254 server => {
255 "MinProtocol" => "TLSv1.3",
256 "MaxProtocol" => "TLSv1.3",
257 "VerifyMode" => "RequestPostHandshake",
258 extra => {
259 "ForcePHA" => "Yes",
260 },
261 },
262 client => {
263 "MinProtocol" => "TLSv1.3",
264 "MaxProtocol" => "TLSv1.3",
265 },
266 test => {
267 "ExpectedResult" => "ClientFail",
268 "HandshakeMode" => "PostHandshakeAuth",
269 },
270 },
271 {
272 name => "client-auth-TLSv1.3-request-force-both-post-handshake",
273 server => {
274 "MinProtocol" => "TLSv1.3",
275 "MaxProtocol" => "TLSv1.3",
276 "VerifyMode" => "RequestPostHandshake",
277 extra => {
278 "ForcePHA" => "Yes",
279 },
280 },
281 client => {
282 "MinProtocol" => "TLSv1.3",
283 "MaxProtocol" => "TLSv1.3",
284 extra => {
285 "ForcePHA" => "Yes",
286 },
287 },
288 test => {
289 "ExpectedResult" => "Success",
290 "HandshakeMode" => "PostHandshakeAuth",
291 },
292 },
293 );
A mirror of the official openssl repository