]>
Commit | Line | Data |
---|---|---|
63936115 EK |
1 | # Generated with generate_ssl_tests.pl |
2 | ||
2c1b0f1e | 3 | num_tests = 36 |
63936115 EK |
4 | |
5 | test-0 = 0-server-auth-flex | |
6 | test-1 = 1-client-auth-flex-request | |
7 | test-2 = 2-client-auth-flex-require-fail | |
8 | test-3 = 3-client-auth-flex-require | |
2c1b0f1e DSH |
9 | test-4 = 4-client-auth-flex-require-non-empty-names |
10 | test-5 = 5-client-auth-flex-noroot | |
11 | test-6 = 6-server-auth-TLSv1 | |
12 | test-7 = 7-client-auth-TLSv1-request | |
13 | test-8 = 8-client-auth-TLSv1-require-fail | |
14 | test-9 = 9-client-auth-TLSv1-require | |
15 | test-10 = 10-client-auth-TLSv1-require-non-empty-names | |
16 | test-11 = 11-client-auth-TLSv1-noroot | |
17 | test-12 = 12-server-auth-TLSv1.1 | |
18 | test-13 = 13-client-auth-TLSv1.1-request | |
19 | test-14 = 14-client-auth-TLSv1.1-require-fail | |
20 | test-15 = 15-client-auth-TLSv1.1-require | |
21 | test-16 = 16-client-auth-TLSv1.1-require-non-empty-names | |
22 | test-17 = 17-client-auth-TLSv1.1-noroot | |
23 | test-18 = 18-server-auth-TLSv1.2 | |
24 | test-19 = 19-client-auth-TLSv1.2-request | |
25 | test-20 = 20-client-auth-TLSv1.2-require-fail | |
26 | test-21 = 21-client-auth-TLSv1.2-require | |
27 | test-22 = 22-client-auth-TLSv1.2-require-non-empty-names | |
28 | test-23 = 23-client-auth-TLSv1.2-noroot | |
29 | test-24 = 24-server-auth-DTLSv1 | |
30 | test-25 = 25-client-auth-DTLSv1-request | |
31 | test-26 = 26-client-auth-DTLSv1-require-fail | |
32 | test-27 = 27-client-auth-DTLSv1-require | |
33 | test-28 = 28-client-auth-DTLSv1-require-non-empty-names | |
34 | test-29 = 29-client-auth-DTLSv1-noroot | |
35 | test-30 = 30-server-auth-DTLSv1.2 | |
36 | test-31 = 31-client-auth-DTLSv1.2-request | |
37 | test-32 = 32-client-auth-DTLSv1.2-require-fail | |
38 | test-33 = 33-client-auth-DTLSv1.2-require | |
39 | test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names | |
40 | test-35 = 35-client-auth-DTLSv1.2-noroot | |
63936115 EK |
41 | # =========================================================== |
42 | ||
43 | [0-server-auth-flex] | |
44 | ssl_conf = 0-server-auth-flex-ssl | |
45 | ||
46 | [0-server-auth-flex-ssl] | |
47 | server = 0-server-auth-flex-server | |
48 | client = 0-server-auth-flex-client | |
49 | ||
50 | [0-server-auth-flex-server] | |
51 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
52 | CipherString = DEFAULT | |
53 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
54 | ||
63936115 EK |
55 | [0-server-auth-flex-client] |
56 | CipherString = DEFAULT | |
57 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
58 | VerifyMode = Peer | |
59 | ||
63936115 EK |
60 | [test-0] |
61 | ExpectedResult = Success | |
62 | ||
63 | ||
64 | # =========================================================== | |
65 | ||
66 | [1-client-auth-flex-request] | |
67 | ssl_conf = 1-client-auth-flex-request-ssl | |
68 | ||
69 | [1-client-auth-flex-request-ssl] | |
70 | server = 1-client-auth-flex-request-server | |
71 | client = 1-client-auth-flex-request-client | |
72 | ||
73 | [1-client-auth-flex-request-server] | |
74 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
75 | CipherString = DEFAULT | |
76 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
77 | VerifyMode = Request | |
78 | ||
63936115 EK |
79 | [1-client-auth-flex-request-client] |
80 | CipherString = DEFAULT | |
81 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
82 | VerifyMode = Peer | |
83 | ||
63936115 EK |
84 | [test-1] |
85 | ExpectedResult = Success | |
86 | ||
87 | ||
88 | # =========================================================== | |
89 | ||
90 | [2-client-auth-flex-require-fail] | |
91 | ssl_conf = 2-client-auth-flex-require-fail-ssl | |
92 | ||
93 | [2-client-auth-flex-require-fail-ssl] | |
94 | server = 2-client-auth-flex-require-fail-server | |
95 | client = 2-client-auth-flex-require-fail-client | |
96 | ||
97 | [2-client-auth-flex-require-fail-server] | |
98 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
99 | CipherString = DEFAULT | |
100 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
101 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
102 | VerifyMode = Require | |
103 | ||
63936115 EK |
104 | [2-client-auth-flex-require-fail-client] |
105 | CipherString = DEFAULT | |
106 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
107 | VerifyMode = Peer | |
108 | ||
63936115 EK |
109 | [test-2] |
110 | ExpectedResult = ServerFail | |
43a0f273 | 111 | ExpectedServerAlert = CertificateRequired |
63936115 EK |
112 | |
113 | ||
114 | # =========================================================== | |
115 | ||
116 | [3-client-auth-flex-require] | |
117 | ssl_conf = 3-client-auth-flex-require-ssl | |
118 | ||
119 | [3-client-auth-flex-require-ssl] | |
120 | server = 3-client-auth-flex-require-server | |
121 | client = 3-client-auth-flex-require-client | |
122 | ||
123 | [3-client-auth-flex-require-server] | |
124 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
125 | CipherString = DEFAULT | |
126 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
127 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
128 | VerifyMode = Request | |
129 | ||
63936115 EK |
130 | [3-client-auth-flex-require-client] |
131 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
132 | CipherString = DEFAULT | |
133 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
134 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
135 | VerifyMode = Peer | |
136 | ||
63936115 | 137 | [test-3] |
2c1b0f1e | 138 | ExpectedClientCANames = empty |
a470f023 | 139 | ExpectedClientCertType = RSA |
63936115 EK |
140 | ExpectedResult = Success |
141 | ||
142 | ||
143 | # =========================================================== | |
144 | ||
2c1b0f1e DSH |
145 | [4-client-auth-flex-require-non-empty-names] |
146 | ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl | |
63936115 | 147 | |
2c1b0f1e DSH |
148 | [4-client-auth-flex-require-non-empty-names-ssl] |
149 | server = 4-client-auth-flex-require-non-empty-names-server | |
150 | client = 4-client-auth-flex-require-non-empty-names-client | |
63936115 | 151 | |
2c1b0f1e | 152 | [4-client-auth-flex-require-non-empty-names-server] |
63936115 EK |
153 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
154 | CipherString = DEFAULT | |
2c1b0f1e | 155 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
63936115 | 156 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
2c1b0f1e DSH |
157 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
158 | VerifyMode = Request | |
63936115 | 159 | |
2c1b0f1e | 160 | [4-client-auth-flex-require-non-empty-names-client] |
63936115 EK |
161 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
162 | CipherString = DEFAULT | |
163 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
164 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
165 | VerifyMode = Peer | |
166 | ||
63936115 | 167 | [test-4] |
2c1b0f1e DSH |
168 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
169 | ExpectedClientCertType = RSA | |
170 | ExpectedResult = Success | |
171 | ||
172 | ||
173 | # =========================================================== | |
174 | ||
175 | [5-client-auth-flex-noroot] | |
176 | ssl_conf = 5-client-auth-flex-noroot-ssl | |
177 | ||
178 | [5-client-auth-flex-noroot-ssl] | |
179 | server = 5-client-auth-flex-noroot-server | |
180 | client = 5-client-auth-flex-noroot-client | |
181 | ||
182 | [5-client-auth-flex-noroot-server] | |
183 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
184 | CipherString = DEFAULT | |
185 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
186 | VerifyMode = Require | |
187 | ||
188 | [5-client-auth-flex-noroot-client] | |
189 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
190 | CipherString = DEFAULT | |
191 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
192 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
193 | VerifyMode = Peer | |
194 | ||
195 | [test-5] | |
63936115 | 196 | ExpectedResult = ServerFail |
9f48bbac | 197 | ExpectedServerAlert = UnknownCA |
63936115 EK |
198 | |
199 | ||
200 | # =========================================================== | |
201 | ||
2c1b0f1e DSH |
202 | [6-server-auth-TLSv1] |
203 | ssl_conf = 6-server-auth-TLSv1-ssl | |
63936115 | 204 | |
2c1b0f1e DSH |
205 | [6-server-auth-TLSv1-ssl] |
206 | server = 6-server-auth-TLSv1-server | |
207 | client = 6-server-auth-TLSv1-client | |
63936115 | 208 | |
2c1b0f1e | 209 | [6-server-auth-TLSv1-server] |
63936115 EK |
210 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
211 | CipherString = DEFAULT | |
78cbe94f MC |
212 | MaxProtocol = TLSv1 |
213 | MinProtocol = TLSv1 | |
63936115 | 214 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 | 215 | |
2c1b0f1e | 216 | [6-server-auth-TLSv1-client] |
63936115 | 217 | CipherString = DEFAULT |
78cbe94f MC |
218 | MaxProtocol = TLSv1 |
219 | MinProtocol = TLSv1 | |
63936115 EK |
220 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
221 | VerifyMode = Peer | |
222 | ||
2c1b0f1e | 223 | [test-6] |
63936115 EK |
224 | ExpectedResult = Success |
225 | ||
226 | ||
227 | # =========================================================== | |
228 | ||
2c1b0f1e DSH |
229 | [7-client-auth-TLSv1-request] |
230 | ssl_conf = 7-client-auth-TLSv1-request-ssl | |
63936115 | 231 | |
2c1b0f1e DSH |
232 | [7-client-auth-TLSv1-request-ssl] |
233 | server = 7-client-auth-TLSv1-request-server | |
234 | client = 7-client-auth-TLSv1-request-client | |
63936115 | 235 | |
2c1b0f1e | 236 | [7-client-auth-TLSv1-request-server] |
63936115 EK |
237 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
238 | CipherString = DEFAULT | |
78cbe94f MC |
239 | MaxProtocol = TLSv1 |
240 | MinProtocol = TLSv1 | |
63936115 | 241 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
242 | VerifyMode = Request |
243 | ||
2c1b0f1e | 244 | [7-client-auth-TLSv1-request-client] |
63936115 | 245 | CipherString = DEFAULT |
78cbe94f MC |
246 | MaxProtocol = TLSv1 |
247 | MinProtocol = TLSv1 | |
63936115 EK |
248 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
249 | VerifyMode = Peer | |
250 | ||
2c1b0f1e | 251 | [test-7] |
63936115 EK |
252 | ExpectedResult = Success |
253 | ||
254 | ||
255 | # =========================================================== | |
256 | ||
2c1b0f1e DSH |
257 | [8-client-auth-TLSv1-require-fail] |
258 | ssl_conf = 8-client-auth-TLSv1-require-fail-ssl | |
63936115 | 259 | |
2c1b0f1e DSH |
260 | [8-client-auth-TLSv1-require-fail-ssl] |
261 | server = 8-client-auth-TLSv1-require-fail-server | |
262 | client = 8-client-auth-TLSv1-require-fail-client | |
63936115 | 263 | |
2c1b0f1e | 264 | [8-client-auth-TLSv1-require-fail-server] |
63936115 EK |
265 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
266 | CipherString = DEFAULT | |
78cbe94f MC |
267 | MaxProtocol = TLSv1 |
268 | MinProtocol = TLSv1 | |
63936115 | 269 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
270 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
271 | VerifyMode = Require | |
272 | ||
2c1b0f1e | 273 | [8-client-auth-TLSv1-require-fail-client] |
63936115 | 274 | CipherString = DEFAULT |
78cbe94f MC |
275 | MaxProtocol = TLSv1 |
276 | MinProtocol = TLSv1 | |
63936115 EK |
277 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
278 | VerifyMode = Peer | |
279 | ||
2c1b0f1e | 280 | [test-8] |
63936115 | 281 | ExpectedResult = ServerFail |
9f48bbac | 282 | ExpectedServerAlert = HandshakeFailure |
63936115 EK |
283 | |
284 | ||
285 | # =========================================================== | |
286 | ||
2c1b0f1e DSH |
287 | [9-client-auth-TLSv1-require] |
288 | ssl_conf = 9-client-auth-TLSv1-require-ssl | |
63936115 | 289 | |
2c1b0f1e DSH |
290 | [9-client-auth-TLSv1-require-ssl] |
291 | server = 9-client-auth-TLSv1-require-server | |
292 | client = 9-client-auth-TLSv1-require-client | |
63936115 | 293 | |
2c1b0f1e | 294 | [9-client-auth-TLSv1-require-server] |
63936115 EK |
295 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
296 | CipherString = DEFAULT | |
78cbe94f MC |
297 | MaxProtocol = TLSv1 |
298 | MinProtocol = TLSv1 | |
63936115 | 299 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
300 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
301 | VerifyMode = Request | |
302 | ||
2c1b0f1e | 303 | [9-client-auth-TLSv1-require-client] |
63936115 EK |
304 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
305 | CipherString = DEFAULT | |
78cbe94f MC |
306 | MaxProtocol = TLSv1 |
307 | MinProtocol = TLSv1 | |
63936115 | 308 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
309 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
310 | VerifyMode = Peer | |
311 | ||
2c1b0f1e DSH |
312 | [test-9] |
313 | ExpectedClientCANames = empty | |
a470f023 | 314 | ExpectedClientCertType = RSA |
63936115 EK |
315 | ExpectedResult = Success |
316 | ||
317 | ||
318 | # =========================================================== | |
319 | ||
2c1b0f1e DSH |
320 | [10-client-auth-TLSv1-require-non-empty-names] |
321 | ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl | |
63936115 | 322 | |
2c1b0f1e DSH |
323 | [10-client-auth-TLSv1-require-non-empty-names-ssl] |
324 | server = 10-client-auth-TLSv1-require-non-empty-names-server | |
325 | client = 10-client-auth-TLSv1-require-non-empty-names-client | |
63936115 | 326 | |
2c1b0f1e DSH |
327 | [10-client-auth-TLSv1-require-non-empty-names-server] |
328 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
329 | CipherString = DEFAULT | |
330 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
331 | MaxProtocol = TLSv1 | |
332 | MinProtocol = TLSv1 | |
333 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
334 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
335 | VerifyMode = Request | |
336 | ||
337 | [10-client-auth-TLSv1-require-non-empty-names-client] | |
338 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
339 | CipherString = DEFAULT | |
340 | MaxProtocol = TLSv1 | |
341 | MinProtocol = TLSv1 | |
342 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
343 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
344 | VerifyMode = Peer | |
345 | ||
346 | [test-10] | |
347 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
348 | ExpectedClientCertType = RSA | |
349 | ExpectedResult = Success | |
350 | ||
351 | ||
352 | # =========================================================== | |
353 | ||
354 | [11-client-auth-TLSv1-noroot] | |
355 | ssl_conf = 11-client-auth-TLSv1-noroot-ssl | |
356 | ||
357 | [11-client-auth-TLSv1-noroot-ssl] | |
358 | server = 11-client-auth-TLSv1-noroot-server | |
359 | client = 11-client-auth-TLSv1-noroot-client | |
360 | ||
361 | [11-client-auth-TLSv1-noroot-server] | |
63936115 EK |
362 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
363 | CipherString = DEFAULT | |
78cbe94f MC |
364 | MaxProtocol = TLSv1 |
365 | MinProtocol = TLSv1 | |
63936115 | 366 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
367 | VerifyMode = Require |
368 | ||
2c1b0f1e | 369 | [11-client-auth-TLSv1-noroot-client] |
63936115 EK |
370 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
371 | CipherString = DEFAULT | |
78cbe94f MC |
372 | MaxProtocol = TLSv1 |
373 | MinProtocol = TLSv1 | |
63936115 | 374 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
375 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
376 | VerifyMode = Peer | |
377 | ||
2c1b0f1e | 378 | [test-11] |
63936115 | 379 | ExpectedResult = ServerFail |
9f48bbac | 380 | ExpectedServerAlert = UnknownCA |
63936115 EK |
381 | |
382 | ||
383 | # =========================================================== | |
384 | ||
2c1b0f1e DSH |
385 | [12-server-auth-TLSv1.1] |
386 | ssl_conf = 12-server-auth-TLSv1.1-ssl | |
63936115 | 387 | |
2c1b0f1e DSH |
388 | [12-server-auth-TLSv1.1-ssl] |
389 | server = 12-server-auth-TLSv1.1-server | |
390 | client = 12-server-auth-TLSv1.1-client | |
63936115 | 391 | |
2c1b0f1e | 392 | [12-server-auth-TLSv1.1-server] |
63936115 EK |
393 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
394 | CipherString = DEFAULT | |
78cbe94f MC |
395 | MaxProtocol = TLSv1.1 |
396 | MinProtocol = TLSv1.1 | |
63936115 | 397 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 | 398 | |
2c1b0f1e | 399 | [12-server-auth-TLSv1.1-client] |
63936115 | 400 | CipherString = DEFAULT |
78cbe94f MC |
401 | MaxProtocol = TLSv1.1 |
402 | MinProtocol = TLSv1.1 | |
63936115 EK |
403 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
404 | VerifyMode = Peer | |
405 | ||
2c1b0f1e | 406 | [test-12] |
63936115 EK |
407 | ExpectedResult = Success |
408 | ||
409 | ||
410 | # =========================================================== | |
411 | ||
2c1b0f1e DSH |
412 | [13-client-auth-TLSv1.1-request] |
413 | ssl_conf = 13-client-auth-TLSv1.1-request-ssl | |
63936115 | 414 | |
2c1b0f1e DSH |
415 | [13-client-auth-TLSv1.1-request-ssl] |
416 | server = 13-client-auth-TLSv1.1-request-server | |
417 | client = 13-client-auth-TLSv1.1-request-client | |
63936115 | 418 | |
2c1b0f1e | 419 | [13-client-auth-TLSv1.1-request-server] |
63936115 EK |
420 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
421 | CipherString = DEFAULT | |
78cbe94f MC |
422 | MaxProtocol = TLSv1.1 |
423 | MinProtocol = TLSv1.1 | |
63936115 | 424 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
425 | VerifyMode = Request |
426 | ||
2c1b0f1e | 427 | [13-client-auth-TLSv1.1-request-client] |
63936115 | 428 | CipherString = DEFAULT |
78cbe94f MC |
429 | MaxProtocol = TLSv1.1 |
430 | MinProtocol = TLSv1.1 | |
63936115 EK |
431 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
432 | VerifyMode = Peer | |
433 | ||
2c1b0f1e | 434 | [test-13] |
63936115 EK |
435 | ExpectedResult = Success |
436 | ||
437 | ||
438 | # =========================================================== | |
439 | ||
2c1b0f1e DSH |
440 | [14-client-auth-TLSv1.1-require-fail] |
441 | ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl | |
63936115 | 442 | |
2c1b0f1e DSH |
443 | [14-client-auth-TLSv1.1-require-fail-ssl] |
444 | server = 14-client-auth-TLSv1.1-require-fail-server | |
445 | client = 14-client-auth-TLSv1.1-require-fail-client | |
63936115 | 446 | |
2c1b0f1e | 447 | [14-client-auth-TLSv1.1-require-fail-server] |
63936115 EK |
448 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
449 | CipherString = DEFAULT | |
78cbe94f MC |
450 | MaxProtocol = TLSv1.1 |
451 | MinProtocol = TLSv1.1 | |
63936115 | 452 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
453 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
454 | VerifyMode = Require | |
455 | ||
2c1b0f1e | 456 | [14-client-auth-TLSv1.1-require-fail-client] |
63936115 | 457 | CipherString = DEFAULT |
78cbe94f MC |
458 | MaxProtocol = TLSv1.1 |
459 | MinProtocol = TLSv1.1 | |
63936115 EK |
460 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
461 | VerifyMode = Peer | |
462 | ||
2c1b0f1e | 463 | [test-14] |
63936115 | 464 | ExpectedResult = ServerFail |
9f48bbac | 465 | ExpectedServerAlert = HandshakeFailure |
63936115 EK |
466 | |
467 | ||
468 | # =========================================================== | |
469 | ||
2c1b0f1e DSH |
470 | [15-client-auth-TLSv1.1-require] |
471 | ssl_conf = 15-client-auth-TLSv1.1-require-ssl | |
63936115 | 472 | |
2c1b0f1e DSH |
473 | [15-client-auth-TLSv1.1-require-ssl] |
474 | server = 15-client-auth-TLSv1.1-require-server | |
475 | client = 15-client-auth-TLSv1.1-require-client | |
63936115 | 476 | |
2c1b0f1e | 477 | [15-client-auth-TLSv1.1-require-server] |
63936115 EK |
478 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
479 | CipherString = DEFAULT | |
78cbe94f MC |
480 | MaxProtocol = TLSv1.1 |
481 | MinProtocol = TLSv1.1 | |
63936115 | 482 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
483 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
484 | VerifyMode = Request | |
485 | ||
2c1b0f1e | 486 | [15-client-auth-TLSv1.1-require-client] |
63936115 EK |
487 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
488 | CipherString = DEFAULT | |
78cbe94f MC |
489 | MaxProtocol = TLSv1.1 |
490 | MinProtocol = TLSv1.1 | |
63936115 | 491 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
492 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
493 | VerifyMode = Peer | |
494 | ||
2c1b0f1e DSH |
495 | [test-15] |
496 | ExpectedClientCANames = empty | |
a470f023 | 497 | ExpectedClientCertType = RSA |
63936115 EK |
498 | ExpectedResult = Success |
499 | ||
500 | ||
501 | # =========================================================== | |
502 | ||
2c1b0f1e DSH |
503 | [16-client-auth-TLSv1.1-require-non-empty-names] |
504 | ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl | |
63936115 | 505 | |
2c1b0f1e DSH |
506 | [16-client-auth-TLSv1.1-require-non-empty-names-ssl] |
507 | server = 16-client-auth-TLSv1.1-require-non-empty-names-server | |
508 | client = 16-client-auth-TLSv1.1-require-non-empty-names-client | |
63936115 | 509 | |
2c1b0f1e DSH |
510 | [16-client-auth-TLSv1.1-require-non-empty-names-server] |
511 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
512 | CipherString = DEFAULT | |
513 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
514 | MaxProtocol = TLSv1.1 | |
515 | MinProtocol = TLSv1.1 | |
516 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
517 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
518 | VerifyMode = Request | |
519 | ||
520 | [16-client-auth-TLSv1.1-require-non-empty-names-client] | |
521 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
522 | CipherString = DEFAULT | |
523 | MaxProtocol = TLSv1.1 | |
524 | MinProtocol = TLSv1.1 | |
525 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
526 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
527 | VerifyMode = Peer | |
528 | ||
529 | [test-16] | |
530 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
531 | ExpectedClientCertType = RSA | |
532 | ExpectedResult = Success | |
533 | ||
534 | ||
535 | # =========================================================== | |
536 | ||
537 | [17-client-auth-TLSv1.1-noroot] | |
538 | ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl | |
539 | ||
540 | [17-client-auth-TLSv1.1-noroot-ssl] | |
541 | server = 17-client-auth-TLSv1.1-noroot-server | |
542 | client = 17-client-auth-TLSv1.1-noroot-client | |
543 | ||
544 | [17-client-auth-TLSv1.1-noroot-server] | |
63936115 EK |
545 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
546 | CipherString = DEFAULT | |
78cbe94f MC |
547 | MaxProtocol = TLSv1.1 |
548 | MinProtocol = TLSv1.1 | |
63936115 | 549 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
550 | VerifyMode = Require |
551 | ||
2c1b0f1e | 552 | [17-client-auth-TLSv1.1-noroot-client] |
63936115 EK |
553 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
554 | CipherString = DEFAULT | |
78cbe94f MC |
555 | MaxProtocol = TLSv1.1 |
556 | MinProtocol = TLSv1.1 | |
63936115 | 557 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
558 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
559 | VerifyMode = Peer | |
560 | ||
2c1b0f1e | 561 | [test-17] |
63936115 | 562 | ExpectedResult = ServerFail |
9f48bbac | 563 | ExpectedServerAlert = UnknownCA |
63936115 EK |
564 | |
565 | ||
566 | # =========================================================== | |
567 | ||
2c1b0f1e DSH |
568 | [18-server-auth-TLSv1.2] |
569 | ssl_conf = 18-server-auth-TLSv1.2-ssl | |
63936115 | 570 | |
2c1b0f1e DSH |
571 | [18-server-auth-TLSv1.2-ssl] |
572 | server = 18-server-auth-TLSv1.2-server | |
573 | client = 18-server-auth-TLSv1.2-client | |
63936115 | 574 | |
2c1b0f1e | 575 | [18-server-auth-TLSv1.2-server] |
63936115 EK |
576 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
577 | CipherString = DEFAULT | |
78cbe94f MC |
578 | MaxProtocol = TLSv1.2 |
579 | MinProtocol = TLSv1.2 | |
63936115 | 580 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 | 581 | |
2c1b0f1e | 582 | [18-server-auth-TLSv1.2-client] |
63936115 | 583 | CipherString = DEFAULT |
78cbe94f MC |
584 | MaxProtocol = TLSv1.2 |
585 | MinProtocol = TLSv1.2 | |
63936115 EK |
586 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
587 | VerifyMode = Peer | |
588 | ||
2c1b0f1e | 589 | [test-18] |
63936115 EK |
590 | ExpectedResult = Success |
591 | ||
592 | ||
593 | # =========================================================== | |
594 | ||
2c1b0f1e DSH |
595 | [19-client-auth-TLSv1.2-request] |
596 | ssl_conf = 19-client-auth-TLSv1.2-request-ssl | |
63936115 | 597 | |
2c1b0f1e DSH |
598 | [19-client-auth-TLSv1.2-request-ssl] |
599 | server = 19-client-auth-TLSv1.2-request-server | |
600 | client = 19-client-auth-TLSv1.2-request-client | |
63936115 | 601 | |
2c1b0f1e | 602 | [19-client-auth-TLSv1.2-request-server] |
63936115 EK |
603 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
604 | CipherString = DEFAULT | |
78cbe94f MC |
605 | MaxProtocol = TLSv1.2 |
606 | MinProtocol = TLSv1.2 | |
63936115 | 607 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
608 | VerifyMode = Request |
609 | ||
2c1b0f1e | 610 | [19-client-auth-TLSv1.2-request-client] |
63936115 | 611 | CipherString = DEFAULT |
78cbe94f MC |
612 | MaxProtocol = TLSv1.2 |
613 | MinProtocol = TLSv1.2 | |
63936115 EK |
614 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
615 | VerifyMode = Peer | |
616 | ||
2c1b0f1e | 617 | [test-19] |
63936115 EK |
618 | ExpectedResult = Success |
619 | ||
620 | ||
621 | # =========================================================== | |
622 | ||
2c1b0f1e DSH |
623 | [20-client-auth-TLSv1.2-require-fail] |
624 | ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl | |
63936115 | 625 | |
2c1b0f1e DSH |
626 | [20-client-auth-TLSv1.2-require-fail-ssl] |
627 | server = 20-client-auth-TLSv1.2-require-fail-server | |
628 | client = 20-client-auth-TLSv1.2-require-fail-client | |
63936115 | 629 | |
2c1b0f1e | 630 | [20-client-auth-TLSv1.2-require-fail-server] |
63936115 EK |
631 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
632 | CipherString = DEFAULT | |
78cbe94f MC |
633 | MaxProtocol = TLSv1.2 |
634 | MinProtocol = TLSv1.2 | |
63936115 | 635 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
636 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
637 | VerifyMode = Require | |
638 | ||
2c1b0f1e | 639 | [20-client-auth-TLSv1.2-require-fail-client] |
63936115 | 640 | CipherString = DEFAULT |
78cbe94f MC |
641 | MaxProtocol = TLSv1.2 |
642 | MinProtocol = TLSv1.2 | |
63936115 EK |
643 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
644 | VerifyMode = Peer | |
645 | ||
2c1b0f1e | 646 | [test-20] |
63936115 | 647 | ExpectedResult = ServerFail |
9f48bbac | 648 | ExpectedServerAlert = HandshakeFailure |
63936115 EK |
649 | |
650 | ||
651 | # =========================================================== | |
652 | ||
2c1b0f1e DSH |
653 | [21-client-auth-TLSv1.2-require] |
654 | ssl_conf = 21-client-auth-TLSv1.2-require-ssl | |
63936115 | 655 | |
2c1b0f1e DSH |
656 | [21-client-auth-TLSv1.2-require-ssl] |
657 | server = 21-client-auth-TLSv1.2-require-server | |
658 | client = 21-client-auth-TLSv1.2-require-client | |
63936115 | 659 | |
2c1b0f1e | 660 | [21-client-auth-TLSv1.2-require-server] |
63936115 EK |
661 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
662 | CipherString = DEFAULT | |
062540cb | 663 | ClientSignatureAlgorithms = SHA256+RSA |
78cbe94f MC |
664 | MaxProtocol = TLSv1.2 |
665 | MinProtocol = TLSv1.2 | |
63936115 | 666 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
667 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
668 | VerifyMode = Request | |
669 | ||
2c1b0f1e | 670 | [21-client-auth-TLSv1.2-require-client] |
63936115 EK |
671 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
672 | CipherString = DEFAULT | |
78cbe94f MC |
673 | MaxProtocol = TLSv1.2 |
674 | MinProtocol = TLSv1.2 | |
63936115 | 675 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
676 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
677 | VerifyMode = Peer | |
678 | ||
2c1b0f1e DSH |
679 | [test-21] |
680 | ExpectedClientCANames = empty | |
a470f023 | 681 | ExpectedClientCertType = RSA |
062540cb | 682 | ExpectedClientSignHash = SHA256 |
a92e710b | 683 | ExpectedClientSignType = RSA |
63936115 EK |
684 | ExpectedResult = Success |
685 | ||
686 | ||
687 | # =========================================================== | |
688 | ||
2c1b0f1e DSH |
689 | [22-client-auth-TLSv1.2-require-non-empty-names] |
690 | ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl | |
63936115 | 691 | |
2c1b0f1e DSH |
692 | [22-client-auth-TLSv1.2-require-non-empty-names-ssl] |
693 | server = 22-client-auth-TLSv1.2-require-non-empty-names-server | |
694 | client = 22-client-auth-TLSv1.2-require-non-empty-names-client | |
63936115 | 695 | |
2c1b0f1e DSH |
696 | [22-client-auth-TLSv1.2-require-non-empty-names-server] |
697 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
698 | CipherString = DEFAULT | |
699 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
700 | ClientSignatureAlgorithms = SHA256+RSA | |
701 | MaxProtocol = TLSv1.2 | |
702 | MinProtocol = TLSv1.2 | |
703 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
704 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
705 | VerifyMode = Request | |
706 | ||
707 | [22-client-auth-TLSv1.2-require-non-empty-names-client] | |
708 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
709 | CipherString = DEFAULT | |
710 | MaxProtocol = TLSv1.2 | |
711 | MinProtocol = TLSv1.2 | |
712 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
713 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
714 | VerifyMode = Peer | |
715 | ||
716 | [test-22] | |
717 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
718 | ExpectedClientCertType = RSA | |
719 | ExpectedClientSignHash = SHA256 | |
720 | ExpectedClientSignType = RSA | |
721 | ExpectedResult = Success | |
722 | ||
723 | ||
724 | # =========================================================== | |
725 | ||
726 | [23-client-auth-TLSv1.2-noroot] | |
727 | ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl | |
728 | ||
729 | [23-client-auth-TLSv1.2-noroot-ssl] | |
730 | server = 23-client-auth-TLSv1.2-noroot-server | |
731 | client = 23-client-auth-TLSv1.2-noroot-client | |
732 | ||
733 | [23-client-auth-TLSv1.2-noroot-server] | |
63936115 EK |
734 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
735 | CipherString = DEFAULT | |
78cbe94f MC |
736 | MaxProtocol = TLSv1.2 |
737 | MinProtocol = TLSv1.2 | |
63936115 | 738 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem |
63936115 EK |
739 | VerifyMode = Require |
740 | ||
2c1b0f1e | 741 | [23-client-auth-TLSv1.2-noroot-client] |
63936115 EK |
742 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
743 | CipherString = DEFAULT | |
78cbe94f MC |
744 | MaxProtocol = TLSv1.2 |
745 | MinProtocol = TLSv1.2 | |
63936115 | 746 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem |
63936115 EK |
747 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
748 | VerifyMode = Peer | |
749 | ||
2c1b0f1e | 750 | [test-23] |
63936115 | 751 | ExpectedResult = ServerFail |
9f48bbac | 752 | ExpectedServerAlert = UnknownCA |
63936115 EK |
753 | |
754 | ||
49619ab0 EK |
755 | # =========================================================== |
756 | ||
2c1b0f1e DSH |
757 | [24-server-auth-DTLSv1] |
758 | ssl_conf = 24-server-auth-DTLSv1-ssl | |
49619ab0 | 759 | |
2c1b0f1e DSH |
760 | [24-server-auth-DTLSv1-ssl] |
761 | server = 24-server-auth-DTLSv1-server | |
762 | client = 24-server-auth-DTLSv1-client | |
49619ab0 | 763 | |
2c1b0f1e | 764 | [24-server-auth-DTLSv1-server] |
49619ab0 EK |
765 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
766 | CipherString = DEFAULT | |
767 | MaxProtocol = DTLSv1 | |
768 | MinProtocol = DTLSv1 | |
769 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
770 | ||
2c1b0f1e | 771 | [24-server-auth-DTLSv1-client] |
49619ab0 EK |
772 | CipherString = DEFAULT |
773 | MaxProtocol = DTLSv1 | |
774 | MinProtocol = DTLSv1 | |
775 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
776 | VerifyMode = Peer | |
777 | ||
2c1b0f1e | 778 | [test-24] |
49619ab0 EK |
779 | ExpectedResult = Success |
780 | Method = DTLS | |
781 | ||
782 | ||
783 | # =========================================================== | |
784 | ||
2c1b0f1e DSH |
785 | [25-client-auth-DTLSv1-request] |
786 | ssl_conf = 25-client-auth-DTLSv1-request-ssl | |
49619ab0 | 787 | |
2c1b0f1e DSH |
788 | [25-client-auth-DTLSv1-request-ssl] |
789 | server = 25-client-auth-DTLSv1-request-server | |
790 | client = 25-client-auth-DTLSv1-request-client | |
49619ab0 | 791 | |
2c1b0f1e | 792 | [25-client-auth-DTLSv1-request-server] |
49619ab0 EK |
793 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
794 | CipherString = DEFAULT | |
795 | MaxProtocol = DTLSv1 | |
796 | MinProtocol = DTLSv1 | |
797 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
798 | VerifyMode = Request | |
799 | ||
2c1b0f1e | 800 | [25-client-auth-DTLSv1-request-client] |
49619ab0 EK |
801 | CipherString = DEFAULT |
802 | MaxProtocol = DTLSv1 | |
803 | MinProtocol = DTLSv1 | |
804 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
805 | VerifyMode = Peer | |
806 | ||
2c1b0f1e | 807 | [test-25] |
49619ab0 EK |
808 | ExpectedResult = Success |
809 | Method = DTLS | |
810 | ||
811 | ||
812 | # =========================================================== | |
813 | ||
2c1b0f1e DSH |
814 | [26-client-auth-DTLSv1-require-fail] |
815 | ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl | |
49619ab0 | 816 | |
2c1b0f1e DSH |
817 | [26-client-auth-DTLSv1-require-fail-ssl] |
818 | server = 26-client-auth-DTLSv1-require-fail-server | |
819 | client = 26-client-auth-DTLSv1-require-fail-client | |
49619ab0 | 820 | |
2c1b0f1e | 821 | [26-client-auth-DTLSv1-require-fail-server] |
49619ab0 EK |
822 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
823 | CipherString = DEFAULT | |
824 | MaxProtocol = DTLSv1 | |
825 | MinProtocol = DTLSv1 | |
826 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
827 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
828 | VerifyMode = Require | |
829 | ||
2c1b0f1e | 830 | [26-client-auth-DTLSv1-require-fail-client] |
49619ab0 EK |
831 | CipherString = DEFAULT |
832 | MaxProtocol = DTLSv1 | |
833 | MinProtocol = DTLSv1 | |
834 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
835 | VerifyMode = Peer | |
836 | ||
2c1b0f1e | 837 | [test-26] |
49619ab0 EK |
838 | ExpectedResult = ServerFail |
839 | ExpectedServerAlert = HandshakeFailure | |
840 | Method = DTLS | |
841 | ||
842 | ||
843 | # =========================================================== | |
844 | ||
2c1b0f1e DSH |
845 | [27-client-auth-DTLSv1-require] |
846 | ssl_conf = 27-client-auth-DTLSv1-require-ssl | |
49619ab0 | 847 | |
2c1b0f1e DSH |
848 | [27-client-auth-DTLSv1-require-ssl] |
849 | server = 27-client-auth-DTLSv1-require-server | |
850 | client = 27-client-auth-DTLSv1-require-client | |
49619ab0 | 851 | |
2c1b0f1e | 852 | [27-client-auth-DTLSv1-require-server] |
49619ab0 EK |
853 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
854 | CipherString = DEFAULT | |
855 | MaxProtocol = DTLSv1 | |
856 | MinProtocol = DTLSv1 | |
857 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
858 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
859 | VerifyMode = Request | |
860 | ||
2c1b0f1e | 861 | [27-client-auth-DTLSv1-require-client] |
49619ab0 EK |
862 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
863 | CipherString = DEFAULT | |
864 | MaxProtocol = DTLSv1 | |
865 | MinProtocol = DTLSv1 | |
866 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
867 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
868 | VerifyMode = Peer | |
869 | ||
2c1b0f1e DSH |
870 | [test-27] |
871 | ExpectedClientCANames = empty | |
872 | ExpectedClientCertType = RSA | |
873 | ExpectedResult = Success | |
874 | Method = DTLS | |
875 | ||
876 | ||
877 | # =========================================================== | |
878 | ||
879 | [28-client-auth-DTLSv1-require-non-empty-names] | |
880 | ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl | |
881 | ||
882 | [28-client-auth-DTLSv1-require-non-empty-names-ssl] | |
883 | server = 28-client-auth-DTLSv1-require-non-empty-names-server | |
884 | client = 28-client-auth-DTLSv1-require-non-empty-names-client | |
885 | ||
886 | [28-client-auth-DTLSv1-require-non-empty-names-server] | |
887 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
888 | CipherString = DEFAULT | |
889 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
890 | MaxProtocol = DTLSv1 | |
891 | MinProtocol = DTLSv1 | |
892 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
893 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
894 | VerifyMode = Request | |
895 | ||
896 | [28-client-auth-DTLSv1-require-non-empty-names-client] | |
897 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
898 | CipherString = DEFAULT | |
899 | MaxProtocol = DTLSv1 | |
900 | MinProtocol = DTLSv1 | |
901 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
902 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
903 | VerifyMode = Peer | |
904 | ||
905 | [test-28] | |
906 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
49619ab0 EK |
907 | ExpectedClientCertType = RSA |
908 | ExpectedResult = Success | |
909 | Method = DTLS | |
910 | ||
911 | ||
912 | # =========================================================== | |
913 | ||
2c1b0f1e DSH |
914 | [29-client-auth-DTLSv1-noroot] |
915 | ssl_conf = 29-client-auth-DTLSv1-noroot-ssl | |
49619ab0 | 916 | |
2c1b0f1e DSH |
917 | [29-client-auth-DTLSv1-noroot-ssl] |
918 | server = 29-client-auth-DTLSv1-noroot-server | |
919 | client = 29-client-auth-DTLSv1-noroot-client | |
49619ab0 | 920 | |
2c1b0f1e | 921 | [29-client-auth-DTLSv1-noroot-server] |
49619ab0 EK |
922 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
923 | CipherString = DEFAULT | |
924 | MaxProtocol = DTLSv1 | |
925 | MinProtocol = DTLSv1 | |
926 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
927 | VerifyMode = Require | |
928 | ||
2c1b0f1e | 929 | [29-client-auth-DTLSv1-noroot-client] |
49619ab0 EK |
930 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
931 | CipherString = DEFAULT | |
932 | MaxProtocol = DTLSv1 | |
933 | MinProtocol = DTLSv1 | |
934 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
935 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
936 | VerifyMode = Peer | |
937 | ||
2c1b0f1e | 938 | [test-29] |
49619ab0 EK |
939 | ExpectedResult = ServerFail |
940 | ExpectedServerAlert = UnknownCA | |
941 | Method = DTLS | |
942 | ||
943 | ||
944 | # =========================================================== | |
945 | ||
2c1b0f1e DSH |
946 | [30-server-auth-DTLSv1.2] |
947 | ssl_conf = 30-server-auth-DTLSv1.2-ssl | |
49619ab0 | 948 | |
2c1b0f1e DSH |
949 | [30-server-auth-DTLSv1.2-ssl] |
950 | server = 30-server-auth-DTLSv1.2-server | |
951 | client = 30-server-auth-DTLSv1.2-client | |
49619ab0 | 952 | |
2c1b0f1e | 953 | [30-server-auth-DTLSv1.2-server] |
49619ab0 EK |
954 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
955 | CipherString = DEFAULT | |
956 | MaxProtocol = DTLSv1.2 | |
957 | MinProtocol = DTLSv1.2 | |
958 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
959 | ||
2c1b0f1e | 960 | [30-server-auth-DTLSv1.2-client] |
49619ab0 EK |
961 | CipherString = DEFAULT |
962 | MaxProtocol = DTLSv1.2 | |
963 | MinProtocol = DTLSv1.2 | |
964 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
965 | VerifyMode = Peer | |
966 | ||
2c1b0f1e | 967 | [test-30] |
49619ab0 EK |
968 | ExpectedResult = Success |
969 | Method = DTLS | |
970 | ||
971 | ||
972 | # =========================================================== | |
973 | ||
2c1b0f1e DSH |
974 | [31-client-auth-DTLSv1.2-request] |
975 | ssl_conf = 31-client-auth-DTLSv1.2-request-ssl | |
49619ab0 | 976 | |
2c1b0f1e DSH |
977 | [31-client-auth-DTLSv1.2-request-ssl] |
978 | server = 31-client-auth-DTLSv1.2-request-server | |
979 | client = 31-client-auth-DTLSv1.2-request-client | |
49619ab0 | 980 | |
2c1b0f1e | 981 | [31-client-auth-DTLSv1.2-request-server] |
49619ab0 EK |
982 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
983 | CipherString = DEFAULT | |
984 | MaxProtocol = DTLSv1.2 | |
985 | MinProtocol = DTLSv1.2 | |
986 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
987 | VerifyMode = Request | |
988 | ||
2c1b0f1e | 989 | [31-client-auth-DTLSv1.2-request-client] |
49619ab0 EK |
990 | CipherString = DEFAULT |
991 | MaxProtocol = DTLSv1.2 | |
992 | MinProtocol = DTLSv1.2 | |
993 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
994 | VerifyMode = Peer | |
995 | ||
2c1b0f1e | 996 | [test-31] |
49619ab0 EK |
997 | ExpectedResult = Success |
998 | Method = DTLS | |
999 | ||
1000 | ||
1001 | # =========================================================== | |
1002 | ||
2c1b0f1e DSH |
1003 | [32-client-auth-DTLSv1.2-require-fail] |
1004 | ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl | |
49619ab0 | 1005 | |
2c1b0f1e DSH |
1006 | [32-client-auth-DTLSv1.2-require-fail-ssl] |
1007 | server = 32-client-auth-DTLSv1.2-require-fail-server | |
1008 | client = 32-client-auth-DTLSv1.2-require-fail-client | |
49619ab0 | 1009 | |
2c1b0f1e | 1010 | [32-client-auth-DTLSv1.2-require-fail-server] |
49619ab0 EK |
1011 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
1012 | CipherString = DEFAULT | |
1013 | MaxProtocol = DTLSv1.2 | |
1014 | MinProtocol = DTLSv1.2 | |
1015 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
1016 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
1017 | VerifyMode = Require | |
1018 | ||
2c1b0f1e | 1019 | [32-client-auth-DTLSv1.2-require-fail-client] |
49619ab0 EK |
1020 | CipherString = DEFAULT |
1021 | MaxProtocol = DTLSv1.2 | |
1022 | MinProtocol = DTLSv1.2 | |
1023 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
1024 | VerifyMode = Peer | |
1025 | ||
2c1b0f1e | 1026 | [test-32] |
49619ab0 EK |
1027 | ExpectedResult = ServerFail |
1028 | ExpectedServerAlert = HandshakeFailure | |
1029 | Method = DTLS | |
1030 | ||
1031 | ||
1032 | # =========================================================== | |
1033 | ||
2c1b0f1e DSH |
1034 | [33-client-auth-DTLSv1.2-require] |
1035 | ssl_conf = 33-client-auth-DTLSv1.2-require-ssl | |
49619ab0 | 1036 | |
2c1b0f1e DSH |
1037 | [33-client-auth-DTLSv1.2-require-ssl] |
1038 | server = 33-client-auth-DTLSv1.2-require-server | |
1039 | client = 33-client-auth-DTLSv1.2-require-client | |
49619ab0 | 1040 | |
2c1b0f1e | 1041 | [33-client-auth-DTLSv1.2-require-server] |
49619ab0 EK |
1042 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
1043 | CipherString = DEFAULT | |
1044 | MaxProtocol = DTLSv1.2 | |
1045 | MinProtocol = DTLSv1.2 | |
1046 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
1047 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
1048 | VerifyMode = Request | |
1049 | ||
2c1b0f1e | 1050 | [33-client-auth-DTLSv1.2-require-client] |
49619ab0 EK |
1051 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
1052 | CipherString = DEFAULT | |
1053 | MaxProtocol = DTLSv1.2 | |
1054 | MinProtocol = DTLSv1.2 | |
1055 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
1056 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
1057 | VerifyMode = Peer | |
1058 | ||
2c1b0f1e DSH |
1059 | [test-33] |
1060 | ExpectedClientCANames = empty | |
49619ab0 EK |
1061 | ExpectedClientCertType = RSA |
1062 | ExpectedResult = Success | |
1063 | Method = DTLS | |
1064 | ||
1065 | ||
1066 | # =========================================================== | |
1067 | ||
2c1b0f1e DSH |
1068 | [34-client-auth-DTLSv1.2-require-non-empty-names] |
1069 | ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl | |
49619ab0 | 1070 | |
2c1b0f1e DSH |
1071 | [34-client-auth-DTLSv1.2-require-non-empty-names-ssl] |
1072 | server = 34-client-auth-DTLSv1.2-require-non-empty-names-server | |
1073 | client = 34-client-auth-DTLSv1.2-require-non-empty-names-client | |
49619ab0 | 1074 | |
2c1b0f1e DSH |
1075 | [34-client-auth-DTLSv1.2-require-non-empty-names-server] |
1076 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem | |
1077 | CipherString = DEFAULT | |
1078 | ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
1079 | MaxProtocol = DTLSv1.2 | |
1080 | MinProtocol = DTLSv1.2 | |
1081 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
1082 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
1083 | VerifyMode = Request | |
1084 | ||
1085 | [34-client-auth-DTLSv1.2-require-non-empty-names-client] | |
1086 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem | |
1087 | CipherString = DEFAULT | |
1088 | MaxProtocol = DTLSv1.2 | |
1089 | MinProtocol = DTLSv1.2 | |
1090 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
1091 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
1092 | VerifyMode = Peer | |
1093 | ||
1094 | [test-34] | |
1095 | ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem | |
1096 | ExpectedClientCertType = RSA | |
1097 | ExpectedResult = Success | |
1098 | Method = DTLS | |
1099 | ||
1100 | ||
1101 | # =========================================================== | |
1102 | ||
1103 | [35-client-auth-DTLSv1.2-noroot] | |
1104 | ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl | |
1105 | ||
1106 | [35-client-auth-DTLSv1.2-noroot-ssl] | |
1107 | server = 35-client-auth-DTLSv1.2-noroot-server | |
1108 | client = 35-client-auth-DTLSv1.2-noroot-client | |
1109 | ||
1110 | [35-client-auth-DTLSv1.2-noroot-server] | |
49619ab0 EK |
1111 | Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem |
1112 | CipherString = DEFAULT | |
1113 | MaxProtocol = DTLSv1.2 | |
1114 | MinProtocol = DTLSv1.2 | |
1115 | PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem | |
1116 | VerifyMode = Require | |
1117 | ||
2c1b0f1e | 1118 | [35-client-auth-DTLSv1.2-noroot-client] |
49619ab0 EK |
1119 | Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem |
1120 | CipherString = DEFAULT | |
1121 | MaxProtocol = DTLSv1.2 | |
1122 | MinProtocol = DTLSv1.2 | |
1123 | PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem | |
1124 | VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem | |
1125 | VerifyMode = Peer | |
1126 | ||
2c1b0f1e | 1127 | [test-35] |
49619ab0 EK |
1128 | ExpectedResult = ServerFail |
1129 | ExpectedServerAlert = UnknownCA | |
1130 | Method = DTLS | |
1131 | ||
1132 |