]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/ssl-tests/04-client_auth.cnf
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use .cnf for config files, not .conf
[thirdparty/openssl.git] / test / ssl-tests / 04-client_auth.cnf
CommitLineData
63936115
EK		 1# Generated with generate_ssl_tests.pl
2
2c1b0f1e 3num_tests = 36
63936115
EK		 4
5test-0 = 0-server-auth-flex
6test-1 = 1-client-auth-flex-request
7test-2 = 2-client-auth-flex-require-fail
8test-3 = 3-client-auth-flex-require
2c1b0f1e
DSH		 9test-4 = 4-client-auth-flex-require-non-empty-names
10test-5 = 5-client-auth-flex-noroot
11test-6 = 6-server-auth-TLSv1
12test-7 = 7-client-auth-TLSv1-request
13test-8 = 8-client-auth-TLSv1-require-fail
14test-9 = 9-client-auth-TLSv1-require
15test-10 = 10-client-auth-TLSv1-require-non-empty-names
16test-11 = 11-client-auth-TLSv1-noroot
17test-12 = 12-server-auth-TLSv1.1
18test-13 = 13-client-auth-TLSv1.1-request
19test-14 = 14-client-auth-TLSv1.1-require-fail
20test-15 = 15-client-auth-TLSv1.1-require
21test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
22test-17 = 17-client-auth-TLSv1.1-noroot
23test-18 = 18-server-auth-TLSv1.2
24test-19 = 19-client-auth-TLSv1.2-request
25test-20 = 20-client-auth-TLSv1.2-require-fail
26test-21 = 21-client-auth-TLSv1.2-require
27test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
28test-23 = 23-client-auth-TLSv1.2-noroot
29test-24 = 24-server-auth-DTLSv1
30test-25 = 25-client-auth-DTLSv1-request
31test-26 = 26-client-auth-DTLSv1-require-fail
32test-27 = 27-client-auth-DTLSv1-require
33test-28 = 28-client-auth-DTLSv1-require-non-empty-names
34test-29 = 29-client-auth-DTLSv1-noroot
35test-30 = 30-server-auth-DTLSv1.2
36test-31 = 31-client-auth-DTLSv1.2-request
37test-32 = 32-client-auth-DTLSv1.2-require-fail
38test-33 = 33-client-auth-DTLSv1.2-require
39test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
40test-35 = 35-client-auth-DTLSv1.2-noroot
63936115
EK		 41# ===========================================================
42
43[0-server-auth-flex]
44ssl_conf = 0-server-auth-flex-ssl
45
46[0-server-auth-flex-ssl]
47server = 0-server-auth-flex-server
48client = 0-server-auth-flex-client
49
50[0-server-auth-flex-server]
51Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
52CipherString = DEFAULT
53PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
54
63936115
EK		 55[0-server-auth-flex-client]
56CipherString = DEFAULT
57VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
58VerifyMode = Peer
59
63936115
EK		 60[test-0]
61ExpectedResult = Success
62
63
64# ===========================================================
65
66[1-client-auth-flex-request]
67ssl_conf = 1-client-auth-flex-request-ssl
68
69[1-client-auth-flex-request-ssl]
70server = 1-client-auth-flex-request-server
71client = 1-client-auth-flex-request-client
72
73[1-client-auth-flex-request-server]
74Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
75CipherString = DEFAULT
76PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
77VerifyMode = Request
78
63936115
EK		 79[1-client-auth-flex-request-client]
80CipherString = DEFAULT
81VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
82VerifyMode = Peer
83
63936115
EK		 84[test-1]
85ExpectedResult = Success
86
87
88# ===========================================================
89
90[2-client-auth-flex-require-fail]
91ssl_conf = 2-client-auth-flex-require-fail-ssl
92
93[2-client-auth-flex-require-fail-ssl]
94server = 2-client-auth-flex-require-fail-server
95client = 2-client-auth-flex-require-fail-client
96
97[2-client-auth-flex-require-fail-server]
98Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
99CipherString = DEFAULT
100PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
101VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
102VerifyMode = Require
103
63936115
EK		 104[2-client-auth-flex-require-fail-client]
105CipherString = DEFAULT
106VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
107VerifyMode = Peer
108
63936115
EK		 109[test-2]
110ExpectedResult = ServerFail
43a0f273 111ExpectedServerAlert = CertificateRequired
63936115
EK		 112
113
114# ===========================================================
115
116[3-client-auth-flex-require]
117ssl_conf = 3-client-auth-flex-require-ssl
118
119[3-client-auth-flex-require-ssl]
120server = 3-client-auth-flex-require-server
121client = 3-client-auth-flex-require-client
122
123[3-client-auth-flex-require-server]
124Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
125CipherString = DEFAULT
126PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
127VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
128VerifyMode = Request
129
63936115
EK		 130[3-client-auth-flex-require-client]
131Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
132CipherString = DEFAULT
133PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
134VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
135VerifyMode = Peer
136
63936115 137[test-3]
2c1b0f1e 138ExpectedClientCANames = empty
a470f023 139ExpectedClientCertType = RSA
63936115
EK		 140ExpectedResult = Success
141
142
143# ===========================================================
144
2c1b0f1e
DSH		 145[4-client-auth-flex-require-non-empty-names]
146ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
63936115 147
2c1b0f1e
DSH		 148[4-client-auth-flex-require-non-empty-names-ssl]
149server = 4-client-auth-flex-require-non-empty-names-server
150client = 4-client-auth-flex-require-non-empty-names-client
63936115 151
2c1b0f1e 152[4-client-auth-flex-require-non-empty-names-server]
63936115
EK		 153Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
154CipherString = DEFAULT
2c1b0f1e 155ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
63936115 156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
2c1b0f1e
DSH		 157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158VerifyMode = Request
63936115 159
2c1b0f1e 160[4-client-auth-flex-require-non-empty-names-client]
63936115
EK		 161Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162CipherString = DEFAULT
163PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
164VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
165VerifyMode = Peer
166
63936115 167[test-4]
2c1b0f1e
DSH		 168ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
169ExpectedClientCertType = RSA
170ExpectedResult = Success
171
172
173# ===========================================================
174
175[5-client-auth-flex-noroot]
176ssl_conf = 5-client-auth-flex-noroot-ssl
177
178[5-client-auth-flex-noroot-ssl]
179server = 5-client-auth-flex-noroot-server
180client = 5-client-auth-flex-noroot-client
181
182[5-client-auth-flex-noroot-server]
183Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
184CipherString = DEFAULT
185PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
186VerifyMode = Require
187
188[5-client-auth-flex-noroot-client]
189Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
190CipherString = DEFAULT
191PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
193VerifyMode = Peer
194
195[test-5]
63936115 196ExpectedResult = ServerFail
9f48bbac 197ExpectedServerAlert = UnknownCA
63936115
EK		 198
199
200# ===========================================================
201
2c1b0f1e
DSH		 202[6-server-auth-TLSv1]
203ssl_conf = 6-server-auth-TLSv1-ssl
63936115 204
2c1b0f1e
DSH		 205[6-server-auth-TLSv1-ssl]
206server = 6-server-auth-TLSv1-server
207client = 6-server-auth-TLSv1-client
63936115 208
2c1b0f1e 209[6-server-auth-TLSv1-server]
63936115
EK		 210Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
211CipherString = DEFAULT
78cbe94f
MC		 212MaxProtocol = TLSv1
213MinProtocol = TLSv1
63936115 214PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 215
2c1b0f1e 216[6-server-auth-TLSv1-client]
63936115 217CipherString = DEFAULT
78cbe94f
MC		 218MaxProtocol = TLSv1
219MinProtocol = TLSv1
63936115
EK		 220VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
221VerifyMode = Peer
222
2c1b0f1e 223[test-6]
63936115
EK		 224ExpectedResult = Success
225
226
227# ===========================================================
228
2c1b0f1e
DSH		 229[7-client-auth-TLSv1-request]
230ssl_conf = 7-client-auth-TLSv1-request-ssl
63936115 231
2c1b0f1e
DSH		 232[7-client-auth-TLSv1-request-ssl]
233server = 7-client-auth-TLSv1-request-server
234client = 7-client-auth-TLSv1-request-client
63936115 235
2c1b0f1e 236[7-client-auth-TLSv1-request-server]
63936115
EK		 237Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
238CipherString = DEFAULT
78cbe94f
MC		 239MaxProtocol = TLSv1
240MinProtocol = TLSv1
63936115 241PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 242VerifyMode = Request
243
2c1b0f1e 244[7-client-auth-TLSv1-request-client]
63936115 245CipherString = DEFAULT
78cbe94f
MC		 246MaxProtocol = TLSv1
247MinProtocol = TLSv1
63936115
EK		 248VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
249VerifyMode = Peer
250
2c1b0f1e 251[test-7]
63936115
EK		 252ExpectedResult = Success
253
254
255# ===========================================================
256
2c1b0f1e
DSH		 257[8-client-auth-TLSv1-require-fail]
258ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
63936115 259
2c1b0f1e
DSH		 260[8-client-auth-TLSv1-require-fail-ssl]
261server = 8-client-auth-TLSv1-require-fail-server
262client = 8-client-auth-TLSv1-require-fail-client
63936115 263
2c1b0f1e 264[8-client-auth-TLSv1-require-fail-server]
63936115
EK		 265Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
266CipherString = DEFAULT
78cbe94f
MC		 267MaxProtocol = TLSv1
268MinProtocol = TLSv1
63936115 269PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 270VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
271VerifyMode = Require
272
2c1b0f1e 273[8-client-auth-TLSv1-require-fail-client]
63936115 274CipherString = DEFAULT
78cbe94f
MC		 275MaxProtocol = TLSv1
276MinProtocol = TLSv1
63936115
EK		 277VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
278VerifyMode = Peer
279
2c1b0f1e 280[test-8]
63936115 281ExpectedResult = ServerFail
9f48bbac 282ExpectedServerAlert = HandshakeFailure
63936115
EK		 283
284
285# ===========================================================
286
2c1b0f1e
DSH		 287[9-client-auth-TLSv1-require]
288ssl_conf = 9-client-auth-TLSv1-require-ssl
63936115 289
2c1b0f1e
DSH		 290[9-client-auth-TLSv1-require-ssl]
291server = 9-client-auth-TLSv1-require-server
292client = 9-client-auth-TLSv1-require-client
63936115 293
2c1b0f1e 294[9-client-auth-TLSv1-require-server]
63936115
EK		 295Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
296CipherString = DEFAULT
78cbe94f
MC		 297MaxProtocol = TLSv1
298MinProtocol = TLSv1
63936115 299PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 300VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
301VerifyMode = Request
302
2c1b0f1e 303[9-client-auth-TLSv1-require-client]
63936115
EK		 304Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
305CipherString = DEFAULT
78cbe94f
MC		 306MaxProtocol = TLSv1
307MinProtocol = TLSv1
63936115 308PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 309VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
310VerifyMode = Peer
311
2c1b0f1e
DSH		 312[test-9]
313ExpectedClientCANames = empty
a470f023 314ExpectedClientCertType = RSA
63936115
EK		 315ExpectedResult = Success
316
317
318# ===========================================================
319
2c1b0f1e
DSH		 320[10-client-auth-TLSv1-require-non-empty-names]
321ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
63936115 322
2c1b0f1e
DSH		 323[10-client-auth-TLSv1-require-non-empty-names-ssl]
324server = 10-client-auth-TLSv1-require-non-empty-names-server
325client = 10-client-auth-TLSv1-require-non-empty-names-client
63936115 326
2c1b0f1e
DSH		 327[10-client-auth-TLSv1-require-non-empty-names-server]
328Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
329CipherString = DEFAULT
330ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
331MaxProtocol = TLSv1
332MinProtocol = TLSv1
333PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
334VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335VerifyMode = Request
336
337[10-client-auth-TLSv1-require-non-empty-names-client]
338Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
339CipherString = DEFAULT
340MaxProtocol = TLSv1
341MinProtocol = TLSv1
342PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
343VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
344VerifyMode = Peer
345
346[test-10]
347ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
348ExpectedClientCertType = RSA
349ExpectedResult = Success
350
351
352# ===========================================================
353
354[11-client-auth-TLSv1-noroot]
355ssl_conf = 11-client-auth-TLSv1-noroot-ssl
356
357[11-client-auth-TLSv1-noroot-ssl]
358server = 11-client-auth-TLSv1-noroot-server
359client = 11-client-auth-TLSv1-noroot-client
360
361[11-client-auth-TLSv1-noroot-server]
63936115
EK		 362Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
363CipherString = DEFAULT
78cbe94f
MC		 364MaxProtocol = TLSv1
365MinProtocol = TLSv1
63936115 366PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 367VerifyMode = Require
368
2c1b0f1e 369[11-client-auth-TLSv1-noroot-client]
63936115
EK		 370Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
371CipherString = DEFAULT
78cbe94f
MC		 372MaxProtocol = TLSv1
373MinProtocol = TLSv1
63936115 374PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 375VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
376VerifyMode = Peer
377
2c1b0f1e 378[test-11]
63936115 379ExpectedResult = ServerFail
9f48bbac 380ExpectedServerAlert = UnknownCA
63936115
EK		 381
382
383# ===========================================================
384
2c1b0f1e
DSH		 385[12-server-auth-TLSv1.1]
386ssl_conf = 12-server-auth-TLSv1.1-ssl
63936115 387
2c1b0f1e
DSH		 388[12-server-auth-TLSv1.1-ssl]
389server = 12-server-auth-TLSv1.1-server
390client = 12-server-auth-TLSv1.1-client
63936115 391
2c1b0f1e 392[12-server-auth-TLSv1.1-server]
63936115
EK		 393Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394CipherString = DEFAULT
78cbe94f
MC		 395MaxProtocol = TLSv1.1
396MinProtocol = TLSv1.1
63936115 397PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 398
2c1b0f1e 399[12-server-auth-TLSv1.1-client]
63936115 400CipherString = DEFAULT
78cbe94f
MC		 401MaxProtocol = TLSv1.1
402MinProtocol = TLSv1.1
63936115
EK		 403VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
404VerifyMode = Peer
405
2c1b0f1e 406[test-12]
63936115
EK		 407ExpectedResult = Success
408
409
410# ===========================================================
411
2c1b0f1e
DSH		 412[13-client-auth-TLSv1.1-request]
413ssl_conf = 13-client-auth-TLSv1.1-request-ssl
63936115 414
2c1b0f1e
DSH		 415[13-client-auth-TLSv1.1-request-ssl]
416server = 13-client-auth-TLSv1.1-request-server
417client = 13-client-auth-TLSv1.1-request-client
63936115 418
2c1b0f1e 419[13-client-auth-TLSv1.1-request-server]
63936115
EK		 420Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421CipherString = DEFAULT
78cbe94f
MC		 422MaxProtocol = TLSv1.1
423MinProtocol = TLSv1.1
63936115 424PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 425VerifyMode = Request
426
2c1b0f1e 427[13-client-auth-TLSv1.1-request-client]
63936115 428CipherString = DEFAULT
78cbe94f
MC		 429MaxProtocol = TLSv1.1
430MinProtocol = TLSv1.1
63936115
EK		 431VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
432VerifyMode = Peer
433
2c1b0f1e 434[test-13]
63936115
EK		 435ExpectedResult = Success
436
437
438# ===========================================================
439
2c1b0f1e
DSH		 440[14-client-auth-TLSv1.1-require-fail]
441ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
63936115 442
2c1b0f1e
DSH		 443[14-client-auth-TLSv1.1-require-fail-ssl]
444server = 14-client-auth-TLSv1.1-require-fail-server
445client = 14-client-auth-TLSv1.1-require-fail-client
63936115 446
2c1b0f1e 447[14-client-auth-TLSv1.1-require-fail-server]
63936115
EK		 448Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
449CipherString = DEFAULT
78cbe94f
MC		 450MaxProtocol = TLSv1.1
451MinProtocol = TLSv1.1
63936115 452PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 453VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
454VerifyMode = Require
455
2c1b0f1e 456[14-client-auth-TLSv1.1-require-fail-client]
63936115 457CipherString = DEFAULT
78cbe94f
MC		 458MaxProtocol = TLSv1.1
459MinProtocol = TLSv1.1
63936115
EK		 460VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
461VerifyMode = Peer
462
2c1b0f1e 463[test-14]
63936115 464ExpectedResult = ServerFail
9f48bbac 465ExpectedServerAlert = HandshakeFailure
63936115
EK		 466
467
468# ===========================================================
469
2c1b0f1e
DSH		 470[15-client-auth-TLSv1.1-require]
471ssl_conf = 15-client-auth-TLSv1.1-require-ssl
63936115 472
2c1b0f1e
DSH		 473[15-client-auth-TLSv1.1-require-ssl]
474server = 15-client-auth-TLSv1.1-require-server
475client = 15-client-auth-TLSv1.1-require-client
63936115 476
2c1b0f1e 477[15-client-auth-TLSv1.1-require-server]
63936115
EK		 478Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
479CipherString = DEFAULT
78cbe94f
MC		 480MaxProtocol = TLSv1.1
481MinProtocol = TLSv1.1
63936115 482PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 483VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
484VerifyMode = Request
485
2c1b0f1e 486[15-client-auth-TLSv1.1-require-client]
63936115
EK		 487Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
488CipherString = DEFAULT
78cbe94f
MC		 489MaxProtocol = TLSv1.1
490MinProtocol = TLSv1.1
63936115 491PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
493VerifyMode = Peer
494
2c1b0f1e
DSH		 495[test-15]
496ExpectedClientCANames = empty
a470f023 497ExpectedClientCertType = RSA
63936115
EK		 498ExpectedResult = Success
499
500
501# ===========================================================
502
2c1b0f1e
DSH		 503[16-client-auth-TLSv1.1-require-non-empty-names]
504ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
63936115 505
2c1b0f1e
DSH		 506[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
507server = 16-client-auth-TLSv1.1-require-non-empty-names-server
508client = 16-client-auth-TLSv1.1-require-non-empty-names-client
63936115 509
2c1b0f1e
DSH		 510[16-client-auth-TLSv1.1-require-non-empty-names-server]
511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512CipherString = DEFAULT
513ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
514MaxProtocol = TLSv1.1
515MinProtocol = TLSv1.1
516PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
517VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
518VerifyMode = Request
519
520[16-client-auth-TLSv1.1-require-non-empty-names-client]
521Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
522CipherString = DEFAULT
523MaxProtocol = TLSv1.1
524MinProtocol = TLSv1.1
525PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
526VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
527VerifyMode = Peer
528
529[test-16]
530ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
531ExpectedClientCertType = RSA
532ExpectedResult = Success
533
534
535# ===========================================================
536
537[17-client-auth-TLSv1.1-noroot]
538ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
539
540[17-client-auth-TLSv1.1-noroot-ssl]
541server = 17-client-auth-TLSv1.1-noroot-server
542client = 17-client-auth-TLSv1.1-noroot-client
543
544[17-client-auth-TLSv1.1-noroot-server]
63936115
EK		 545Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
546CipherString = DEFAULT
78cbe94f
MC		 547MaxProtocol = TLSv1.1
548MinProtocol = TLSv1.1
63936115 549PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 550VerifyMode = Require
551
2c1b0f1e 552[17-client-auth-TLSv1.1-noroot-client]
63936115
EK		 553Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
554CipherString = DEFAULT
78cbe94f
MC		 555MaxProtocol = TLSv1.1
556MinProtocol = TLSv1.1
63936115 557PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 558VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
559VerifyMode = Peer
560
2c1b0f1e 561[test-17]
63936115 562ExpectedResult = ServerFail
9f48bbac 563ExpectedServerAlert = UnknownCA
63936115
EK		 564
565
566# ===========================================================
567
2c1b0f1e
DSH		 568[18-server-auth-TLSv1.2]
569ssl_conf = 18-server-auth-TLSv1.2-ssl
63936115 570
2c1b0f1e
DSH		 571[18-server-auth-TLSv1.2-ssl]
572server = 18-server-auth-TLSv1.2-server
573client = 18-server-auth-TLSv1.2-client
63936115 574
2c1b0f1e 575[18-server-auth-TLSv1.2-server]
63936115
EK		 576Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577CipherString = DEFAULT
78cbe94f
MC		 578MaxProtocol = TLSv1.2
579MinProtocol = TLSv1.2
63936115 580PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115 581
2c1b0f1e 582[18-server-auth-TLSv1.2-client]
63936115 583CipherString = DEFAULT
78cbe94f
MC		 584MaxProtocol = TLSv1.2
585MinProtocol = TLSv1.2
63936115
EK		 586VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
587VerifyMode = Peer
588
2c1b0f1e 589[test-18]
63936115
EK		 590ExpectedResult = Success
591
592
593# ===========================================================
594
2c1b0f1e
DSH		 595[19-client-auth-TLSv1.2-request]
596ssl_conf = 19-client-auth-TLSv1.2-request-ssl
63936115 597
2c1b0f1e
DSH		 598[19-client-auth-TLSv1.2-request-ssl]
599server = 19-client-auth-TLSv1.2-request-server
600client = 19-client-auth-TLSv1.2-request-client
63936115 601
2c1b0f1e 602[19-client-auth-TLSv1.2-request-server]
63936115
EK		 603Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
604CipherString = DEFAULT
78cbe94f
MC		 605MaxProtocol = TLSv1.2
606MinProtocol = TLSv1.2
63936115 607PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 608VerifyMode = Request
609
2c1b0f1e 610[19-client-auth-TLSv1.2-request-client]
63936115 611CipherString = DEFAULT
78cbe94f
MC		 612MaxProtocol = TLSv1.2
613MinProtocol = TLSv1.2
63936115
EK		 614VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
615VerifyMode = Peer
616
2c1b0f1e 617[test-19]
63936115
EK		 618ExpectedResult = Success
619
620
621# ===========================================================
622
2c1b0f1e
DSH		 623[20-client-auth-TLSv1.2-require-fail]
624ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
63936115 625
2c1b0f1e
DSH		 626[20-client-auth-TLSv1.2-require-fail-ssl]
627server = 20-client-auth-TLSv1.2-require-fail-server
628client = 20-client-auth-TLSv1.2-require-fail-client
63936115 629
2c1b0f1e 630[20-client-auth-TLSv1.2-require-fail-server]
63936115
EK		 631Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
632CipherString = DEFAULT
78cbe94f
MC		 633MaxProtocol = TLSv1.2
634MinProtocol = TLSv1.2
63936115 635PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 636VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
637VerifyMode = Require
638
2c1b0f1e 639[20-client-auth-TLSv1.2-require-fail-client]
63936115 640CipherString = DEFAULT
78cbe94f
MC		 641MaxProtocol = TLSv1.2
642MinProtocol = TLSv1.2
63936115
EK		 643VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
644VerifyMode = Peer
645
2c1b0f1e 646[test-20]
63936115 647ExpectedResult = ServerFail
9f48bbac 648ExpectedServerAlert = HandshakeFailure
63936115
EK		 649
650
651# ===========================================================
652
2c1b0f1e
DSH		 653[21-client-auth-TLSv1.2-require]
654ssl_conf = 21-client-auth-TLSv1.2-require-ssl
63936115 655
2c1b0f1e
DSH		 656[21-client-auth-TLSv1.2-require-ssl]
657server = 21-client-auth-TLSv1.2-require-server
658client = 21-client-auth-TLSv1.2-require-client
63936115 659
2c1b0f1e 660[21-client-auth-TLSv1.2-require-server]
63936115
EK		 661Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
662CipherString = DEFAULT
062540cb 663ClientSignatureAlgorithms = SHA256+RSA
78cbe94f
MC		 664MaxProtocol = TLSv1.2
665MinProtocol = TLSv1.2
63936115 666PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 667VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
668VerifyMode = Request
669
2c1b0f1e 670[21-client-auth-TLSv1.2-require-client]
63936115
EK		 671Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
672CipherString = DEFAULT
78cbe94f
MC		 673MaxProtocol = TLSv1.2
674MinProtocol = TLSv1.2
63936115 675PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 676VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
677VerifyMode = Peer
678
2c1b0f1e
DSH		 679[test-21]
680ExpectedClientCANames = empty
a470f023 681ExpectedClientCertType = RSA
062540cb 682ExpectedClientSignHash = SHA256
a92e710b 683ExpectedClientSignType = RSA
63936115
EK		 684ExpectedResult = Success
685
686
687# ===========================================================
688
2c1b0f1e
DSH		 689[22-client-auth-TLSv1.2-require-non-empty-names]
690ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
63936115 691
2c1b0f1e
DSH		 692[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
693server = 22-client-auth-TLSv1.2-require-non-empty-names-server
694client = 22-client-auth-TLSv1.2-require-non-empty-names-client
63936115 695
2c1b0f1e
DSH		 696[22-client-auth-TLSv1.2-require-non-empty-names-server]
697Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
698CipherString = DEFAULT
699ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
700ClientSignatureAlgorithms = SHA256+RSA
701MaxProtocol = TLSv1.2
702MinProtocol = TLSv1.2
703PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
704VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
705VerifyMode = Request
706
707[22-client-auth-TLSv1.2-require-non-empty-names-client]
708Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
709CipherString = DEFAULT
710MaxProtocol = TLSv1.2
711MinProtocol = TLSv1.2
712PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
713VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
714VerifyMode = Peer
715
716[test-22]
717ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
718ExpectedClientCertType = RSA
719ExpectedClientSignHash = SHA256
720ExpectedClientSignType = RSA
721ExpectedResult = Success
722
723
724# ===========================================================
725
726[23-client-auth-TLSv1.2-noroot]
727ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
728
729[23-client-auth-TLSv1.2-noroot-ssl]
730server = 23-client-auth-TLSv1.2-noroot-server
731client = 23-client-auth-TLSv1.2-noroot-client
732
733[23-client-auth-TLSv1.2-noroot-server]
63936115
EK		 734Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
735CipherString = DEFAULT
78cbe94f
MC		 736MaxProtocol = TLSv1.2
737MinProtocol = TLSv1.2
63936115 738PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63936115
EK		 739VerifyMode = Require
740
2c1b0f1e 741[23-client-auth-TLSv1.2-noroot-client]
63936115
EK		 742Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
743CipherString = DEFAULT
78cbe94f
MC		 744MaxProtocol = TLSv1.2
745MinProtocol = TLSv1.2
63936115 746PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
63936115
EK		 747VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
748VerifyMode = Peer
749
2c1b0f1e 750[test-23]
63936115 751ExpectedResult = ServerFail
9f48bbac 752ExpectedServerAlert = UnknownCA
63936115
EK		 753
754
49619ab0
EK		 755# ===========================================================
756
2c1b0f1e
DSH		 757[24-server-auth-DTLSv1]
758ssl_conf = 24-server-auth-DTLSv1-ssl
49619ab0 759
2c1b0f1e
DSH		 760[24-server-auth-DTLSv1-ssl]
761server = 24-server-auth-DTLSv1-server
762client = 24-server-auth-DTLSv1-client
49619ab0 763
2c1b0f1e 764[24-server-auth-DTLSv1-server]
49619ab0
EK		 765Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
766CipherString = DEFAULT
767MaxProtocol = DTLSv1
768MinProtocol = DTLSv1
769PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
770
2c1b0f1e 771[24-server-auth-DTLSv1-client]
49619ab0
EK		 772CipherString = DEFAULT
773MaxProtocol = DTLSv1
774MinProtocol = DTLSv1
775VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
776VerifyMode = Peer
777
2c1b0f1e 778[test-24]
49619ab0
EK		 779ExpectedResult = Success
780Method = DTLS
781
782
783# ===========================================================
784
2c1b0f1e
DSH		 785[25-client-auth-DTLSv1-request]
786ssl_conf = 25-client-auth-DTLSv1-request-ssl
49619ab0 787
2c1b0f1e
DSH		 788[25-client-auth-DTLSv1-request-ssl]
789server = 25-client-auth-DTLSv1-request-server
790client = 25-client-auth-DTLSv1-request-client
49619ab0 791
2c1b0f1e 792[25-client-auth-DTLSv1-request-server]
49619ab0
EK		 793Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
794CipherString = DEFAULT
795MaxProtocol = DTLSv1
796MinProtocol = DTLSv1
797PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
798VerifyMode = Request
799
2c1b0f1e 800[25-client-auth-DTLSv1-request-client]
49619ab0
EK		 801CipherString = DEFAULT
802MaxProtocol = DTLSv1
803MinProtocol = DTLSv1
804VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
805VerifyMode = Peer
806
2c1b0f1e 807[test-25]
49619ab0
EK		 808ExpectedResult = Success
809Method = DTLS
810
811
812# ===========================================================
813
2c1b0f1e
DSH		 814[26-client-auth-DTLSv1-require-fail]
815ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
49619ab0 816
2c1b0f1e
DSH		 817[26-client-auth-DTLSv1-require-fail-ssl]
818server = 26-client-auth-DTLSv1-require-fail-server
819client = 26-client-auth-DTLSv1-require-fail-client
49619ab0 820
2c1b0f1e 821[26-client-auth-DTLSv1-require-fail-server]
49619ab0
EK		 822Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
823CipherString = DEFAULT
824MaxProtocol = DTLSv1
825MinProtocol = DTLSv1
826PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
827VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
828VerifyMode = Require
829
2c1b0f1e 830[26-client-auth-DTLSv1-require-fail-client]
49619ab0
EK		 831CipherString = DEFAULT
832MaxProtocol = DTLSv1
833MinProtocol = DTLSv1
834VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
835VerifyMode = Peer
836
2c1b0f1e 837[test-26]
49619ab0
EK		 838ExpectedResult = ServerFail
839ExpectedServerAlert = HandshakeFailure
840Method = DTLS
841
842
843# ===========================================================
844
2c1b0f1e
DSH		 845[27-client-auth-DTLSv1-require]
846ssl_conf = 27-client-auth-DTLSv1-require-ssl
49619ab0 847
2c1b0f1e
DSH		 848[27-client-auth-DTLSv1-require-ssl]
849server = 27-client-auth-DTLSv1-require-server
850client = 27-client-auth-DTLSv1-require-client
49619ab0 851
2c1b0f1e 852[27-client-auth-DTLSv1-require-server]
49619ab0
EK		 853Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
854CipherString = DEFAULT
855MaxProtocol = DTLSv1
856MinProtocol = DTLSv1
857PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
858VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
859VerifyMode = Request
860
2c1b0f1e 861[27-client-auth-DTLSv1-require-client]
49619ab0
EK		 862Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
863CipherString = DEFAULT
864MaxProtocol = DTLSv1
865MinProtocol = DTLSv1
866PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
867VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
868VerifyMode = Peer
869
2c1b0f1e
DSH		 870[test-27]
871ExpectedClientCANames = empty
872ExpectedClientCertType = RSA
873ExpectedResult = Success
874Method = DTLS
875
876
877# ===========================================================
878
879[28-client-auth-DTLSv1-require-non-empty-names]
880ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
881
882[28-client-auth-DTLSv1-require-non-empty-names-ssl]
883server = 28-client-auth-DTLSv1-require-non-empty-names-server
884client = 28-client-auth-DTLSv1-require-non-empty-names-client
885
886[28-client-auth-DTLSv1-require-non-empty-names-server]
887Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
888CipherString = DEFAULT
889ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
890MaxProtocol = DTLSv1
891MinProtocol = DTLSv1
892PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
894VerifyMode = Request
895
896[28-client-auth-DTLSv1-require-non-empty-names-client]
897Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
898CipherString = DEFAULT
899MaxProtocol = DTLSv1
900MinProtocol = DTLSv1
901PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
902VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
903VerifyMode = Peer
904
905[test-28]
906ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
49619ab0
EK		 907ExpectedClientCertType = RSA
908ExpectedResult = Success
909Method = DTLS
910
911
912# ===========================================================
913
2c1b0f1e
DSH		 914[29-client-auth-DTLSv1-noroot]
915ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
49619ab0 916
2c1b0f1e
DSH		 917[29-client-auth-DTLSv1-noroot-ssl]
918server = 29-client-auth-DTLSv1-noroot-server
919client = 29-client-auth-DTLSv1-noroot-client
49619ab0 920
2c1b0f1e 921[29-client-auth-DTLSv1-noroot-server]
49619ab0
EK		 922Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
923CipherString = DEFAULT
924MaxProtocol = DTLSv1
925MinProtocol = DTLSv1
926PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
927VerifyMode = Require
928
2c1b0f1e 929[29-client-auth-DTLSv1-noroot-client]
49619ab0
EK		 930Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
931CipherString = DEFAULT
932MaxProtocol = DTLSv1
933MinProtocol = DTLSv1
934PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
935VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
936VerifyMode = Peer
937
2c1b0f1e 938[test-29]
49619ab0
EK		 939ExpectedResult = ServerFail
940ExpectedServerAlert = UnknownCA
941Method = DTLS
942
943
944# ===========================================================
945
2c1b0f1e
DSH		 946[30-server-auth-DTLSv1.2]
947ssl_conf = 30-server-auth-DTLSv1.2-ssl
49619ab0 948
2c1b0f1e
DSH		 949[30-server-auth-DTLSv1.2-ssl]
950server = 30-server-auth-DTLSv1.2-server
951client = 30-server-auth-DTLSv1.2-client
49619ab0 952
2c1b0f1e 953[30-server-auth-DTLSv1.2-server]
49619ab0
EK		 954Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
955CipherString = DEFAULT
956MaxProtocol = DTLSv1.2
957MinProtocol = DTLSv1.2
958PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
959
2c1b0f1e 960[30-server-auth-DTLSv1.2-client]
49619ab0
EK		 961CipherString = DEFAULT
962MaxProtocol = DTLSv1.2
963MinProtocol = DTLSv1.2
964VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
965VerifyMode = Peer
966
2c1b0f1e 967[test-30]
49619ab0
EK		 968ExpectedResult = Success
969Method = DTLS
970
971
972# ===========================================================
973
2c1b0f1e
DSH		 974[31-client-auth-DTLSv1.2-request]
975ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
49619ab0 976
2c1b0f1e
DSH		 977[31-client-auth-DTLSv1.2-request-ssl]
978server = 31-client-auth-DTLSv1.2-request-server
979client = 31-client-auth-DTLSv1.2-request-client
49619ab0 980
2c1b0f1e 981[31-client-auth-DTLSv1.2-request-server]
49619ab0
EK		 982Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
983CipherString = DEFAULT
984MaxProtocol = DTLSv1.2
985MinProtocol = DTLSv1.2
986PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
987VerifyMode = Request
988
2c1b0f1e 989[31-client-auth-DTLSv1.2-request-client]
49619ab0
EK		 990CipherString = DEFAULT
991MaxProtocol = DTLSv1.2
992MinProtocol = DTLSv1.2
993VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
994VerifyMode = Peer
995
2c1b0f1e 996[test-31]
49619ab0
EK		 997ExpectedResult = Success
998Method = DTLS
999
1000
1001# ===========================================================
1002
2c1b0f1e
DSH		 1003[32-client-auth-DTLSv1.2-require-fail]
1004ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
49619ab0 1005
2c1b0f1e
DSH		 1006[32-client-auth-DTLSv1.2-require-fail-ssl]
1007server = 32-client-auth-DTLSv1.2-require-fail-server
1008client = 32-client-auth-DTLSv1.2-require-fail-client
49619ab0 1009
2c1b0f1e 1010[32-client-auth-DTLSv1.2-require-fail-server]
49619ab0
EK		 1011Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1012CipherString = DEFAULT
1013MaxProtocol = DTLSv1.2
1014MinProtocol = DTLSv1.2
1015PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1016VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1017VerifyMode = Require
1018
2c1b0f1e 1019[32-client-auth-DTLSv1.2-require-fail-client]
49619ab0
EK		 1020CipherString = DEFAULT
1021MaxProtocol = DTLSv1.2
1022MinProtocol = DTLSv1.2
1023VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1024VerifyMode = Peer
1025
2c1b0f1e 1026[test-32]
49619ab0
EK		 1027ExpectedResult = ServerFail
1028ExpectedServerAlert = HandshakeFailure
1029Method = DTLS
1030
1031
1032# ===========================================================
1033
2c1b0f1e
DSH		 1034[33-client-auth-DTLSv1.2-require]
1035ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
49619ab0 1036
2c1b0f1e
DSH		 1037[33-client-auth-DTLSv1.2-require-ssl]
1038server = 33-client-auth-DTLSv1.2-require-server
1039client = 33-client-auth-DTLSv1.2-require-client
49619ab0 1040
2c1b0f1e 1041[33-client-auth-DTLSv1.2-require-server]
49619ab0
EK		 1042Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1043CipherString = DEFAULT
1044MaxProtocol = DTLSv1.2
1045MinProtocol = DTLSv1.2
1046PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1047VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1048VerifyMode = Request
1049
2c1b0f1e 1050[33-client-auth-DTLSv1.2-require-client]
49619ab0
EK		 1051Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1052CipherString = DEFAULT
1053MaxProtocol = DTLSv1.2
1054MinProtocol = DTLSv1.2
1055PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1056VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057VerifyMode = Peer
1058
2c1b0f1e
DSH		 1059[test-33]
1060ExpectedClientCANames = empty
49619ab0
EK		 1061ExpectedClientCertType = RSA
1062ExpectedResult = Success
1063Method = DTLS
1064
1065
1066# ===========================================================
1067
2c1b0f1e
DSH		 1068[34-client-auth-DTLSv1.2-require-non-empty-names]
1069ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
49619ab0 1070
2c1b0f1e
DSH		 1071[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1072server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
1073client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
49619ab0 1074
2c1b0f1e
DSH		 1075[34-client-auth-DTLSv1.2-require-non-empty-names-server]
1076Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1077CipherString = DEFAULT
1078ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1079MaxProtocol = DTLSv1.2
1080MinProtocol = DTLSv1.2
1081PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1082VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1083VerifyMode = Request
1084
1085[34-client-auth-DTLSv1.2-require-non-empty-names-client]
1086Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1087CipherString = DEFAULT
1088MaxProtocol = DTLSv1.2
1089MinProtocol = DTLSv1.2
1090PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1091VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1092VerifyMode = Peer
1093
1094[test-34]
1095ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1096ExpectedClientCertType = RSA
1097ExpectedResult = Success
1098Method = DTLS
1099
1100
1101# ===========================================================
1102
1103[35-client-auth-DTLSv1.2-noroot]
1104ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
1105
1106[35-client-auth-DTLSv1.2-noroot-ssl]
1107server = 35-client-auth-DTLSv1.2-noroot-server
1108client = 35-client-auth-DTLSv1.2-noroot-client
1109
1110[35-client-auth-DTLSv1.2-noroot-server]
49619ab0
EK		 1111Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1112CipherString = DEFAULT
1113MaxProtocol = DTLSv1.2
1114MinProtocol = DTLSv1.2
1115PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1116VerifyMode = Require
1117
2c1b0f1e 1118[35-client-auth-DTLSv1.2-noroot-client]
49619ab0
EK		 1119Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1120CipherString = DEFAULT
1121MaxProtocol = DTLSv1.2
1122MinProtocol = DTLSv1.2
1123PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1124VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1125VerifyMode = Peer
1126
2c1b0f1e 1127[test-35]
49619ab0
EK		 1128ExpectedResult = ServerFail
1129ExpectedServerAlert = UnknownCA
1130Method = DTLS
1131
1132
A mirror of the official openssl repository