]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/ssl-tests/26-tls13_client_auth.cnf.in
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / test / ssl-tests / 26-tls13_client_auth.cnf.in
1 # -*- mode: perl; -*-
2 # Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## Test TLSv1.3 certificate authentication
11 ## Similar to 04-client_auth.cnf.in output, but specific for
12 ## TLSv1.3 and post-handshake authentication
13
14 use strict;
15 use warnings;
16
17 package ssltests;
18 use OpenSSL::Test::Utils;
19
20 our @tests = (
21 {
22 name => "server-auth-TLSv1.3",
23 server => {
24 "MinProtocol" => "TLSv1.3",
25 "MaxProtocol" => "TLSv1.3",
26 },
27 client => {
28 "MinProtocol" => "TLSv1.3",
29 "MaxProtocol" => "TLSv1.3",
30 },
31 test => {
32 "ExpectedResult" => "Success",
33 },
34 },
35 {
36 name => "client-auth-TLSv1.3-request",
37 server => {
38 "MinProtocol" => "TLSv1.3",
39 "MaxProtocol" => "TLSv1.3",
40 "VerifyMode" => "Request",
41 },
42 client => {
43 "MinProtocol" => "TLSv1.3",
44 "MaxProtocol" => "TLSv1.3",
45 },
46 test => {
47 "ExpectedResult" => "Success",
48 },
49 },
50 {
51 name => "client-auth-TLSv1.3-require-fail",
52 server => {
53 "MinProtocol" => "TLSv1.3",
54 "MaxProtocol" => "TLSv1.3",
55 "VerifyCAFile" => test_pem("root-cert.pem"),
56 "VerifyMode" => "Require",
57 },
58 client => {
59 "MinProtocol" => "TLSv1.3",
60 "MaxProtocol" => "TLSv1.3",
61 },
62 test => {
63 "ExpectedResult" => "ServerFail",
64 "ExpectedServerAlert" => "CertificateRequired",
65 },
66 },
67 {
68 name => "client-auth-TLSv1.3-require",
69 server => {
70 "MinProtocol" => "TLSv1.3",
71 "MaxProtocol" => "TLSv1.3",
72 "ClientSignatureAlgorithms" => "PSS+SHA256",
73 "VerifyCAFile" => test_pem("root-cert.pem"),
74 "VerifyMode" => "Request",
75 },
76 client => {
77 "MinProtocol" => "TLSv1.3",
78 "MaxProtocol" => "TLSv1.3",
79 "Certificate" => test_pem("ee-client-chain.pem"),
80 "PrivateKey" => test_pem("ee-key.pem"),
81 },
82 test => {
83 "ExpectedResult" => "Success",
84 "ExpectedClientCertType" => "RSA",
85 "ExpectedClientSignType" => "RSA-PSS",
86 "ExpectedClientSignHash" => "SHA256",
87 "ExpectedClientCANames" => "empty"
88 },
89 },
90 {
91 name => "client-auth-TLSv1.3-require-non-empty-names",
92 server => {
93 "MinProtocol" => "TLSv1.3",
94 "MaxProtocol" => "TLSv1.3",
95 "ClientSignatureAlgorithms" => "PSS+SHA256",
96 "ClientCAFile" => test_pem("root-cert.pem"),
97 "VerifyCAFile" => test_pem("root-cert.pem"),
98 "VerifyMode" => "Request",
99 },
100 client => {
101 "MinProtocol" => "TLSv1.3",
102 "MaxProtocol" => "TLSv1.3",
103 "Certificate" => test_pem("ee-client-chain.pem"),
104 "PrivateKey" => test_pem("ee-key.pem"),
105 },
106 test => {
107 "ExpectedResult" => "Success",
108 "ExpectedClientCertType" => "RSA",
109 "ExpectedClientSignType" => "RSA-PSS",
110 "ExpectedClientSignHash" => "SHA256",
111 "ExpectedClientCANames" => test_pem("root-cert.pem"),
112 },
113 },
114 {
115 name => "client-auth-TLSv1.3-noroot",
116 server => {
117 "MinProtocol" => "TLSv1.3",
118 "MaxProtocol" => "TLSv1.3",
119 "VerifyMode" => "Require",
120 },
121 client => {
122 "MinProtocol" => "TLSv1.3",
123 "MaxProtocol" => "TLSv1.3",
124 "Certificate" => test_pem("ee-client-chain.pem"),
125 "PrivateKey" => test_pem("ee-key.pem"),
126 },
127 test => {
128 "ExpectedResult" => "ServerFail",
129 "ExpectedServerAlert" => "UnknownCA",
130 },
131 },
132 {
133 name => "client-auth-TLSv1.3-request-post-handshake",
134 server => {
135 "MinProtocol" => "TLSv1.3",
136 "MaxProtocol" => "TLSv1.3",
137 "VerifyMode" => "RequestPostHandshake",
138 },
139 client => {
140 "MinProtocol" => "TLSv1.3",
141 "MaxProtocol" => "TLSv1.3",
142 },
143 test => {
144 "ExpectedResult" => "ServerFail",
145 "HandshakeMode" => "PostHandshakeAuth",
146 },
147 },
148 {
149 name => "client-auth-TLSv1.3-require-fail-post-handshake",
150 server => {
151 "MinProtocol" => "TLSv1.3",
152 "MaxProtocol" => "TLSv1.3",
153 "VerifyCAFile" => test_pem("root-cert.pem"),
154 "VerifyMode" => "RequirePostHandshake",
155 },
156 client => {
157 "MinProtocol" => "TLSv1.3",
158 "MaxProtocol" => "TLSv1.3",
159 },
160 test => {
161 "ExpectedResult" => "ServerFail",
162 "HandshakeMode" => "PostHandshakeAuth",
163 },
164 },
165 {
166 name => "client-auth-TLSv1.3-require-post-handshake",
167 server => {
168 "MinProtocol" => "TLSv1.3",
169 "MaxProtocol" => "TLSv1.3",
170 "ClientSignatureAlgorithms" => "PSS+SHA256",
171 "VerifyCAFile" => test_pem("root-cert.pem"),
172 "VerifyMode" => "RequestPostHandshake",
173 },
174 client => {
175 "MinProtocol" => "TLSv1.3",
176 "MaxProtocol" => "TLSv1.3",
177 "Certificate" => test_pem("ee-client-chain.pem"),
178 "PrivateKey" => test_pem("ee-key.pem"),
179 extra => {
180 "EnablePHA" => "Yes",
181 },
182 },
183 test => {
184 "ExpectedResult" => "Success",
185 "HandshakeMode" => "PostHandshakeAuth",
186 "ExpectedClientCertType" => "RSA",
187 "ExpectedClientSignType" => "RSA-PSS",
188 "ExpectedClientSignHash" => "SHA256",
189 "ExpectedClientCANames" => "empty"
190 },
191 },
192 {
193 name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
194 server => {
195 "MinProtocol" => "TLSv1.3",
196 "MaxProtocol" => "TLSv1.3",
197 "ClientSignatureAlgorithms" => "PSS+SHA256",
198 "ClientCAFile" => test_pem("root-cert.pem"),
199 "VerifyCAFile" => test_pem("root-cert.pem"),
200 "VerifyMode" => "RequestPostHandshake",
201 },
202 client => {
203 "MinProtocol" => "TLSv1.3",
204 "MaxProtocol" => "TLSv1.3",
205 "Certificate" => test_pem("ee-client-chain.pem"),
206 "PrivateKey" => test_pem("ee-key.pem"),
207 extra => {
208 "EnablePHA" => "Yes",
209 },
210 },
211 test => {
212 "ExpectedResult" => "Success",
213 "HandshakeMode" => "PostHandshakeAuth",
214 "ExpectedClientCertType" => "RSA",
215 "ExpectedClientSignType" => "RSA-PSS",
216 "ExpectedClientSignHash" => "SHA256",
217 "ExpectedClientCANames" => test_pem("root-cert.pem"),
218 },
219 },
220 {
221 name => "client-auth-TLSv1.3-noroot-post-handshake",
222 server => {
223 "MinProtocol" => "TLSv1.3",
224 "MaxProtocol" => "TLSv1.3",
225 "VerifyMode" => "RequirePostHandshake",
226 },
227 client => {
228 "MinProtocol" => "TLSv1.3",
229 "MaxProtocol" => "TLSv1.3",
230 "Certificate" => test_pem("ee-client-chain.pem"),
231 "PrivateKey" => test_pem("ee-key.pem"),
232 extra => {
233 "EnablePHA" => "Yes",
234 },
235 },
236 test => {
237 "ExpectedResult" => "ServerFail",
238 "HandshakeMode" => "PostHandshakeAuth",
239 "ExpectedServerAlert" => "UnknownCA",
240 },
241 },
242 {
243 name => "client-auth-TLSv1.3-request-force-client-post-handshake",
244 server => {
245 "MinProtocol" => "TLSv1.3",
246 "MaxProtocol" => "TLSv1.3",
247 "VerifyMode" => "RequestPostHandshake",
248 },
249 client => {
250 "MinProtocol" => "TLSv1.3",
251 "MaxProtocol" => "TLSv1.3",
252 extra => {
253 "EnablePHA" => "Yes",
254 },
255 },
256 test => {
257 "ExpectedResult" => "Success",
258 "HandshakeMode" => "PostHandshakeAuth",
259 },
260 },
261 {
262 name => "client-auth-TLSv1.3-request-force-server-post-handshake",
263 server => {
264 "MinProtocol" => "TLSv1.3",
265 "MaxProtocol" => "TLSv1.3",
266 "VerifyMode" => "RequestPostHandshake",
267 extra => {
268 "ForcePHA" => "Yes",
269 },
270 },
271 client => {
272 "MinProtocol" => "TLSv1.3",
273 "MaxProtocol" => "TLSv1.3",
274 },
275 test => {
276 "ExpectedResult" => "ClientFail",
277 "HandshakeMode" => "PostHandshakeAuth",
278 },
279 },
280 {
281 name => "client-auth-TLSv1.3-request-force-both-post-handshake",
282 server => {
283 "MinProtocol" => "TLSv1.3",
284 "MaxProtocol" => "TLSv1.3",
285 "VerifyMode" => "RequestPostHandshake",
286 extra => {
287 "ForcePHA" => "Yes",
288 },
289 },
290 client => {
291 "MinProtocol" => "TLSv1.3",
292 "MaxProtocol" => "TLSv1.3",
293 extra => {
294 "EnablePHA" => "Yes",
295 },
296 },
297 test => {
298 "ExpectedResult" => "Success",
299 "HandshakeMode" => "PostHandshakeAuth",
300 },
301 },
302 );
A mirror of the official openssl repository