1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-server-auth-TLSv1.3
6 test-1 = 1-client-auth-TLSv1.3-request
7 test-2 = 2-client-auth-TLSv1.3-require-fail
8 test-3 = 3-client-auth-TLSv1.3-require
9 test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
10 test-5 = 5-client-auth-TLSv1.3-noroot
11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
19 # ===========================================================
21 [0-server-auth-TLSv1.3]
22 ssl_conf = 0-server-auth-TLSv1.3-ssl
24 [0-server-auth-TLSv1.3-ssl]
25 server = 0-server-auth-TLSv1.3-server
26 client = 0-server-auth-TLSv1.3-client
28 [0-server-auth-TLSv1.3-server]
29 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
30 CipherString = DEFAULT
33 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
35 [0-server-auth-TLSv1.3-client]
36 CipherString = DEFAULT
39 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
43 ExpectedResult = Success
46 # ===========================================================
48 [1-client-auth-TLSv1.3-request]
49 ssl_conf = 1-client-auth-TLSv1.3-request-ssl
51 [1-client-auth-TLSv1.3-request-ssl]
52 server = 1-client-auth-TLSv1.3-request-server
53 client = 1-client-auth-TLSv1.3-request-client
55 [1-client-auth-TLSv1.3-request-server]
56 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
57 CipherString = DEFAULT
60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63 [1-client-auth-TLSv1.3-request-client]
64 CipherString = DEFAULT
67 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
71 ExpectedResult = Success
74 # ===========================================================
76 [2-client-auth-TLSv1.3-require-fail]
77 ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
79 [2-client-auth-TLSv1.3-require-fail-ssl]
80 server = 2-client-auth-TLSv1.3-require-fail-server
81 client = 2-client-auth-TLSv1.3-require-fail-client
83 [2-client-auth-TLSv1.3-require-fail-server]
84 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
85 CipherString = DEFAULT
88 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
92 [2-client-auth-TLSv1.3-require-fail-client]
93 CipherString = DEFAULT
96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
100 ExpectedResult = ServerFail
101 ExpectedServerAlert = HandshakeFailure
104 # ===========================================================
106 [3-client-auth-TLSv1.3-require]
107 ssl_conf = 3-client-auth-TLSv1.3-require-ssl
109 [3-client-auth-TLSv1.3-require-ssl]
110 server = 3-client-auth-TLSv1.3-require-server
111 client = 3-client-auth-TLSv1.3-require-client
113 [3-client-auth-TLSv1.3-require-server]
114 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115 CipherString = DEFAULT
116 ClientSignatureAlgorithms = PSS+SHA256
117 MaxProtocol = TLSv1.3
118 MinProtocol = TLSv1.3
119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
123 [3-client-auth-TLSv1.3-require-client]
124 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
125 CipherString = DEFAULT
126 MaxProtocol = TLSv1.3
127 MinProtocol = TLSv1.3
128 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
129 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
133 ExpectedClientCANames = empty
134 ExpectedClientCertType = RSA
135 ExpectedClientSignHash = SHA256
136 ExpectedClientSignType = RSA-PSS
137 ExpectedResult = Success
140 # ===========================================================
142 [4-client-auth-TLSv1.3-require-non-empty-names]
143 ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
145 [4-client-auth-TLSv1.3-require-non-empty-names-ssl]
146 server = 4-client-auth-TLSv1.3-require-non-empty-names-server
147 client = 4-client-auth-TLSv1.3-require-non-empty-names-client
149 [4-client-auth-TLSv1.3-require-non-empty-names-server]
150 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151 CipherString = DEFAULT
152 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153 ClientSignatureAlgorithms = PSS+SHA256
154 MaxProtocol = TLSv1.3
155 MinProtocol = TLSv1.3
156 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
160 [4-client-auth-TLSv1.3-require-non-empty-names-client]
161 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162 CipherString = DEFAULT
163 MaxProtocol = TLSv1.3
164 MinProtocol = TLSv1.3
165 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
166 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
170 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
171 ExpectedClientCertType = RSA
172 ExpectedClientSignHash = SHA256
173 ExpectedClientSignType = RSA-PSS
174 ExpectedResult = Success
177 # ===========================================================
179 [5-client-auth-TLSv1.3-noroot]
180 ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
182 [5-client-auth-TLSv1.3-noroot-ssl]
183 server = 5-client-auth-TLSv1.3-noroot-server
184 client = 5-client-auth-TLSv1.3-noroot-client
186 [5-client-auth-TLSv1.3-noroot-server]
187 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
188 CipherString = DEFAULT
189 MaxProtocol = TLSv1.3
190 MinProtocol = TLSv1.3
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
194 [5-client-auth-TLSv1.3-noroot-client]
195 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
196 CipherString = DEFAULT
197 MaxProtocol = TLSv1.3
198 MinProtocol = TLSv1.3
199 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
204 ExpectedResult = ServerFail
205 ExpectedServerAlert = UnknownCA
208 # ===========================================================
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
213 [6-client-auth-TLSv1.3-request-post-handshake-ssl]
214 server = 6-client-auth-TLSv1.3-request-post-handshake-server
215 client = 6-client-auth-TLSv1.3-request-post-handshake-client
217 [6-client-auth-TLSv1.3-request-post-handshake-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT
220 MaxProtocol = TLSv1.3
221 MinProtocol = TLSv1.3
222 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223 VerifyMode = RequestPostHandshake
225 [6-client-auth-TLSv1.3-request-post-handshake-client]
226 CipherString = DEFAULT
227 MaxProtocol = TLSv1.3
228 MinProtocol = TLSv1.3
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
233 ExpectedResult = ServerFail
234 HandshakeMode = PostHandshakeAuth
237 # ===========================================================
239 [7-client-auth-TLSv1.3-require-fail-post-handshake]
240 ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
242 [7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
243 server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
244 client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
246 [7-client-auth-TLSv1.3-require-fail-post-handshake-server]
247 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248 CipherString = DEFAULT
249 MaxProtocol = TLSv1.3
250 MinProtocol = TLSv1.3
251 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253 VerifyMode = RequirePostHandshake
255 [7-client-auth-TLSv1.3-require-fail-post-handshake-client]
256 CipherString = DEFAULT
257 MaxProtocol = TLSv1.3
258 MinProtocol = TLSv1.3
259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
263 ExpectedResult = ServerFail
264 HandshakeMode = PostHandshakeAuth
267 # ===========================================================
269 [8-client-auth-TLSv1.3-require-post-handshake]
270 ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
272 [8-client-auth-TLSv1.3-require-post-handshake-ssl]
273 server = 8-client-auth-TLSv1.3-require-post-handshake-server
274 client = 8-client-auth-TLSv1.3-require-post-handshake-client
276 [8-client-auth-TLSv1.3-require-post-handshake-server]
277 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
278 CipherString = DEFAULT
279 ClientSignatureAlgorithms = PSS+SHA256
280 MaxProtocol = TLSv1.3
281 MinProtocol = TLSv1.3
282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
284 VerifyMode = RequestPostHandshake
286 [8-client-auth-TLSv1.3-require-post-handshake-client]
287 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
288 CipherString = DEFAULT
289 MaxProtocol = TLSv1.3
290 MinProtocol = TLSv1.3
291 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
292 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
296 ExpectedClientCANames = empty
297 ExpectedClientCertType = RSA
298 ExpectedClientSignHash = SHA256
299 ExpectedClientSignType = RSA-PSS
300 ExpectedResult = Success
301 HandshakeMode = PostHandshakeAuth
304 # ===========================================================
306 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
307 ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
309 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
310 server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
311 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
313 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
314 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
315 CipherString = DEFAULT
316 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
317 ClientSignatureAlgorithms = PSS+SHA256
318 MaxProtocol = TLSv1.3
319 MinProtocol = TLSv1.3
320 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
321 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
322 VerifyMode = RequestPostHandshake
324 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
325 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
326 CipherString = DEFAULT
327 MaxProtocol = TLSv1.3
328 MinProtocol = TLSv1.3
329 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
330 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
334 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335 ExpectedClientCertType = RSA
336 ExpectedClientSignHash = SHA256
337 ExpectedClientSignType = RSA-PSS
338 ExpectedResult = Success
339 HandshakeMode = PostHandshakeAuth
342 # ===========================================================
344 [10-client-auth-TLSv1.3-noroot-post-handshake]
345 ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
347 [10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
348 server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
349 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
351 [10-client-auth-TLSv1.3-noroot-post-handshake-server]
352 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
353 CipherString = DEFAULT
354 MaxProtocol = TLSv1.3
355 MinProtocol = TLSv1.3
356 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
357 VerifyMode = RequirePostHandshake
359 [10-client-auth-TLSv1.3-noroot-post-handshake-client]
360 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
361 CipherString = DEFAULT
362 MaxProtocol = TLSv1.3
363 MinProtocol = TLSv1.3
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
365 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
369 ExpectedResult = ServerFail
370 ExpectedServerAlert = UnknownCA
371 HandshakeMode = PostHandshakeAuth
374 # ===========================================================
376 [11-client-auth-TLSv1.3-request-force-client-post-handshake]
377 ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
379 [11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
380 server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
381 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
383 [11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
384 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
385 CipherString = DEFAULT
386 MaxProtocol = TLSv1.3
387 MinProtocol = TLSv1.3
388 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
389 VerifyMode = RequestPostHandshake
391 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
392 CipherString = DEFAULT
393 MaxProtocol = TLSv1.3
394 MinProtocol = TLSv1.3
395 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
399 ExpectedResult = Success
400 HandshakeMode = PostHandshakeAuth
401 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
403 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
407 # ===========================================================
409 [12-client-auth-TLSv1.3-request-force-server-post-handshake]
410 ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
412 [12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
413 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
414 client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
416 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
417 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
418 CipherString = DEFAULT
419 MaxProtocol = TLSv1.3
420 MinProtocol = TLSv1.3
421 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
422 VerifyMode = RequestPostHandshake
424 [12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
425 CipherString = DEFAULT
426 MaxProtocol = TLSv1.3
427 MinProtocol = TLSv1.3
428 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
432 ExpectedResult = ClientFail
433 HandshakeMode = PostHandshakeAuth
434 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
436 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
440 # ===========================================================
442 [13-client-auth-TLSv1.3-request-force-both-post-handshake]
443 ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
445 [13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
446 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
447 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
449 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
450 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
451 CipherString = DEFAULT
452 MaxProtocol = TLSv1.3
453 MinProtocol = TLSv1.3
454 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
455 VerifyMode = RequestPostHandshake
457 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
458 CipherString = DEFAULT
459 MaxProtocol = TLSv1.3
460 MinProtocol = TLSv1.3
461 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
465 ExpectedResult = Success
466 HandshakeMode = PostHandshakeAuth
467 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
468 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
470 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
473 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]