2 # Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 ## Test TLSv1.3 certificate authentication
11 ## Similar to 04-client_auth.conf.in output, but specific for
12 ## TLSv1.3 and post-handshake authentication
18 use OpenSSL::Test::Utils;
22 name => "server-auth-TLSv1.3",
24 "MinProtocol" => "TLSv1.3",
25 "MaxProtocol" => "TLSv1.3",
28 "MinProtocol" => "TLSv1.3",
29 "MaxProtocol" => "TLSv1.3",
32 "ExpectedResult" => "Success",
36 name => "client-auth-TLSv1.3-request",
38 "MinProtocol" => "TLSv1.3",
39 "MaxProtocol" => "TLSv1.3",
40 "VerifyMode" => "Request",
43 "MinProtocol" => "TLSv1.3",
44 "MaxProtocol" => "TLSv1.3",
47 "ExpectedResult" => "Success",
51 name => "client-auth-TLSv1.3-require-fail",
53 "MinProtocol" => "TLSv1.3",
54 "MaxProtocol" => "TLSv1.3",
55 "VerifyCAFile" => test_pem("root-cert.pem"),
56 "VerifyMode" => "Require",
59 "MinProtocol" => "TLSv1.3",
60 "MaxProtocol" => "TLSv1.3",
63 "ExpectedResult" => "ServerFail",
64 "ExpectedServerAlert" => "HandshakeFailure",
68 name => "client-auth-TLSv1.3-require",
70 "MinProtocol" => "TLSv1.3",
71 "MaxProtocol" => "TLSv1.3",
72 "ClientSignatureAlgorithms" => "PSS+SHA256",
73 "VerifyCAFile" => test_pem("root-cert.pem"),
74 "VerifyMode" => "Request",
77 "MinProtocol" => "TLSv1.3",
78 "MaxProtocol" => "TLSv1.3",
79 "Certificate" => test_pem("ee-client-chain.pem"),
80 "PrivateKey" => test_pem("ee-key.pem"),
83 "ExpectedResult" => "Success",
84 "ExpectedClientCertType" => "RSA",
85 "ExpectedClientSignType" => "RSA-PSS",
86 "ExpectedClientSignHash" => "SHA256",
87 "ExpectedClientCANames" => "empty"
91 name => "client-auth-TLSv1.3-require-non-empty-names",
93 "MinProtocol" => "TLSv1.3",
94 "MaxProtocol" => "TLSv1.3",
95 "ClientSignatureAlgorithms" => "PSS+SHA256",
96 "ClientCAFile" => test_pem("root-cert.pem"),
97 "VerifyCAFile" => test_pem("root-cert.pem"),
98 "VerifyMode" => "Request",
101 "MinProtocol" => "TLSv1.3",
102 "MaxProtocol" => "TLSv1.3",
103 "Certificate" => test_pem("ee-client-chain.pem"),
104 "PrivateKey" => test_pem("ee-key.pem"),
107 "ExpectedResult" => "Success",
108 "ExpectedClientCertType" => "RSA",
109 "ExpectedClientSignType" => "RSA-PSS",
110 "ExpectedClientSignHash" => "SHA256",
111 "ExpectedClientCANames" => test_pem("root-cert.pem"),
115 name => "client-auth-TLSv1.3-noroot",
117 "MinProtocol" => "TLSv1.3",
118 "MaxProtocol" => "TLSv1.3",
119 "VerifyMode" => "Require",
122 "MinProtocol" => "TLSv1.3",
123 "MaxProtocol" => "TLSv1.3",
124 "Certificate" => test_pem("ee-client-chain.pem"),
125 "PrivateKey" => test_pem("ee-key.pem"),
128 "ExpectedResult" => "ServerFail",
129 "ExpectedServerAlert" => "UnknownCA",
133 name => "client-auth-TLSv1.3-request-post-handshake",
135 "MinProtocol" => "TLSv1.3",
136 "MaxProtocol" => "TLSv1.3",
137 "VerifyMode" => "RequestPostHandshake",
140 "MinProtocol" => "TLSv1.3",
141 "MaxProtocol" => "TLSv1.3",
144 "ExpectedResult" => "ServerFail",
145 "HandshakeMode" => "PostHandshakeAuth",
149 name => "client-auth-TLSv1.3-require-fail-post-handshake",
151 "MinProtocol" => "TLSv1.3",
152 "MaxProtocol" => "TLSv1.3",
153 "VerifyCAFile" => test_pem("root-cert.pem"),
154 "VerifyMode" => "RequirePostHandshake",
157 "MinProtocol" => "TLSv1.3",
158 "MaxProtocol" => "TLSv1.3",
161 "ExpectedResult" => "ServerFail",
162 "HandshakeMode" => "PostHandshakeAuth",
166 name => "client-auth-TLSv1.3-require-post-handshake",
168 "MinProtocol" => "TLSv1.3",
169 "MaxProtocol" => "TLSv1.3",
170 "ClientSignatureAlgorithms" => "PSS+SHA256",
171 "VerifyCAFile" => test_pem("root-cert.pem"),
172 "VerifyMode" => "RequestPostHandshake",
175 "MinProtocol" => "TLSv1.3",
176 "MaxProtocol" => "TLSv1.3",
177 "Certificate" => test_pem("ee-client-chain.pem"),
178 "PrivateKey" => test_pem("ee-key.pem"),
181 "ExpectedResult" => "Success",
182 "HandshakeMode" => "PostHandshakeAuth",
183 "ExpectedClientCertType" => "RSA",
184 "ExpectedClientSignType" => "RSA-PSS",
185 "ExpectedClientSignHash" => "SHA256",
186 "ExpectedClientCANames" => "empty"
190 name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
192 "MinProtocol" => "TLSv1.3",
193 "MaxProtocol" => "TLSv1.3",
194 "ClientSignatureAlgorithms" => "PSS+SHA256",
195 "ClientCAFile" => test_pem("root-cert.pem"),
196 "VerifyCAFile" => test_pem("root-cert.pem"),
197 "VerifyMode" => "RequestPostHandshake",
200 "MinProtocol" => "TLSv1.3",
201 "MaxProtocol" => "TLSv1.3",
202 "Certificate" => test_pem("ee-client-chain.pem"),
203 "PrivateKey" => test_pem("ee-key.pem"),
206 "ExpectedResult" => "Success",
207 "HandshakeMode" => "PostHandshakeAuth",
208 "ExpectedClientCertType" => "RSA",
209 "ExpectedClientSignType" => "RSA-PSS",
210 "ExpectedClientSignHash" => "SHA256",
211 "ExpectedClientCANames" => test_pem("root-cert.pem"),
215 name => "client-auth-TLSv1.3-noroot-post-handshake",
217 "MinProtocol" => "TLSv1.3",
218 "MaxProtocol" => "TLSv1.3",
219 "VerifyMode" => "RequirePostHandshake",
222 "MinProtocol" => "TLSv1.3",
223 "MaxProtocol" => "TLSv1.3",
224 "Certificate" => test_pem("ee-client-chain.pem"),
225 "PrivateKey" => test_pem("ee-key.pem"),
228 "ExpectedResult" => "ServerFail",
229 "HandshakeMode" => "PostHandshakeAuth",
230 "ExpectedServerAlert" => "UnknownCA",
234 name => "client-auth-TLSv1.3-request-force-client-post-handshake",
236 "MinProtocol" => "TLSv1.3",
237 "MaxProtocol" => "TLSv1.3",
238 "VerifyMode" => "RequestPostHandshake",
241 "MinProtocol" => "TLSv1.3",
242 "MaxProtocol" => "TLSv1.3",
248 "ExpectedResult" => "Success",
249 "HandshakeMode" => "PostHandshakeAuth",
253 name => "client-auth-TLSv1.3-request-force-server-post-handshake",
255 "MinProtocol" => "TLSv1.3",
256 "MaxProtocol" => "TLSv1.3",
257 "VerifyMode" => "RequestPostHandshake",
263 "MinProtocol" => "TLSv1.3",
264 "MaxProtocol" => "TLSv1.3",
267 "ExpectedResult" => "ClientFail",
268 "HandshakeMode" => "PostHandshakeAuth",
272 name => "client-auth-TLSv1.3-request-force-both-post-handshake",
274 "MinProtocol" => "TLSv1.3",
275 "MaxProtocol" => "TLSv1.3",
276 "VerifyMode" => "RequestPostHandshake",
282 "MinProtocol" => "TLSv1.3",
283 "MaxProtocol" => "TLSv1.3",
289 "ExpectedResult" => "Success",
290 "HandshakeMode" => "PostHandshakeAuth",