1# Generated with generate_ssl_tests.pl 2 3num_tests = 40 4 5test-0 = 0-server-auth-flex 6test-1 = 1-client-auth-flex-request 7test-2 = 2-client-auth-flex-require-fail 8test-3 = 3-client-auth-flex-require 9test-4 = 4-client-auth-flex-rsa-pss 10test-5 = 5-client-auth-flex-rsa-pss-bad 11test-6 = 6-client-auth-flex-require-non-empty-names 12test-7 = 7-client-auth-flex-noroot 13test-8 = 8-server-auth-TLSv1 14test-9 = 9-client-auth-TLSv1-request 15test-10 = 10-client-auth-TLSv1-require-fail 16test-11 = 11-client-auth-TLSv1-require 17test-12 = 12-client-auth-TLSv1-require-non-empty-names 18test-13 = 13-client-auth-TLSv1-noroot 19test-14 = 14-server-auth-TLSv1.1 20test-15 = 15-client-auth-TLSv1.1-request 21test-16 = 16-client-auth-TLSv1.1-require-fail 22test-17 = 17-client-auth-TLSv1.1-require 23test-18 = 18-client-auth-TLSv1.1-require-non-empty-names 24test-19 = 19-client-auth-TLSv1.1-noroot 25test-20 = 20-server-auth-TLSv1.2 26test-21 = 21-client-auth-TLSv1.2-request 27test-22 = 22-client-auth-TLSv1.2-require-fail 28test-23 = 23-client-auth-TLSv1.2-require 29test-24 = 24-client-auth-TLSv1.2-rsa-pss 30test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad 31test-26 = 26-client-auth-TLSv1.2-require-non-empty-names 32test-27 = 27-client-auth-TLSv1.2-noroot 33test-28 = 28-server-auth-DTLSv1 34test-29 = 29-client-auth-DTLSv1-request 35test-30 = 30-client-auth-DTLSv1-require-fail 36test-31 = 31-client-auth-DTLSv1-require 37test-32 = 32-client-auth-DTLSv1-require-non-empty-names 38test-33 = 33-client-auth-DTLSv1-noroot 39test-34 = 34-server-auth-DTLSv1.2 40test-35 = 35-client-auth-DTLSv1.2-request 41test-36 = 36-client-auth-DTLSv1.2-require-fail 42test-37 = 37-client-auth-DTLSv1.2-require 43test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names 44test-39 = 39-client-auth-DTLSv1.2-noroot 45# =========================================================== 46 47[0-server-auth-flex] 48ssl_conf = 0-server-auth-flex-ssl 49 50[0-server-auth-flex-ssl] 51server = 0-server-auth-flex-server 52client = 0-server-auth-flex-client 53 54[0-server-auth-flex-server] 55Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 56CipherString = DEFAULT:@SECLEVEL=0 57PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 58 59[0-server-auth-flex-client] 60CipherString = DEFAULT:@SECLEVEL=0 61VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 62VerifyMode = Peer 63 64[test-0] 65ExpectedResult = Success 66 67 68# =========================================================== 69 70[1-client-auth-flex-request] 71ssl_conf = 1-client-auth-flex-request-ssl 72 73[1-client-auth-flex-request-ssl] 74server = 1-client-auth-flex-request-server 75client = 1-client-auth-flex-request-client 76 77[1-client-auth-flex-request-server] 78Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 79CipherString = DEFAULT:@SECLEVEL=0 80PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 81VerifyMode = Request 82 83[1-client-auth-flex-request-client] 84CipherString = DEFAULT:@SECLEVEL=0 85VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 86VerifyMode = Peer 87 88[test-1] 89ExpectedResult = Success 90 91 92# =========================================================== 93 94[2-client-auth-flex-require-fail] 95ssl_conf = 2-client-auth-flex-require-fail-ssl 96 97[2-client-auth-flex-require-fail-ssl] 98server = 2-client-auth-flex-require-fail-server 99client = 2-client-auth-flex-require-fail-client 100 101[2-client-auth-flex-require-fail-server] 102Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 103CipherString = DEFAULT:@SECLEVEL=0 104PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 105VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 106VerifyMode = Require 107 108[2-client-auth-flex-require-fail-client] 109CipherString = DEFAULT:@SECLEVEL=0 110VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 111VerifyMode = Peer 112 113[test-2] 114ExpectedResult = ServerFail 115ExpectedServerAlert = CertificateRequired 116 117 118# =========================================================== 119 120[3-client-auth-flex-require] 121ssl_conf = 3-client-auth-flex-require-ssl 122 123[3-client-auth-flex-require-ssl] 124server = 3-client-auth-flex-require-server 125client = 3-client-auth-flex-require-client 126 127[3-client-auth-flex-require-server] 128Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 129CipherString = DEFAULT:@SECLEVEL=0 130PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 131VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 132VerifyMode = Request 133 134[3-client-auth-flex-require-client] 135Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 136CipherString = DEFAULT:@SECLEVEL=0 137PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 138VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 139VerifyMode = Peer 140 141[test-3] 142ExpectedClientCANames = empty 143ExpectedClientCertType = RSA 144ExpectedResult = Success 145 146 147# =========================================================== 148 149[4-client-auth-flex-rsa-pss] 150ssl_conf = 4-client-auth-flex-rsa-pss-ssl 151 152[4-client-auth-flex-rsa-pss-ssl] 153server = 4-client-auth-flex-rsa-pss-server 154client = 4-client-auth-flex-rsa-pss-client 155 156[4-client-auth-flex-rsa-pss-server] 157Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 158CipherString = DEFAULT:@SECLEVEL=0 159ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 160PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 161VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 162VerifyMode = Require 163 164[4-client-auth-flex-rsa-pss-client] 165Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem 166CipherString = DEFAULT:@SECLEVEL=0 167Options = StrictCertCheck 168PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem 169VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 170VerifyMode = Peer 171 172[test-4] 173ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem 174ExpectedClientCertType = RSA-PSS 175ExpectedResult = Success 176 177 178# =========================================================== 179 180[5-client-auth-flex-rsa-pss-bad] 181ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl 182 183[5-client-auth-flex-rsa-pss-bad-ssl] 184server = 5-client-auth-flex-rsa-pss-bad-server 185client = 5-client-auth-flex-rsa-pss-bad-client 186 187[5-client-auth-flex-rsa-pss-bad-server] 188Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 189CipherString = DEFAULT:@SECLEVEL=0 190ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem 191PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem 193VerifyMode = Require 194 195[5-client-auth-flex-rsa-pss-bad-client] 196Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem 197CipherString = DEFAULT:@SECLEVEL=0 198Options = StrictCertCheck 199PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem 200VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 201VerifyMode = Peer 202 203[test-5] 204ExpectedResult = ServerFail 205ExpectedServerAlert = CertificateRequired 206 207 208# =========================================================== 209 210[6-client-auth-flex-require-non-empty-names] 211ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl 212 213[6-client-auth-flex-require-non-empty-names-ssl] 214server = 6-client-auth-flex-require-non-empty-names-server 215client = 6-client-auth-flex-require-non-empty-names-client 216 217[6-client-auth-flex-require-non-empty-names-server] 218Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 219CipherString = DEFAULT:@SECLEVEL=0 220ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 221PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 222VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 223VerifyMode = Request 224 225[6-client-auth-flex-require-non-empty-names-client] 226Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 227CipherString = DEFAULT:@SECLEVEL=0 228PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 229VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 230VerifyMode = Peer 231 232[test-6] 233ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 234ExpectedClientCertType = RSA 235ExpectedResult = Success 236 237 238# =========================================================== 239 240[7-client-auth-flex-noroot] 241ssl_conf = 7-client-auth-flex-noroot-ssl 242 243[7-client-auth-flex-noroot-ssl] 244server = 7-client-auth-flex-noroot-server 245client = 7-client-auth-flex-noroot-client 246 247[7-client-auth-flex-noroot-server] 248Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 249CipherString = DEFAULT:@SECLEVEL=0 250PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 251VerifyMode = Require 252 253[7-client-auth-flex-noroot-client] 254Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 255CipherString = DEFAULT:@SECLEVEL=0 256PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 257VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 258VerifyMode = Peer 259 260[test-7] 261ExpectedResult = ServerFail 262ExpectedServerAlert = UnknownCA 263 264 265# =========================================================== 266 267[8-server-auth-TLSv1] 268ssl_conf = 8-server-auth-TLSv1-ssl 269 270[8-server-auth-TLSv1-ssl] 271server = 8-server-auth-TLSv1-server 272client = 8-server-auth-TLSv1-client 273 274[8-server-auth-TLSv1-server] 275Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 276CipherString = DEFAULT:@SECLEVEL=0 277MaxProtocol = TLSv1 278MinProtocol = TLSv1 279PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 280 281[8-server-auth-TLSv1-client] 282CipherString = DEFAULT:@SECLEVEL=0 283MaxProtocol = TLSv1 284MinProtocol = TLSv1 285VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 286VerifyMode = Peer 287 288[test-8] 289ExpectedResult = Success 290 291 292# =========================================================== 293 294[9-client-auth-TLSv1-request] 295ssl_conf = 9-client-auth-TLSv1-request-ssl 296 297[9-client-auth-TLSv1-request-ssl] 298server = 9-client-auth-TLSv1-request-server 299client = 9-client-auth-TLSv1-request-client 300 301[9-client-auth-TLSv1-request-server] 302Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 303CipherString = DEFAULT:@SECLEVEL=0 304MaxProtocol = TLSv1 305MinProtocol = TLSv1 306PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 307VerifyMode = Request 308 309[9-client-auth-TLSv1-request-client] 310CipherString = DEFAULT:@SECLEVEL=0 311MaxProtocol = TLSv1 312MinProtocol = TLSv1 313VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 314VerifyMode = Peer 315 316[test-9] 317ExpectedResult = Success 318 319 320# =========================================================== 321 322[10-client-auth-TLSv1-require-fail] 323ssl_conf = 10-client-auth-TLSv1-require-fail-ssl 324 325[10-client-auth-TLSv1-require-fail-ssl] 326server = 10-client-auth-TLSv1-require-fail-server 327client = 10-client-auth-TLSv1-require-fail-client 328 329[10-client-auth-TLSv1-require-fail-server] 330Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 331CipherString = DEFAULT:@SECLEVEL=0 332MaxProtocol = TLSv1 333MinProtocol = TLSv1 334PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 335VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 336VerifyMode = Require 337 338[10-client-auth-TLSv1-require-fail-client] 339CipherString = DEFAULT:@SECLEVEL=0 340MaxProtocol = TLSv1 341MinProtocol = TLSv1 342VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 343VerifyMode = Peer 344 345[test-10] 346ExpectedResult = ServerFail 347ExpectedServerAlert = HandshakeFailure 348 349 350# =========================================================== 351 352[11-client-auth-TLSv1-require] 353ssl_conf = 11-client-auth-TLSv1-require-ssl 354 355[11-client-auth-TLSv1-require-ssl] 356server = 11-client-auth-TLSv1-require-server 357client = 11-client-auth-TLSv1-require-client 358 359[11-client-auth-TLSv1-require-server] 360Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 361CipherString = DEFAULT:@SECLEVEL=0 362MaxProtocol = TLSv1 363MinProtocol = TLSv1 364PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 365VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 366VerifyMode = Request 367 368[11-client-auth-TLSv1-require-client] 369Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 370CipherString = DEFAULT:@SECLEVEL=0 371MaxProtocol = TLSv1 372MinProtocol = TLSv1 373PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 374VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 375VerifyMode = Peer 376 377[test-11] 378ExpectedClientCANames = empty 379ExpectedClientCertType = RSA 380ExpectedResult = Success 381 382 383# =========================================================== 384 385[12-client-auth-TLSv1-require-non-empty-names] 386ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl 387 388[12-client-auth-TLSv1-require-non-empty-names-ssl] 389server = 12-client-auth-TLSv1-require-non-empty-names-server 390client = 12-client-auth-TLSv1-require-non-empty-names-client 391 392[12-client-auth-TLSv1-require-non-empty-names-server] 393Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 394CipherString = DEFAULT:@SECLEVEL=0 395ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 396MaxProtocol = TLSv1 397MinProtocol = TLSv1 398PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 399VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 400VerifyMode = Request 401 402[12-client-auth-TLSv1-require-non-empty-names-client] 403Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 404CipherString = DEFAULT:@SECLEVEL=0 405MaxProtocol = TLSv1 406MinProtocol = TLSv1 407PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 408VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 409VerifyMode = Peer 410 411[test-12] 412ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 413ExpectedClientCertType = RSA 414ExpectedResult = Success 415 416 417# =========================================================== 418 419[13-client-auth-TLSv1-noroot] 420ssl_conf = 13-client-auth-TLSv1-noroot-ssl 421 422[13-client-auth-TLSv1-noroot-ssl] 423server = 13-client-auth-TLSv1-noroot-server 424client = 13-client-auth-TLSv1-noroot-client 425 426[13-client-auth-TLSv1-noroot-server] 427Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 428CipherString = DEFAULT:@SECLEVEL=0 429MaxProtocol = TLSv1 430MinProtocol = TLSv1 431PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 432VerifyMode = Require 433 434[13-client-auth-TLSv1-noroot-client] 435Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 436CipherString = DEFAULT:@SECLEVEL=0 437MaxProtocol = TLSv1 438MinProtocol = TLSv1 439PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 440VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 441VerifyMode = Peer 442 443[test-13] 444ExpectedResult = ServerFail 445ExpectedServerAlert = UnknownCA 446 447 448# =========================================================== 449 450[14-server-auth-TLSv1.1] 451ssl_conf = 14-server-auth-TLSv1.1-ssl 452 453[14-server-auth-TLSv1.1-ssl] 454server = 14-server-auth-TLSv1.1-server 455client = 14-server-auth-TLSv1.1-client 456 457[14-server-auth-TLSv1.1-server] 458Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 459CipherString = DEFAULT:@SECLEVEL=0 460MaxProtocol = TLSv1.1 461MinProtocol = TLSv1.1 462PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 463 464[14-server-auth-TLSv1.1-client] 465CipherString = DEFAULT:@SECLEVEL=0 466MaxProtocol = TLSv1.1 467MinProtocol = TLSv1.1 468VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 469VerifyMode = Peer 470 471[test-14] 472ExpectedResult = Success 473 474 475# =========================================================== 476 477[15-client-auth-TLSv1.1-request] 478ssl_conf = 15-client-auth-TLSv1.1-request-ssl 479 480[15-client-auth-TLSv1.1-request-ssl] 481server = 15-client-auth-TLSv1.1-request-server 482client = 15-client-auth-TLSv1.1-request-client 483 484[15-client-auth-TLSv1.1-request-server] 485Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 486CipherString = DEFAULT:@SECLEVEL=0 487MaxProtocol = TLSv1.1 488MinProtocol = TLSv1.1 489PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 490VerifyMode = Request 491 492[15-client-auth-TLSv1.1-request-client] 493CipherString = DEFAULT:@SECLEVEL=0 494MaxProtocol = TLSv1.1 495MinProtocol = TLSv1.1 496VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 497VerifyMode = Peer 498 499[test-15] 500ExpectedResult = Success 501 502 503# =========================================================== 504 505[16-client-auth-TLSv1.1-require-fail] 506ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl 507 508[16-client-auth-TLSv1.1-require-fail-ssl] 509server = 16-client-auth-TLSv1.1-require-fail-server 510client = 16-client-auth-TLSv1.1-require-fail-client 511 512[16-client-auth-TLSv1.1-require-fail-server] 513Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 514CipherString = DEFAULT:@SECLEVEL=0 515MaxProtocol = TLSv1.1 516MinProtocol = TLSv1.1 517PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 518VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 519VerifyMode = Require 520 521[16-client-auth-TLSv1.1-require-fail-client] 522CipherString = DEFAULT:@SECLEVEL=0 523MaxProtocol = TLSv1.1 524MinProtocol = TLSv1.1 525VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 526VerifyMode = Peer 527 528[test-16] 529ExpectedResult = ServerFail 530ExpectedServerAlert = HandshakeFailure 531 532 533# =========================================================== 534 535[17-client-auth-TLSv1.1-require] 536ssl_conf = 17-client-auth-TLSv1.1-require-ssl 537 538[17-client-auth-TLSv1.1-require-ssl] 539server = 17-client-auth-TLSv1.1-require-server 540client = 17-client-auth-TLSv1.1-require-client 541 542[17-client-auth-TLSv1.1-require-server] 543Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 544CipherString = DEFAULT:@SECLEVEL=0 545MaxProtocol = TLSv1.1 546MinProtocol = TLSv1.1 547PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 548VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 549VerifyMode = Request 550 551[17-client-auth-TLSv1.1-require-client] 552Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 553CipherString = DEFAULT:@SECLEVEL=0 554MaxProtocol = TLSv1.1 555MinProtocol = TLSv1.1 556PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 557VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 558VerifyMode = Peer 559 560[test-17] 561ExpectedClientCANames = empty 562ExpectedClientCertType = RSA 563ExpectedResult = Success 564 565 566# =========================================================== 567 568[18-client-auth-TLSv1.1-require-non-empty-names] 569ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl 570 571[18-client-auth-TLSv1.1-require-non-empty-names-ssl] 572server = 18-client-auth-TLSv1.1-require-non-empty-names-server 573client = 18-client-auth-TLSv1.1-require-non-empty-names-client 574 575[18-client-auth-TLSv1.1-require-non-empty-names-server] 576Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 577CipherString = DEFAULT:@SECLEVEL=0 578ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 579MaxProtocol = TLSv1.1 580MinProtocol = TLSv1.1 581PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 582VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 583VerifyMode = Request 584 585[18-client-auth-TLSv1.1-require-non-empty-names-client] 586Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 587CipherString = DEFAULT:@SECLEVEL=0 588MaxProtocol = TLSv1.1 589MinProtocol = TLSv1.1 590PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 591VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 592VerifyMode = Peer 593 594[test-18] 595ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 596ExpectedClientCertType = RSA 597ExpectedResult = Success 598 599 600# =========================================================== 601 602[19-client-auth-TLSv1.1-noroot] 603ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl 604 605[19-client-auth-TLSv1.1-noroot-ssl] 606server = 19-client-auth-TLSv1.1-noroot-server 607client = 19-client-auth-TLSv1.1-noroot-client 608 609[19-client-auth-TLSv1.1-noroot-server] 610Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 611CipherString = DEFAULT:@SECLEVEL=0 612MaxProtocol = TLSv1.1 613MinProtocol = TLSv1.1 614PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 615VerifyMode = Require 616 617[19-client-auth-TLSv1.1-noroot-client] 618Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 619CipherString = DEFAULT:@SECLEVEL=0 620MaxProtocol = TLSv1.1 621MinProtocol = TLSv1.1 622PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 623VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 624VerifyMode = Peer 625 626[test-19] 627ExpectedResult = ServerFail 628ExpectedServerAlert = UnknownCA 629 630 631# =========================================================== 632 633[20-server-auth-TLSv1.2] 634ssl_conf = 20-server-auth-TLSv1.2-ssl 635 636[20-server-auth-TLSv1.2-ssl] 637server = 20-server-auth-TLSv1.2-server 638client = 20-server-auth-TLSv1.2-client 639 640[20-server-auth-TLSv1.2-server] 641Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 642CipherString = DEFAULT:@SECLEVEL=0 643MaxProtocol = TLSv1.2 644MinProtocol = TLSv1.2 645PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 646 647[20-server-auth-TLSv1.2-client] 648CipherString = DEFAULT:@SECLEVEL=0 649MaxProtocol = TLSv1.2 650MinProtocol = TLSv1.2 651VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 652VerifyMode = Peer 653 654[test-20] 655ExpectedResult = Success 656 657 658# =========================================================== 659 660[21-client-auth-TLSv1.2-request] 661ssl_conf = 21-client-auth-TLSv1.2-request-ssl 662 663[21-client-auth-TLSv1.2-request-ssl] 664server = 21-client-auth-TLSv1.2-request-server 665client = 21-client-auth-TLSv1.2-request-client 666 667[21-client-auth-TLSv1.2-request-server] 668Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 669CipherString = DEFAULT:@SECLEVEL=0 670MaxProtocol = TLSv1.2 671MinProtocol = TLSv1.2 672PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 673VerifyMode = Request 674 675[21-client-auth-TLSv1.2-request-client] 676CipherString = DEFAULT:@SECLEVEL=0 677MaxProtocol = TLSv1.2 678MinProtocol = TLSv1.2 679VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 680VerifyMode = Peer 681 682[test-21] 683ExpectedResult = Success 684 685 686# =========================================================== 687 688[22-client-auth-TLSv1.2-require-fail] 689ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl 690 691[22-client-auth-TLSv1.2-require-fail-ssl] 692server = 22-client-auth-TLSv1.2-require-fail-server 693client = 22-client-auth-TLSv1.2-require-fail-client 694 695[22-client-auth-TLSv1.2-require-fail-server] 696Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 697CipherString = DEFAULT:@SECLEVEL=0 698MaxProtocol = TLSv1.2 699MinProtocol = TLSv1.2 700PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 701VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 702VerifyMode = Require 703 704[22-client-auth-TLSv1.2-require-fail-client] 705CipherString = DEFAULT:@SECLEVEL=0 706MaxProtocol = TLSv1.2 707MinProtocol = TLSv1.2 708VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 709VerifyMode = Peer 710 711[test-22] 712ExpectedResult = ServerFail 713ExpectedServerAlert = HandshakeFailure 714 715 716# =========================================================== 717 718[23-client-auth-TLSv1.2-require] 719ssl_conf = 23-client-auth-TLSv1.2-require-ssl 720 721[23-client-auth-TLSv1.2-require-ssl] 722server = 23-client-auth-TLSv1.2-require-server 723client = 23-client-auth-TLSv1.2-require-client 724 725[23-client-auth-TLSv1.2-require-server] 726Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 727CipherString = DEFAULT:@SECLEVEL=0 728ClientSignatureAlgorithms = SHA256+RSA 729MaxProtocol = TLSv1.2 730MinProtocol = TLSv1.2 731PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 732VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 733VerifyMode = Request 734 735[23-client-auth-TLSv1.2-require-client] 736Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 737CipherString = DEFAULT:@SECLEVEL=0 738MaxProtocol = TLSv1.2 739MinProtocol = TLSv1.2 740PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 741VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 742VerifyMode = Peer 743 744[test-23] 745ExpectedClientCANames = empty 746ExpectedClientCertType = RSA 747ExpectedClientSignHash = SHA256 748ExpectedClientSignType = RSA 749ExpectedResult = Success 750 751 752# =========================================================== 753 754[24-client-auth-TLSv1.2-rsa-pss] 755ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl 756 757[24-client-auth-TLSv1.2-rsa-pss-ssl] 758server = 24-client-auth-TLSv1.2-rsa-pss-server 759client = 24-client-auth-TLSv1.2-rsa-pss-client 760 761[24-client-auth-TLSv1.2-rsa-pss-server] 762Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 763CipherString = DEFAULT:@SECLEVEL=0 764ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 765MaxProtocol = TLSv1.2 766MinProtocol = TLSv1.2 767PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 768VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 769VerifyMode = Require 770 771[24-client-auth-TLSv1.2-rsa-pss-client] 772Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem 773CipherString = DEFAULT:@SECLEVEL=0 774MaxProtocol = TLSv1.2 775MinProtocol = TLSv1.2 776Options = StrictCertCheck 777PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem 778VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 779VerifyMode = Peer 780 781[test-24] 782ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem 783ExpectedClientCertType = RSA-PSS 784ExpectedResult = Success 785 786 787# =========================================================== 788 789[25-client-auth-TLSv1.2-rsa-pss-bad] 790ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl 791 792[25-client-auth-TLSv1.2-rsa-pss-bad-ssl] 793server = 25-client-auth-TLSv1.2-rsa-pss-bad-server 794client = 25-client-auth-TLSv1.2-rsa-pss-bad-client 795 796[25-client-auth-TLSv1.2-rsa-pss-bad-server] 797Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 798CipherString = DEFAULT:@SECLEVEL=0 799ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem 800MaxProtocol = TLSv1.2 801MinProtocol = TLSv1.2 802PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 803VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem 804VerifyMode = Require 805 806[25-client-auth-TLSv1.2-rsa-pss-bad-client] 807Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem 808CipherString = DEFAULT:@SECLEVEL=0 809MaxProtocol = TLSv1.2 810MinProtocol = TLSv1.2 811Options = StrictCertCheck 812PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem 813VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 814VerifyMode = Peer 815 816[test-25] 817ExpectedResult = ServerFail 818ExpectedServerAlert = HandshakeFailure 819 820 821# =========================================================== 822 823[26-client-auth-TLSv1.2-require-non-empty-names] 824ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl 825 826[26-client-auth-TLSv1.2-require-non-empty-names-ssl] 827server = 26-client-auth-TLSv1.2-require-non-empty-names-server 828client = 26-client-auth-TLSv1.2-require-non-empty-names-client 829 830[26-client-auth-TLSv1.2-require-non-empty-names-server] 831Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 832CipherString = DEFAULT:@SECLEVEL=0 833ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 834ClientSignatureAlgorithms = SHA256+RSA 835MaxProtocol = TLSv1.2 836MinProtocol = TLSv1.2 837PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 838VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 839VerifyMode = Request 840 841[26-client-auth-TLSv1.2-require-non-empty-names-client] 842Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 843CipherString = DEFAULT:@SECLEVEL=0 844MaxProtocol = TLSv1.2 845MinProtocol = TLSv1.2 846PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 847VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 848VerifyMode = Peer 849 850[test-26] 851ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 852ExpectedClientCertType = RSA 853ExpectedClientSignHash = SHA256 854ExpectedClientSignType = RSA 855ExpectedResult = Success 856 857 858# =========================================================== 859 860[27-client-auth-TLSv1.2-noroot] 861ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl 862 863[27-client-auth-TLSv1.2-noroot-ssl] 864server = 27-client-auth-TLSv1.2-noroot-server 865client = 27-client-auth-TLSv1.2-noroot-client 866 867[27-client-auth-TLSv1.2-noroot-server] 868Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 869CipherString = DEFAULT:@SECLEVEL=0 870MaxProtocol = TLSv1.2 871MinProtocol = TLSv1.2 872PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 873VerifyMode = Require 874 875[27-client-auth-TLSv1.2-noroot-client] 876Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 877CipherString = DEFAULT:@SECLEVEL=0 878MaxProtocol = TLSv1.2 879MinProtocol = TLSv1.2 880PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 881VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 882VerifyMode = Peer 883 884[test-27] 885ExpectedResult = ServerFail 886ExpectedServerAlert = UnknownCA 887 888 889# =========================================================== 890 891[28-server-auth-DTLSv1] 892ssl_conf = 28-server-auth-DTLSv1-ssl 893 894[28-server-auth-DTLSv1-ssl] 895server = 28-server-auth-DTLSv1-server 896client = 28-server-auth-DTLSv1-client 897 898[28-server-auth-DTLSv1-server] 899Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 900CipherString = DEFAULT:@SECLEVEL=0 901MaxProtocol = DTLSv1 902MinProtocol = DTLSv1 903PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 904 905[28-server-auth-DTLSv1-client] 906CipherString = DEFAULT:@SECLEVEL=0 907MaxProtocol = DTLSv1 908MinProtocol = DTLSv1 909VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 910VerifyMode = Peer 911 912[test-28] 913ExpectedResult = Success 914Method = DTLS 915 916 917# =========================================================== 918 919[29-client-auth-DTLSv1-request] 920ssl_conf = 29-client-auth-DTLSv1-request-ssl 921 922[29-client-auth-DTLSv1-request-ssl] 923server = 29-client-auth-DTLSv1-request-server 924client = 29-client-auth-DTLSv1-request-client 925 926[29-client-auth-DTLSv1-request-server] 927Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 928CipherString = DEFAULT:@SECLEVEL=0 929MaxProtocol = DTLSv1 930MinProtocol = DTLSv1 931PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 932VerifyMode = Request 933 934[29-client-auth-DTLSv1-request-client] 935CipherString = DEFAULT:@SECLEVEL=0 936MaxProtocol = DTLSv1 937MinProtocol = DTLSv1 938VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 939VerifyMode = Peer 940 941[test-29] 942ExpectedResult = Success 943Method = DTLS 944 945 946# =========================================================== 947 948[30-client-auth-DTLSv1-require-fail] 949ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl 950 951[30-client-auth-DTLSv1-require-fail-ssl] 952server = 30-client-auth-DTLSv1-require-fail-server 953client = 30-client-auth-DTLSv1-require-fail-client 954 955[30-client-auth-DTLSv1-require-fail-server] 956Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 957CipherString = DEFAULT:@SECLEVEL=0 958MaxProtocol = DTLSv1 959MinProtocol = DTLSv1 960PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 961VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 962VerifyMode = Require 963 964[30-client-auth-DTLSv1-require-fail-client] 965CipherString = DEFAULT:@SECLEVEL=0 966MaxProtocol = DTLSv1 967MinProtocol = DTLSv1 968VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 969VerifyMode = Peer 970 971[test-30] 972ExpectedResult = ServerFail 973ExpectedServerAlert = HandshakeFailure 974Method = DTLS 975 976 977# =========================================================== 978 979[31-client-auth-DTLSv1-require] 980ssl_conf = 31-client-auth-DTLSv1-require-ssl 981 982[31-client-auth-DTLSv1-require-ssl] 983server = 31-client-auth-DTLSv1-require-server 984client = 31-client-auth-DTLSv1-require-client 985 986[31-client-auth-DTLSv1-require-server] 987Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 988CipherString = DEFAULT:@SECLEVEL=0 989MaxProtocol = DTLSv1 990MinProtocol = DTLSv1 991PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 992VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 993VerifyMode = Request 994 995[31-client-auth-DTLSv1-require-client] 996Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 997CipherString = DEFAULT:@SECLEVEL=0 998MaxProtocol = DTLSv1 999MinProtocol = DTLSv1 1000PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1001VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1002VerifyMode = Peer 1003 1004[test-31] 1005ExpectedClientCANames = empty 1006ExpectedClientCertType = RSA 1007ExpectedResult = Success 1008Method = DTLS 1009 1010 1011# =========================================================== 1012 1013[32-client-auth-DTLSv1-require-non-empty-names] 1014ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl 1015 1016[32-client-auth-DTLSv1-require-non-empty-names-ssl] 1017server = 32-client-auth-DTLSv1-require-non-empty-names-server 1018client = 32-client-auth-DTLSv1-require-non-empty-names-client 1019 1020[32-client-auth-DTLSv1-require-non-empty-names-server] 1021Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1022CipherString = DEFAULT:@SECLEVEL=0 1023ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1024MaxProtocol = DTLSv1 1025MinProtocol = DTLSv1 1026PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1027VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1028VerifyMode = Request 1029 1030[32-client-auth-DTLSv1-require-non-empty-names-client] 1031Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1032CipherString = DEFAULT:@SECLEVEL=0 1033MaxProtocol = DTLSv1 1034MinProtocol = DTLSv1 1035PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1036VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1037VerifyMode = Peer 1038 1039[test-32] 1040ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1041ExpectedClientCertType = RSA 1042ExpectedResult = Success 1043Method = DTLS 1044 1045 1046# =========================================================== 1047 1048[33-client-auth-DTLSv1-noroot] 1049ssl_conf = 33-client-auth-DTLSv1-noroot-ssl 1050 1051[33-client-auth-DTLSv1-noroot-ssl] 1052server = 33-client-auth-DTLSv1-noroot-server 1053client = 33-client-auth-DTLSv1-noroot-client 1054 1055[33-client-auth-DTLSv1-noroot-server] 1056Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1057CipherString = DEFAULT:@SECLEVEL=0 1058MaxProtocol = DTLSv1 1059MinProtocol = DTLSv1 1060PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1061VerifyMode = Require 1062 1063[33-client-auth-DTLSv1-noroot-client] 1064Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1065CipherString = DEFAULT:@SECLEVEL=0 1066MaxProtocol = DTLSv1 1067MinProtocol = DTLSv1 1068PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1069VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1070VerifyMode = Peer 1071 1072[test-33] 1073ExpectedResult = ServerFail 1074ExpectedServerAlert = UnknownCA 1075Method = DTLS 1076 1077 1078# =========================================================== 1079 1080[34-server-auth-DTLSv1.2] 1081ssl_conf = 34-server-auth-DTLSv1.2-ssl 1082 1083[34-server-auth-DTLSv1.2-ssl] 1084server = 34-server-auth-DTLSv1.2-server 1085client = 34-server-auth-DTLSv1.2-client 1086 1087[34-server-auth-DTLSv1.2-server] 1088Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1089CipherString = DEFAULT:@SECLEVEL=0 1090MaxProtocol = DTLSv1.2 1091MinProtocol = DTLSv1.2 1092PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1093 1094[34-server-auth-DTLSv1.2-client] 1095CipherString = DEFAULT:@SECLEVEL=0 1096MaxProtocol = DTLSv1.2 1097MinProtocol = DTLSv1.2 1098VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1099VerifyMode = Peer 1100 1101[test-34] 1102ExpectedResult = Success 1103Method = DTLS 1104 1105 1106# =========================================================== 1107 1108[35-client-auth-DTLSv1.2-request] 1109ssl_conf = 35-client-auth-DTLSv1.2-request-ssl 1110 1111[35-client-auth-DTLSv1.2-request-ssl] 1112server = 35-client-auth-DTLSv1.2-request-server 1113client = 35-client-auth-DTLSv1.2-request-client 1114 1115[35-client-auth-DTLSv1.2-request-server] 1116Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1117CipherString = DEFAULT:@SECLEVEL=0 1118MaxProtocol = DTLSv1.2 1119MinProtocol = DTLSv1.2 1120PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1121VerifyMode = Request 1122 1123[35-client-auth-DTLSv1.2-request-client] 1124CipherString = DEFAULT:@SECLEVEL=0 1125MaxProtocol = DTLSv1.2 1126MinProtocol = DTLSv1.2 1127VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1128VerifyMode = Peer 1129 1130[test-35] 1131ExpectedResult = Success 1132Method = DTLS 1133 1134 1135# =========================================================== 1136 1137[36-client-auth-DTLSv1.2-require-fail] 1138ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl 1139 1140[36-client-auth-DTLSv1.2-require-fail-ssl] 1141server = 36-client-auth-DTLSv1.2-require-fail-server 1142client = 36-client-auth-DTLSv1.2-require-fail-client 1143 1144[36-client-auth-DTLSv1.2-require-fail-server] 1145Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1146CipherString = DEFAULT:@SECLEVEL=0 1147MaxProtocol = DTLSv1.2 1148MinProtocol = DTLSv1.2 1149PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1150VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1151VerifyMode = Require 1152 1153[36-client-auth-DTLSv1.2-require-fail-client] 1154CipherString = DEFAULT:@SECLEVEL=0 1155MaxProtocol = DTLSv1.2 1156MinProtocol = DTLSv1.2 1157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1158VerifyMode = Peer 1159 1160[test-36] 1161ExpectedResult = ServerFail 1162ExpectedServerAlert = HandshakeFailure 1163Method = DTLS 1164 1165 1166# =========================================================== 1167 1168[37-client-auth-DTLSv1.2-require] 1169ssl_conf = 37-client-auth-DTLSv1.2-require-ssl 1170 1171[37-client-auth-DTLSv1.2-require-ssl] 1172server = 37-client-auth-DTLSv1.2-require-server 1173client = 37-client-auth-DTLSv1.2-require-client 1174 1175[37-client-auth-DTLSv1.2-require-server] 1176Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1177CipherString = DEFAULT:@SECLEVEL=0 1178MaxProtocol = DTLSv1.2 1179MinProtocol = DTLSv1.2 1180PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1181VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1182VerifyMode = Request 1183 1184[37-client-auth-DTLSv1.2-require-client] 1185Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1186CipherString = DEFAULT:@SECLEVEL=0 1187MaxProtocol = DTLSv1.2 1188MinProtocol = DTLSv1.2 1189PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1190VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1191VerifyMode = Peer 1192 1193[test-37] 1194ExpectedClientCANames = empty 1195ExpectedClientCertType = RSA 1196ExpectedResult = Success 1197Method = DTLS 1198 1199 1200# =========================================================== 1201 1202[38-client-auth-DTLSv1.2-require-non-empty-names] 1203ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl 1204 1205[38-client-auth-DTLSv1.2-require-non-empty-names-ssl] 1206server = 38-client-auth-DTLSv1.2-require-non-empty-names-server 1207client = 38-client-auth-DTLSv1.2-require-non-empty-names-client 1208 1209[38-client-auth-DTLSv1.2-require-non-empty-names-server] 1210Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1211CipherString = DEFAULT:@SECLEVEL=0 1212ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1213MaxProtocol = DTLSv1.2 1214MinProtocol = DTLSv1.2 1215PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1216VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1217VerifyMode = Request 1218 1219[38-client-auth-DTLSv1.2-require-non-empty-names-client] 1220Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1221CipherString = DEFAULT:@SECLEVEL=0 1222MaxProtocol = DTLSv1.2 1223MinProtocol = DTLSv1.2 1224PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1225VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1226VerifyMode = Peer 1227 1228[test-38] 1229ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1230ExpectedClientCertType = RSA 1231ExpectedResult = Success 1232Method = DTLS 1233 1234 1235# =========================================================== 1236 1237[39-client-auth-DTLSv1.2-noroot] 1238ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl 1239 1240[39-client-auth-DTLSv1.2-noroot-ssl] 1241server = 39-client-auth-DTLSv1.2-noroot-server 1242client = 39-client-auth-DTLSv1.2-noroot-client 1243 1244[39-client-auth-DTLSv1.2-noroot-server] 1245Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1246CipherString = DEFAULT:@SECLEVEL=0 1247MaxProtocol = DTLSv1.2 1248MinProtocol = DTLSv1.2 1249PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1250VerifyMode = Require 1251 1252[39-client-auth-DTLSv1.2-noroot-client] 1253Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1254CipherString = DEFAULT:@SECLEVEL=0 1255MaxProtocol = DTLSv1.2 1256MinProtocol = DTLSv1.2 1257PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1258VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1259VerifyMode = Peer 1260 1261[test-39] 1262ExpectedResult = ServerFail 1263ExpectedServerAlert = UnknownCA 1264Method = DTLS 1265 1266 1267
