1# Generated with generate_ssl_tests.pl 2 3num_tests = 14 4 5test-0 = 0-server-auth-TLSv1.3 6test-1 = 1-client-auth-TLSv1.3-request 7test-2 = 2-client-auth-TLSv1.3-require-fail 8test-3 = 3-client-auth-TLSv1.3-require 9test-4 = 4-client-auth-TLSv1.3-require-non-empty-names 10test-5 = 5-client-auth-TLSv1.3-noroot 11test-6 = 6-client-auth-TLSv1.3-request-post-handshake 12test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake 13test-8 = 8-client-auth-TLSv1.3-require-post-handshake 14test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake 15test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake 16test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake 17test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake 18test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake 19# =========================================================== 20 21[0-server-auth-TLSv1.3] 22ssl_conf = 0-server-auth-TLSv1.3-ssl 23 24[0-server-auth-TLSv1.3-ssl] 25server = 0-server-auth-TLSv1.3-server 26client = 0-server-auth-TLSv1.3-client 27 28[0-server-auth-TLSv1.3-server] 29Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 30CipherString = DEFAULT 31MaxProtocol = TLSv1.3 32MinProtocol = TLSv1.3 33PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 34 35[0-server-auth-TLSv1.3-client] 36CipherString = DEFAULT 37MaxProtocol = TLSv1.3 38MinProtocol = TLSv1.3 39VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 40VerifyMode = Peer 41 42[test-0] 43ExpectedResult = Success 44 45 46# =========================================================== 47 48[1-client-auth-TLSv1.3-request] 49ssl_conf = 1-client-auth-TLSv1.3-request-ssl 50 51[1-client-auth-TLSv1.3-request-ssl] 52server = 1-client-auth-TLSv1.3-request-server 53client = 1-client-auth-TLSv1.3-request-client 54 55[1-client-auth-TLSv1.3-request-server] 56Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 57CipherString = DEFAULT 58MaxProtocol = TLSv1.3 59MinProtocol = TLSv1.3 60PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 61VerifyMode = Request 62 63[1-client-auth-TLSv1.3-request-client] 64CipherString = DEFAULT 65MaxProtocol = TLSv1.3 66MinProtocol = TLSv1.3 67VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 68VerifyMode = Peer 69 70[test-1] 71ExpectedResult = Success 72 73 74# =========================================================== 75 76[2-client-auth-TLSv1.3-require-fail] 77ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl 78 79[2-client-auth-TLSv1.3-require-fail-ssl] 80server = 2-client-auth-TLSv1.3-require-fail-server 81client = 2-client-auth-TLSv1.3-require-fail-client 82 83[2-client-auth-TLSv1.3-require-fail-server] 84Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 85CipherString = DEFAULT 86MaxProtocol = TLSv1.3 87MinProtocol = TLSv1.3 88PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 89VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 90VerifyMode = Require 91 92[2-client-auth-TLSv1.3-require-fail-client] 93CipherString = DEFAULT 94MaxProtocol = TLSv1.3 95MinProtocol = TLSv1.3 96VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 97VerifyMode = Peer 98 99[test-2] 100ExpectedResult = ServerFail 101ExpectedServerAlert = CertificateRequired 102 103 104# =========================================================== 105 106[3-client-auth-TLSv1.3-require] 107ssl_conf = 3-client-auth-TLSv1.3-require-ssl 108 109[3-client-auth-TLSv1.3-require-ssl] 110server = 3-client-auth-TLSv1.3-require-server 111client = 3-client-auth-TLSv1.3-require-client 112 113[3-client-auth-TLSv1.3-require-server] 114Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 115CipherString = DEFAULT 116ClientSignatureAlgorithms = PSS+SHA256 117MaxProtocol = TLSv1.3 118MinProtocol = TLSv1.3 119PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 120VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 121VerifyMode = Request 122 123[3-client-auth-TLSv1.3-require-client] 124Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 125CipherString = DEFAULT 126MaxProtocol = TLSv1.3 127MinProtocol = TLSv1.3 128PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 129VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 130VerifyMode = Peer 131 132[test-3] 133ExpectedClientCANames = empty 134ExpectedClientCertType = RSA 135ExpectedClientSignHash = SHA256 136ExpectedClientSignType = RSA-PSS 137ExpectedResult = Success 138 139 140# =========================================================== 141 142[4-client-auth-TLSv1.3-require-non-empty-names] 143ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl 144 145[4-client-auth-TLSv1.3-require-non-empty-names-ssl] 146server = 4-client-auth-TLSv1.3-require-non-empty-names-server 147client = 4-client-auth-TLSv1.3-require-non-empty-names-client 148 149[4-client-auth-TLSv1.3-require-non-empty-names-server] 150Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 151CipherString = DEFAULT 152ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 153ClientSignatureAlgorithms = PSS+SHA256 154MaxProtocol = TLSv1.3 155MinProtocol = TLSv1.3 156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158VerifyMode = Request 159 160[4-client-auth-TLSv1.3-require-non-empty-names-client] 161Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162CipherString = DEFAULT 163MaxProtocol = TLSv1.3 164MinProtocol = TLSv1.3 165PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 166VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 167VerifyMode = Peer 168 169[test-4] 170ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 171ExpectedClientCertType = RSA 172ExpectedClientSignHash = SHA256 173ExpectedClientSignType = RSA-PSS 174ExpectedResult = Success 175 176 177# =========================================================== 178 179[5-client-auth-TLSv1.3-noroot] 180ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl 181 182[5-client-auth-TLSv1.3-noroot-ssl] 183server = 5-client-auth-TLSv1.3-noroot-server 184client = 5-client-auth-TLSv1.3-noroot-client 185 186[5-client-auth-TLSv1.3-noroot-server] 187Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 188CipherString = DEFAULT 189MaxProtocol = TLSv1.3 190MinProtocol = TLSv1.3 191PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 192VerifyMode = Require 193 194[5-client-auth-TLSv1.3-noroot-client] 195Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 196CipherString = DEFAULT 197MaxProtocol = TLSv1.3 198MinProtocol = TLSv1.3 199PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 200VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 201VerifyMode = Peer 202 203[test-5] 204ExpectedResult = ServerFail 205ExpectedServerAlert = UnknownCA 206 207 208# =========================================================== 209 210[6-client-auth-TLSv1.3-request-post-handshake] 211ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl 212 213[6-client-auth-TLSv1.3-request-post-handshake-ssl] 214server = 6-client-auth-TLSv1.3-request-post-handshake-server 215client = 6-client-auth-TLSv1.3-request-post-handshake-client 216 217[6-client-auth-TLSv1.3-request-post-handshake-server] 218Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 219CipherString = DEFAULT 220MaxProtocol = TLSv1.3 221MinProtocol = TLSv1.3 222PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 223VerifyMode = RequestPostHandshake 224 225[6-client-auth-TLSv1.3-request-post-handshake-client] 226CipherString = DEFAULT 227MaxProtocol = TLSv1.3 228MinProtocol = TLSv1.3 229VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 230VerifyMode = Peer 231 232[test-6] 233ExpectedResult = ServerFail 234HandshakeMode = PostHandshakeAuth 235 236 237# =========================================================== 238 239[7-client-auth-TLSv1.3-require-fail-post-handshake] 240ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl 241 242[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] 243server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server 244client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client 245 246[7-client-auth-TLSv1.3-require-fail-post-handshake-server] 247Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 248CipherString = DEFAULT 249MaxProtocol = TLSv1.3 250MinProtocol = TLSv1.3 251PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 252VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 253VerifyMode = RequirePostHandshake 254 255[7-client-auth-TLSv1.3-require-fail-post-handshake-client] 256CipherString = DEFAULT 257MaxProtocol = TLSv1.3 258MinProtocol = TLSv1.3 259VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 260VerifyMode = Peer 261 262[test-7] 263ExpectedResult = ServerFail 264HandshakeMode = PostHandshakeAuth 265 266 267# =========================================================== 268 269[8-client-auth-TLSv1.3-require-post-handshake] 270ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl 271 272[8-client-auth-TLSv1.3-require-post-handshake-ssl] 273server = 8-client-auth-TLSv1.3-require-post-handshake-server 274client = 8-client-auth-TLSv1.3-require-post-handshake-client 275 276[8-client-auth-TLSv1.3-require-post-handshake-server] 277Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 278CipherString = DEFAULT 279ClientSignatureAlgorithms = PSS+SHA256 280MaxProtocol = TLSv1.3 281MinProtocol = TLSv1.3 282PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 283VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 284VerifyMode = RequestPostHandshake 285 286[8-client-auth-TLSv1.3-require-post-handshake-client] 287Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 288CipherString = DEFAULT 289MaxProtocol = TLSv1.3 290MinProtocol = TLSv1.3 291PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 292VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 293VerifyMode = Peer 294 295[test-8] 296ExpectedClientCANames = empty 297ExpectedClientCertType = RSA 298ExpectedClientSignHash = SHA256 299ExpectedClientSignType = RSA-PSS 300ExpectedResult = Success 301HandshakeMode = PostHandshakeAuth 302client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra 303 304[8-client-auth-TLSv1.3-require-post-handshake-client-extra] 305EnablePHA = Yes 306 307 308# =========================================================== 309 310[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] 311ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl 312 313[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] 314server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server 315client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client 316 317[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] 318Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 319CipherString = DEFAULT 320ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 321ClientSignatureAlgorithms = PSS+SHA256 322MaxProtocol = TLSv1.3 323MinProtocol = TLSv1.3 324PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 325VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 326VerifyMode = RequestPostHandshake 327 328[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] 329Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 330CipherString = DEFAULT 331MaxProtocol = TLSv1.3 332MinProtocol = TLSv1.3 333PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 334VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 335VerifyMode = Peer 336 337[test-9] 338ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 339ExpectedClientCertType = RSA 340ExpectedClientSignHash = SHA256 341ExpectedClientSignType = RSA-PSS 342ExpectedResult = Success 343HandshakeMode = PostHandshakeAuth 344client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra 345 346[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] 347EnablePHA = Yes 348 349 350# =========================================================== 351 352[10-client-auth-TLSv1.3-noroot-post-handshake] 353ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl 354 355[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] 356server = 10-client-auth-TLSv1.3-noroot-post-handshake-server 357client = 10-client-auth-TLSv1.3-noroot-post-handshake-client 358 359[10-client-auth-TLSv1.3-noroot-post-handshake-server] 360Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 361CipherString = DEFAULT 362MaxProtocol = TLSv1.3 363MinProtocol = TLSv1.3 364PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 365VerifyMode = RequirePostHandshake 366 367[10-client-auth-TLSv1.3-noroot-post-handshake-client] 368Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 369CipherString = DEFAULT 370MaxProtocol = TLSv1.3 371MinProtocol = TLSv1.3 372PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 373VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 374VerifyMode = Peer 375 376[test-10] 377ExpectedResult = ServerFail 378ExpectedServerAlert = UnknownCA 379HandshakeMode = PostHandshakeAuth 380client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra 381 382[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] 383EnablePHA = Yes 384 385 386# =========================================================== 387 388[11-client-auth-TLSv1.3-request-force-client-post-handshake] 389ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl 390 391[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] 392server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server 393client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client 394 395[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] 396Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 397CipherString = DEFAULT 398MaxProtocol = TLSv1.3 399MinProtocol = TLSv1.3 400PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 401VerifyMode = RequestPostHandshake 402 403[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] 404CipherString = DEFAULT 405MaxProtocol = TLSv1.3 406MinProtocol = TLSv1.3 407VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 408VerifyMode = Peer 409 410[test-11] 411ExpectedResult = Success 412HandshakeMode = PostHandshakeAuth 413client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra 414 415[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] 416EnablePHA = Yes 417 418 419# =========================================================== 420 421[12-client-auth-TLSv1.3-request-force-server-post-handshake] 422ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl 423 424[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] 425server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server 426client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client 427 428[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] 429Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 430CipherString = DEFAULT 431MaxProtocol = TLSv1.3 432MinProtocol = TLSv1.3 433PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 434VerifyMode = RequestPostHandshake 435 436[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] 437CipherString = DEFAULT 438MaxProtocol = TLSv1.3 439MinProtocol = TLSv1.3 440VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 441VerifyMode = Peer 442 443[test-12] 444ExpectedResult = ClientFail 445HandshakeMode = PostHandshakeAuth 446server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra 447 448[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] 449ForcePHA = Yes 450 451 452# =========================================================== 453 454[13-client-auth-TLSv1.3-request-force-both-post-handshake] 455ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl 456 457[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] 458server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server 459client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client 460 461[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] 462Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 463CipherString = DEFAULT 464MaxProtocol = TLSv1.3 465MinProtocol = TLSv1.3 466PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 467VerifyMode = RequestPostHandshake 468 469[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] 470CipherString = DEFAULT 471MaxProtocol = TLSv1.3 472MinProtocol = TLSv1.3 473VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 474VerifyMode = Peer 475 476[test-13] 477ExpectedResult = Success 478HandshakeMode = PostHandshakeAuth 479server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra 480client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra 481 482[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] 483ForcePHA = Yes 484 485[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] 486EnablePHA = Yes 487 488 489
