projects / openssl.git / blob
? search:


96024884d99ccd4c742f268b4c4a4a924998ed6f
[openssl.git] / test / ssl-tests / 04-client_auth.conf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 20
4
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-noroot
10 test-5 = 5-server-auth-TLSv1
11 test-6 = 6-client-auth-TLSv1-request
12 test-7 = 7-client-auth-TLSv1-require-fail
13 test-8 = 8-client-auth-TLSv1-require
14 test-9 = 9-client-auth-TLSv1-noroot
15 test-10 = 10-server-auth-TLSv1.1
16 test-11 = 11-client-auth-TLSv1.1-request
17 test-12 = 12-client-auth-TLSv1.1-require-fail
18 test-13 = 13-client-auth-TLSv1.1-require
19 test-14 = 14-client-auth-TLSv1.1-noroot
20 test-15 = 15-server-auth-TLSv1.2
21 test-16 = 16-client-auth-TLSv1.2-request
22 test-17 = 17-client-auth-TLSv1.2-require-fail
23 test-18 = 18-client-auth-TLSv1.2-require
24 test-19 = 19-client-auth-TLSv1.2-noroot
25 # ===========================================================
26
27 [0-server-auth-flex]
28 ssl_conf = 0-server-auth-flex-ssl
29
30 [0-server-auth-flex-ssl]
31 server = 0-server-auth-flex-server
32 client = 0-server-auth-flex-client
33
34 [0-server-auth-flex-server]
35 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
36 CipherString = DEFAULT
37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
38
39 [0-server-auth-flex-client]
40 CipherString = DEFAULT
41 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
42 VerifyMode = Peer
43
44 [test-0]
45 ExpectedResult = Success
46
47
48 # ===========================================================
49
50 [1-client-auth-flex-request]
51 ssl_conf = 1-client-auth-flex-request-ssl
52
53 [1-client-auth-flex-request-ssl]
54 server = 1-client-auth-flex-request-server
55 client = 1-client-auth-flex-request-client
56
57 [1-client-auth-flex-request-server]
58 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
59 CipherString = DEFAULT
60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
61 VerifyMode = Request
62
63 [1-client-auth-flex-request-client]
64 CipherString = DEFAULT
65 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
66 VerifyMode = Peer
67
68 [test-1]
69 ExpectedResult = Success
70
71
72 # ===========================================================
73
74 [2-client-auth-flex-require-fail]
75 ssl_conf = 2-client-auth-flex-require-fail-ssl
76
77 [2-client-auth-flex-require-fail-ssl]
78 server = 2-client-auth-flex-require-fail-server
79 client = 2-client-auth-flex-require-fail-client
80
81 [2-client-auth-flex-require-fail-server]
82 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
83 CipherString = DEFAULT
84 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
85 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
86 VerifyMode = Require
87
88 [2-client-auth-flex-require-fail-client]
89 CipherString = DEFAULT
90 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
91 VerifyMode = Peer
92
93 [test-2]
94 ExpectedResult = ServerFail
95 ExpectedServerAlert = HandshakeFailure
96
97
98 # ===========================================================
99
100 [3-client-auth-flex-require]
101 ssl_conf = 3-client-auth-flex-require-ssl
102
103 [3-client-auth-flex-require-ssl]
104 server = 3-client-auth-flex-require-server
105 client = 3-client-auth-flex-require-client
106
107 [3-client-auth-flex-require-server]
108 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
109 CipherString = DEFAULT
110 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
111 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
112 VerifyMode = Request
113
114 [3-client-auth-flex-require-client]
115 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
116 CipherString = DEFAULT
117 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
118 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
119 VerifyMode = Peer
120
121 [test-3]
122 ExpectedClientCertType = RSA
123 ExpectedResult = Success
124
125
126 # ===========================================================
127
128 [4-client-auth-flex-noroot]
129 ssl_conf = 4-client-auth-flex-noroot-ssl
130
131 [4-client-auth-flex-noroot-ssl]
132 server = 4-client-auth-flex-noroot-server
133 client = 4-client-auth-flex-noroot-client
134
135 [4-client-auth-flex-noroot-server]
136 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
137 CipherString = DEFAULT
138 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
139 VerifyMode = Require
140
141 [4-client-auth-flex-noroot-client]
142 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
143 CipherString = DEFAULT
144 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
145 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
146 VerifyMode = Peer
147
148 [test-4]
149 ExpectedResult = ServerFail
150 ExpectedServerAlert = UnknownCA
151
152
153 # ===========================================================
154
155 [5-server-auth-TLSv1]
156 ssl_conf = 5-server-auth-TLSv1-ssl
157
158 [5-server-auth-TLSv1-ssl]
159 server = 5-server-auth-TLSv1-server
160 client = 5-server-auth-TLSv1-client
161
162 [5-server-auth-TLSv1-server]
163 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
164 CipherString = DEFAULT
165 MaxProtocol = TLSv1
166 MinProtocol = TLSv1
167 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
168
169 [5-server-auth-TLSv1-client]
170 CipherString = DEFAULT
171 MaxProtocol = TLSv1
172 MinProtocol = TLSv1
173 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
174 VerifyMode = Peer
175
176 [test-5]
177 ExpectedResult = Success
178
179
180 # ===========================================================
181
182 [6-client-auth-TLSv1-request]
183 ssl_conf = 6-client-auth-TLSv1-request-ssl
184
185 [6-client-auth-TLSv1-request-ssl]
186 server = 6-client-auth-TLSv1-request-server
187 client = 6-client-auth-TLSv1-request-client
188
189 [6-client-auth-TLSv1-request-server]
190 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
191 CipherString = DEFAULT
192 MaxProtocol = TLSv1
193 MinProtocol = TLSv1
194 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
195 VerifyMode = Request
196
197 [6-client-auth-TLSv1-request-client]
198 CipherString = DEFAULT
199 MaxProtocol = TLSv1
200 MinProtocol = TLSv1
201 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
202 VerifyMode = Peer
203
204 [test-6]
205 ExpectedResult = Success
206
207
208 # ===========================================================
209
210 [7-client-auth-TLSv1-require-fail]
211 ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
212
213 [7-client-auth-TLSv1-require-fail-ssl]
214 server = 7-client-auth-TLSv1-require-fail-server
215 client = 7-client-auth-TLSv1-require-fail-client
216
217 [7-client-auth-TLSv1-require-fail-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT
220 MaxProtocol = TLSv1
221 MinProtocol = TLSv1
222 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
224 VerifyMode = Require
225
226 [7-client-auth-TLSv1-require-fail-client]
227 CipherString = DEFAULT
228 MaxProtocol = TLSv1
229 MinProtocol = TLSv1
230 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
231 VerifyMode = Peer
232
233 [test-7]
234 ExpectedResult = ServerFail
235 ExpectedServerAlert = HandshakeFailure
236
237
238 # ===========================================================
239
240 [8-client-auth-TLSv1-require]
241 ssl_conf = 8-client-auth-TLSv1-require-ssl
242
243 [8-client-auth-TLSv1-require-ssl]
244 server = 8-client-auth-TLSv1-require-server
245 client = 8-client-auth-TLSv1-require-client
246
247 [8-client-auth-TLSv1-require-server]
248 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
249 CipherString = DEFAULT
250 MaxProtocol = TLSv1
251 MinProtocol = TLSv1
252 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
253 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
254 VerifyMode = Request
255
256 [8-client-auth-TLSv1-require-client]
257 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
258 CipherString = DEFAULT
259 MaxProtocol = TLSv1
260 MinProtocol = TLSv1
261 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
262 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
263 VerifyMode = Peer
264
265 [test-8]
266 ExpectedClientCertType = RSA
267 ExpectedResult = Success
268
269
270 # ===========================================================
271
272 [9-client-auth-TLSv1-noroot]
273 ssl_conf = 9-client-auth-TLSv1-noroot-ssl
274
275 [9-client-auth-TLSv1-noroot-ssl]
276 server = 9-client-auth-TLSv1-noroot-server
277 client = 9-client-auth-TLSv1-noroot-client
278
279 [9-client-auth-TLSv1-noroot-server]
280 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
281 CipherString = DEFAULT
282 MaxProtocol = TLSv1
283 MinProtocol = TLSv1
284 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
285 VerifyMode = Require
286
287 [9-client-auth-TLSv1-noroot-client]
288 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
289 CipherString = DEFAULT
290 MaxProtocol = TLSv1
291 MinProtocol = TLSv1
292 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
293 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
294 VerifyMode = Peer
295
296 [test-9]
297 ExpectedResult = ServerFail
298 ExpectedServerAlert = UnknownCA
299
300
301 # ===========================================================
302
303 [10-server-auth-TLSv1.1]
304 ssl_conf = 10-server-auth-TLSv1.1-ssl
305
306 [10-server-auth-TLSv1.1-ssl]
307 server = 10-server-auth-TLSv1.1-server
308 client = 10-server-auth-TLSv1.1-client
309
310 [10-server-auth-TLSv1.1-server]
311 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
312 CipherString = DEFAULT
313 MaxProtocol = TLSv1.1
314 MinProtocol = TLSv1.1
315 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
316
317 [10-server-auth-TLSv1.1-client]
318 CipherString = DEFAULT
319 MaxProtocol = TLSv1.1
320 MinProtocol = TLSv1.1
321 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
322 VerifyMode = Peer
323
324 [test-10]
325 ExpectedResult = Success
326
327
328 # ===========================================================
329
330 [11-client-auth-TLSv1.1-request]
331 ssl_conf = 11-client-auth-TLSv1.1-request-ssl
332
333 [11-client-auth-TLSv1.1-request-ssl]
334 server = 11-client-auth-TLSv1.1-request-server
335 client = 11-client-auth-TLSv1.1-request-client
336
337 [11-client-auth-TLSv1.1-request-server]
338 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
339 CipherString = DEFAULT
340 MaxProtocol = TLSv1.1
341 MinProtocol = TLSv1.1
342 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
343 VerifyMode = Request
344
345 [11-client-auth-TLSv1.1-request-client]
346 CipherString = DEFAULT
347 MaxProtocol = TLSv1.1
348 MinProtocol = TLSv1.1
349 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
350 VerifyMode = Peer
351
352 [test-11]
353 ExpectedResult = Success
354
355
356 # ===========================================================
357
358 [12-client-auth-TLSv1.1-require-fail]
359 ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
360
361 [12-client-auth-TLSv1.1-require-fail-ssl]
362 server = 12-client-auth-TLSv1.1-require-fail-server
363 client = 12-client-auth-TLSv1.1-require-fail-client
364
365 [12-client-auth-TLSv1.1-require-fail-server]
366 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
367 CipherString = DEFAULT
368 MaxProtocol = TLSv1.1
369 MinProtocol = TLSv1.1
370 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
371 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
372 VerifyMode = Require
373
374 [12-client-auth-TLSv1.1-require-fail-client]
375 CipherString = DEFAULT
376 MaxProtocol = TLSv1.1
377 MinProtocol = TLSv1.1
378 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
379 VerifyMode = Peer
380
381 [test-12]
382 ExpectedResult = ServerFail
383 ExpectedServerAlert = HandshakeFailure
384
385
386 # ===========================================================
387
388 [13-client-auth-TLSv1.1-require]
389 ssl_conf = 13-client-auth-TLSv1.1-require-ssl
390
391 [13-client-auth-TLSv1.1-require-ssl]
392 server = 13-client-auth-TLSv1.1-require-server
393 client = 13-client-auth-TLSv1.1-require-client
394
395 [13-client-auth-TLSv1.1-require-server]
396 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
397 CipherString = DEFAULT
398 MaxProtocol = TLSv1.1
399 MinProtocol = TLSv1.1
400 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
401 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
402 VerifyMode = Request
403
404 [13-client-auth-TLSv1.1-require-client]
405 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
406 CipherString = DEFAULT
407 MaxProtocol = TLSv1.1
408 MinProtocol = TLSv1.1
409 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
410 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
411 VerifyMode = Peer
412
413 [test-13]
414 ExpectedClientCertType = RSA
415 ExpectedResult = Success
416
417
418 # ===========================================================
419
420 [14-client-auth-TLSv1.1-noroot]
421 ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
422
423 [14-client-auth-TLSv1.1-noroot-ssl]
424 server = 14-client-auth-TLSv1.1-noroot-server
425 client = 14-client-auth-TLSv1.1-noroot-client
426
427 [14-client-auth-TLSv1.1-noroot-server]
428 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
429 CipherString = DEFAULT
430 MaxProtocol = TLSv1.1
431 MinProtocol = TLSv1.1
432 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
433 VerifyMode = Require
434
435 [14-client-auth-TLSv1.1-noroot-client]
436 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
437 CipherString = DEFAULT
438 MaxProtocol = TLSv1.1
439 MinProtocol = TLSv1.1
440 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
441 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
442 VerifyMode = Peer
443
444 [test-14]
445 ExpectedResult = ServerFail
446 ExpectedServerAlert = UnknownCA
447
448
449 # ===========================================================
450
451 [15-server-auth-TLSv1.2]
452 ssl_conf = 15-server-auth-TLSv1.2-ssl
453
454 [15-server-auth-TLSv1.2-ssl]
455 server = 15-server-auth-TLSv1.2-server
456 client = 15-server-auth-TLSv1.2-client
457
458 [15-server-auth-TLSv1.2-server]
459 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
460 CipherString = DEFAULT
461 MaxProtocol = TLSv1.2
462 MinProtocol = TLSv1.2
463 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
464
465 [15-server-auth-TLSv1.2-client]
466 CipherString = DEFAULT
467 MaxProtocol = TLSv1.2
468 MinProtocol = TLSv1.2
469 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
470 VerifyMode = Peer
471
472 [test-15]
473 ExpectedResult = Success
474
475
476 # ===========================================================
477
478 [16-client-auth-TLSv1.2-request]
479 ssl_conf = 16-client-auth-TLSv1.2-request-ssl
480
481 [16-client-auth-TLSv1.2-request-ssl]
482 server = 16-client-auth-TLSv1.2-request-server
483 client = 16-client-auth-TLSv1.2-request-client
484
485 [16-client-auth-TLSv1.2-request-server]
486 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
487 CipherString = DEFAULT
488 MaxProtocol = TLSv1.2
489 MinProtocol = TLSv1.2
490 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
491 VerifyMode = Request
492
493 [16-client-auth-TLSv1.2-request-client]
494 CipherString = DEFAULT
495 MaxProtocol = TLSv1.2
496 MinProtocol = TLSv1.2
497 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
498 VerifyMode = Peer
499
500 [test-16]
501 ExpectedResult = Success
502
503
504 # ===========================================================
505
506 [17-client-auth-TLSv1.2-require-fail]
507 ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
508
509 [17-client-auth-TLSv1.2-require-fail-ssl]
510 server = 17-client-auth-TLSv1.2-require-fail-server
511 client = 17-client-auth-TLSv1.2-require-fail-client
512
513 [17-client-auth-TLSv1.2-require-fail-server]
514 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
515 CipherString = DEFAULT
516 MaxProtocol = TLSv1.2
517 MinProtocol = TLSv1.2
518 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
520 VerifyMode = Require
521
522 [17-client-auth-TLSv1.2-require-fail-client]
523 CipherString = DEFAULT
524 MaxProtocol = TLSv1.2
525 MinProtocol = TLSv1.2
526 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
527 VerifyMode = Peer
528
529 [test-17]
530 ExpectedResult = ServerFail
531 ExpectedServerAlert = HandshakeFailure
532
533
534 # ===========================================================
535
536 [18-client-auth-TLSv1.2-require]
537 ssl_conf = 18-client-auth-TLSv1.2-require-ssl
538
539 [18-client-auth-TLSv1.2-require-ssl]
540 server = 18-client-auth-TLSv1.2-require-server
541 client = 18-client-auth-TLSv1.2-require-client
542
543 [18-client-auth-TLSv1.2-require-server]
544 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
545 CipherString = DEFAULT
546 ClientSignatureAlgorithms = SHA256+RSA
547 MaxProtocol = TLSv1.2
548 MinProtocol = TLSv1.2
549 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
550 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
551 VerifyMode = Request
552
553 [18-client-auth-TLSv1.2-require-client]
554 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
555 CipherString = DEFAULT
556 MaxProtocol = TLSv1.2
557 MinProtocol = TLSv1.2
558 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
559 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
560 VerifyMode = Peer
561
562 [test-18]
563 ExpectedClientCertType = RSA
564 ExpectedClientSignHash = SHA256
565 ExpectedClientSignType = RSA
566 ExpectedResult = Success
567
568
569 # ===========================================================
570
571 [19-client-auth-TLSv1.2-noroot]
572 ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
573
574 [19-client-auth-TLSv1.2-noroot-ssl]
575 server = 19-client-auth-TLSv1.2-noroot-server
576 client = 19-client-auth-TLSv1.2-noroot-client
577
578 [19-client-auth-TLSv1.2-noroot-server]
579 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
580 CipherString = DEFAULT
581 MaxProtocol = TLSv1.2
582 MinProtocol = TLSv1.2
583 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
584 VerifyMode = Require
585
586 [19-client-auth-TLSv1.2-noroot-client]
587 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
588 CipherString = DEFAULT
589 MaxProtocol = TLSv1.2
590 MinProtocol = TLSv1.2
591 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
592 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
593 VerifyMode = Peer
594
595 [test-19]
596 ExpectedResult = ServerFail
597 ExpectedServerAlert = UnknownCA
598
599
Unnamed repository; edit this file 'description' to name the repository.