projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix Client Auth tests
[openssl.git] / test / ssl-tests / 04-client_auth.conf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 20
4
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-noroot
10 test-5 = 5-server-auth-TLSv1
11 test-6 = 6-client-auth-TLSv1-request
12 test-7 = 7-client-auth-TLSv1-require-fail
13 test-8 = 8-client-auth-TLSv1-require
14 test-9 = 9-client-auth-TLSv1-noroot
15 test-10 = 10-server-auth-TLSv1.1
16 test-11 = 11-client-auth-TLSv1.1-request
17 test-12 = 12-client-auth-TLSv1.1-require-fail
18 test-13 = 13-client-auth-TLSv1.1-require
19 test-14 = 14-client-auth-TLSv1.1-noroot
20 test-15 = 15-server-auth-TLSv1.2
21 test-16 = 16-client-auth-TLSv1.2-request
22 test-17 = 17-client-auth-TLSv1.2-require-fail
23 test-18 = 18-client-auth-TLSv1.2-require
24 test-19 = 19-client-auth-TLSv1.2-noroot
25 # ===========================================================
26
27 [0-server-auth-flex]
28 ssl_conf = 0-server-auth-flex-ssl
29
30 [0-server-auth-flex-ssl]
31 server = 0-server-auth-flex-server
32 client = 0-server-auth-flex-client
33
34 [0-server-auth-flex-server]
35 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
36 CipherString = DEFAULT
37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
38
39 [0-server-auth-flex-client]
40 CipherString = DEFAULT
41 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
42 VerifyMode = Peer
43
44 [test-0]
45 ExpectedResult = Success
46
47
48 # ===========================================================
49
50 [1-client-auth-flex-request]
51 ssl_conf = 1-client-auth-flex-request-ssl
52
53 [1-client-auth-flex-request-ssl]
54 server = 1-client-auth-flex-request-server
55 client = 1-client-auth-flex-request-client
56
57 [1-client-auth-flex-request-server]
58 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
59 CipherString = DEFAULT
60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
61 VerifyMode = Request
62
63 [1-client-auth-flex-request-client]
64 CipherString = DEFAULT
65 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
66 VerifyMode = Peer
67
68 [test-1]
69 ExpectedResult = Success
70
71
72 # ===========================================================
73
74 [2-client-auth-flex-require-fail]
75 ssl_conf = 2-client-auth-flex-require-fail-ssl
76
77 [2-client-auth-flex-require-fail-ssl]
78 server = 2-client-auth-flex-require-fail-server
79 client = 2-client-auth-flex-require-fail-client
80
81 [2-client-auth-flex-require-fail-server]
82 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
83 CipherString = DEFAULT
84 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
85 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
86 VerifyMode = Require
87
88 [2-client-auth-flex-require-fail-client]
89 CipherString = DEFAULT
90 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
91 VerifyMode = Peer
92
93 [test-2]
94 ExpectedResult = ServerFail
95 ServerAlert = HandshakeFailure
96
97
98 # ===========================================================
99
100 [3-client-auth-flex-require]
101 ssl_conf = 3-client-auth-flex-require-ssl
102
103 [3-client-auth-flex-require-ssl]
104 server = 3-client-auth-flex-require-server
105 client = 3-client-auth-flex-require-client
106
107 [3-client-auth-flex-require-server]
108 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
109 CipherString = DEFAULT
110 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
111 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
112 VerifyMode = Request
113
114 [3-client-auth-flex-require-client]
115 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
116 CipherString = DEFAULT
117 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
118 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
119 VerifyMode = Peer
120
121 [test-3]
122 ExpectedResult = Success
123
124
125 # ===========================================================
126
127 [4-client-auth-flex-noroot]
128 ssl_conf = 4-client-auth-flex-noroot-ssl
129
130 [4-client-auth-flex-noroot-ssl]
131 server = 4-client-auth-flex-noroot-server
132 client = 4-client-auth-flex-noroot-client
133
134 [4-client-auth-flex-noroot-server]
135 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
136 CipherString = DEFAULT
137 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
138 VerifyMode = Require
139
140 [4-client-auth-flex-noroot-client]
141 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
142 CipherString = DEFAULT
143 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
144 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
145 VerifyMode = Peer
146
147 [test-4]
148 ExpectedResult = ServerFail
149 ServerAlert = UnknownCA
150
151
152 # ===========================================================
153
154 [5-server-auth-TLSv1]
155 ssl_conf = 5-server-auth-TLSv1-ssl
156
157 [5-server-auth-TLSv1-ssl]
158 server = 5-server-auth-TLSv1-server
159 client = 5-server-auth-TLSv1-client
160
161 [5-server-auth-TLSv1-server]
162 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
163 CipherString = DEFAULT
164 MaxProtocol = TLSv1
165 MinProtocol = TLSv1
166 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
167
168 [5-server-auth-TLSv1-client]
169 CipherString = DEFAULT
170 MaxProtocol = TLSv1
171 MinProtocol = TLSv1
172 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
173 VerifyMode = Peer
174
175 [test-5]
176 ExpectedResult = Success
177
178
179 # ===========================================================
180
181 [6-client-auth-TLSv1-request]
182 ssl_conf = 6-client-auth-TLSv1-request-ssl
183
184 [6-client-auth-TLSv1-request-ssl]
185 server = 6-client-auth-TLSv1-request-server
186 client = 6-client-auth-TLSv1-request-client
187
188 [6-client-auth-TLSv1-request-server]
189 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
190 CipherString = DEFAULT
191 MaxProtocol = TLSv1
192 MinProtocol = TLSv1
193 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
194 VerifyMode = Request
195
196 [6-client-auth-TLSv1-request-client]
197 CipherString = DEFAULT
198 MaxProtocol = TLSv1
199 MinProtocol = TLSv1
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201 VerifyMode = Peer
202
203 [test-6]
204 ExpectedResult = Success
205
206
207 # ===========================================================
208
209 [7-client-auth-TLSv1-require-fail]
210 ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
211
212 [7-client-auth-TLSv1-require-fail-ssl]
213 server = 7-client-auth-TLSv1-require-fail-server
214 client = 7-client-auth-TLSv1-require-fail-client
215
216 [7-client-auth-TLSv1-require-fail-server]
217 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
218 CipherString = DEFAULT
219 MaxProtocol = TLSv1
220 MinProtocol = TLSv1
221 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
222 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
223 VerifyMode = Require
224
225 [7-client-auth-TLSv1-require-fail-client]
226 CipherString = DEFAULT
227 MaxProtocol = TLSv1
228 MinProtocol = TLSv1
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230 VerifyMode = Peer
231
232 [test-7]
233 ExpectedResult = ServerFail
234 ServerAlert = HandshakeFailure
235
236
237 # ===========================================================
238
239 [8-client-auth-TLSv1-require]
240 ssl_conf = 8-client-auth-TLSv1-require-ssl
241
242 [8-client-auth-TLSv1-require-ssl]
243 server = 8-client-auth-TLSv1-require-server
244 client = 8-client-auth-TLSv1-require-client
245
246 [8-client-auth-TLSv1-require-server]
247 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248 CipherString = DEFAULT
249 MaxProtocol = TLSv1
250 MinProtocol = TLSv1
251 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253 VerifyMode = Request
254
255 [8-client-auth-TLSv1-require-client]
256 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
257 CipherString = DEFAULT
258 MaxProtocol = TLSv1
259 MinProtocol = TLSv1
260 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
261 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
262 VerifyMode = Peer
263
264 [test-8]
265 ExpectedResult = Success
266
267
268 # ===========================================================
269
270 [9-client-auth-TLSv1-noroot]
271 ssl_conf = 9-client-auth-TLSv1-noroot-ssl
272
273 [9-client-auth-TLSv1-noroot-ssl]
274 server = 9-client-auth-TLSv1-noroot-server
275 client = 9-client-auth-TLSv1-noroot-client
276
277 [9-client-auth-TLSv1-noroot-server]
278 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
279 CipherString = DEFAULT
280 MaxProtocol = TLSv1
281 MinProtocol = TLSv1
282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283 VerifyMode = Require
284
285 [9-client-auth-TLSv1-noroot-client]
286 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
287 CipherString = DEFAULT
288 MaxProtocol = TLSv1
289 MinProtocol = TLSv1
290 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
291 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
292 VerifyMode = Peer
293
294 [test-9]
295 ExpectedResult = ServerFail
296 ServerAlert = UnknownCA
297
298
299 # ===========================================================
300
301 [10-server-auth-TLSv1.1]
302 ssl_conf = 10-server-auth-TLSv1.1-ssl
303
304 [10-server-auth-TLSv1.1-ssl]
305 server = 10-server-auth-TLSv1.1-server
306 client = 10-server-auth-TLSv1.1-client
307
308 [10-server-auth-TLSv1.1-server]
309 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
310 CipherString = DEFAULT
311 MaxProtocol = TLSv1.1
312 MinProtocol = TLSv1.1
313 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
314
315 [10-server-auth-TLSv1.1-client]
316 CipherString = DEFAULT
317 MaxProtocol = TLSv1.1
318 MinProtocol = TLSv1.1
319 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
320 VerifyMode = Peer
321
322 [test-10]
323 ExpectedResult = Success
324
325
326 # ===========================================================
327
328 [11-client-auth-TLSv1.1-request]
329 ssl_conf = 11-client-auth-TLSv1.1-request-ssl
330
331 [11-client-auth-TLSv1.1-request-ssl]
332 server = 11-client-auth-TLSv1.1-request-server
333 client = 11-client-auth-TLSv1.1-request-client
334
335 [11-client-auth-TLSv1.1-request-server]
336 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
337 CipherString = DEFAULT
338 MaxProtocol = TLSv1.1
339 MinProtocol = TLSv1.1
340 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
341 VerifyMode = Request
342
343 [11-client-auth-TLSv1.1-request-client]
344 CipherString = DEFAULT
345 MaxProtocol = TLSv1.1
346 MinProtocol = TLSv1.1
347 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
348 VerifyMode = Peer
349
350 [test-11]
351 ExpectedResult = Success
352
353
354 # ===========================================================
355
356 [12-client-auth-TLSv1.1-require-fail]
357 ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
358
359 [12-client-auth-TLSv1.1-require-fail-ssl]
360 server = 12-client-auth-TLSv1.1-require-fail-server
361 client = 12-client-auth-TLSv1.1-require-fail-client
362
363 [12-client-auth-TLSv1.1-require-fail-server]
364 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
365 CipherString = DEFAULT
366 MaxProtocol = TLSv1.1
367 MinProtocol = TLSv1.1
368 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
369 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
370 VerifyMode = Require
371
372 [12-client-auth-TLSv1.1-require-fail-client]
373 CipherString = DEFAULT
374 MaxProtocol = TLSv1.1
375 MinProtocol = TLSv1.1
376 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
377 VerifyMode = Peer
378
379 [test-12]
380 ExpectedResult = ServerFail
381 ServerAlert = HandshakeFailure
382
383
384 # ===========================================================
385
386 [13-client-auth-TLSv1.1-require]
387 ssl_conf = 13-client-auth-TLSv1.1-require-ssl
388
389 [13-client-auth-TLSv1.1-require-ssl]
390 server = 13-client-auth-TLSv1.1-require-server
391 client = 13-client-auth-TLSv1.1-require-client
392
393 [13-client-auth-TLSv1.1-require-server]
394 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
395 CipherString = DEFAULT
396 MaxProtocol = TLSv1.1
397 MinProtocol = TLSv1.1
398 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
399 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
400 VerifyMode = Request
401
402 [13-client-auth-TLSv1.1-require-client]
403 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
404 CipherString = DEFAULT
405 MaxProtocol = TLSv1.1
406 MinProtocol = TLSv1.1
407 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
408 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
409 VerifyMode = Peer
410
411 [test-13]
412 ExpectedResult = Success
413
414
415 # ===========================================================
416
417 [14-client-auth-TLSv1.1-noroot]
418 ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
419
420 [14-client-auth-TLSv1.1-noroot-ssl]
421 server = 14-client-auth-TLSv1.1-noroot-server
422 client = 14-client-auth-TLSv1.1-noroot-client
423
424 [14-client-auth-TLSv1.1-noroot-server]
425 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
426 CipherString = DEFAULT
427 MaxProtocol = TLSv1.1
428 MinProtocol = TLSv1.1
429 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
430 VerifyMode = Require
431
432 [14-client-auth-TLSv1.1-noroot-client]
433 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
434 CipherString = DEFAULT
435 MaxProtocol = TLSv1.1
436 MinProtocol = TLSv1.1
437 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
438 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
439 VerifyMode = Peer
440
441 [test-14]
442 ExpectedResult = ServerFail
443 ServerAlert = UnknownCA
444
445
446 # ===========================================================
447
448 [15-server-auth-TLSv1.2]
449 ssl_conf = 15-server-auth-TLSv1.2-ssl
450
451 [15-server-auth-TLSv1.2-ssl]
452 server = 15-server-auth-TLSv1.2-server
453 client = 15-server-auth-TLSv1.2-client
454
455 [15-server-auth-TLSv1.2-server]
456 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
457 CipherString = DEFAULT
458 MaxProtocol = TLSv1.2
459 MinProtocol = TLSv1.2
460 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
461
462 [15-server-auth-TLSv1.2-client]
463 CipherString = DEFAULT
464 MaxProtocol = TLSv1.2
465 MinProtocol = TLSv1.2
466 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
467 VerifyMode = Peer
468
469 [test-15]
470 ExpectedResult = Success
471
472
473 # ===========================================================
474
475 [16-client-auth-TLSv1.2-request]
476 ssl_conf = 16-client-auth-TLSv1.2-request-ssl
477
478 [16-client-auth-TLSv1.2-request-ssl]
479 server = 16-client-auth-TLSv1.2-request-server
480 client = 16-client-auth-TLSv1.2-request-client
481
482 [16-client-auth-TLSv1.2-request-server]
483 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
484 CipherString = DEFAULT
485 MaxProtocol = TLSv1.2
486 MinProtocol = TLSv1.2
487 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
488 VerifyMode = Request
489
490 [16-client-auth-TLSv1.2-request-client]
491 CipherString = DEFAULT
492 MaxProtocol = TLSv1.2
493 MinProtocol = TLSv1.2
494 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
495 VerifyMode = Peer
496
497 [test-16]
498 ExpectedResult = Success
499
500
501 # ===========================================================
502
503 [17-client-auth-TLSv1.2-require-fail]
504 ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
505
506 [17-client-auth-TLSv1.2-require-fail-ssl]
507 server = 17-client-auth-TLSv1.2-require-fail-server
508 client = 17-client-auth-TLSv1.2-require-fail-client
509
510 [17-client-auth-TLSv1.2-require-fail-server]
511 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512 CipherString = DEFAULT
513 MaxProtocol = TLSv1.2
514 MinProtocol = TLSv1.2
515 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
516 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
517 VerifyMode = Require
518
519 [17-client-auth-TLSv1.2-require-fail-client]
520 CipherString = DEFAULT
521 MaxProtocol = TLSv1.2
522 MinProtocol = TLSv1.2
523 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
524 VerifyMode = Peer
525
526 [test-17]
527 ExpectedResult = ServerFail
528 ServerAlert = HandshakeFailure
529
530
531 # ===========================================================
532
533 [18-client-auth-TLSv1.2-require]
534 ssl_conf = 18-client-auth-TLSv1.2-require-ssl
535
536 [18-client-auth-TLSv1.2-require-ssl]
537 server = 18-client-auth-TLSv1.2-require-server
538 client = 18-client-auth-TLSv1.2-require-client
539
540 [18-client-auth-TLSv1.2-require-server]
541 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
542 CipherString = DEFAULT
543 MaxProtocol = TLSv1.2
544 MinProtocol = TLSv1.2
545 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
546 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
547 VerifyMode = Request
548
549 [18-client-auth-TLSv1.2-require-client]
550 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
551 CipherString = DEFAULT
552 MaxProtocol = TLSv1.2
553 MinProtocol = TLSv1.2
554 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
555 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
556 VerifyMode = Peer
557
558 [test-18]
559 ExpectedResult = Success
560
561
562 # ===========================================================
563
564 [19-client-auth-TLSv1.2-noroot]
565 ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
566
567 [19-client-auth-TLSv1.2-noroot-ssl]
568 server = 19-client-auth-TLSv1.2-noroot-server
569 client = 19-client-auth-TLSv1.2-noroot-client
570
571 [19-client-auth-TLSv1.2-noroot-server]
572 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
573 CipherString = DEFAULT
574 MaxProtocol = TLSv1.2
575 MinProtocol = TLSv1.2
576 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
577 VerifyMode = Require
578
579 [19-client-auth-TLSv1.2-noroot-client]
580 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
581 CipherString = DEFAULT
582 MaxProtocol = TLSv1.2
583 MinProtocol = TLSv1.2
584 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
585 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
586 VerifyMode = Peer
587
588 [test-19]
589 ExpectedResult = ServerFail
590 ServerAlert = UnknownCA
591
592
Unnamed repository; edit this file 'description' to name the repository.