projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update tests for TLS Ed448
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5
6 use strict;
7 use warnings;
8
9 package ssltests;
10 use OpenSSL::Test::Utils;
11
12 my $server = {
13     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15     "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
16     "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
17     "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
18     "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
19     "MaxProtocol" => "TLSv1.2"
20 };
21
22 my $server_pss = {
23     "PSS.Certificate" => test_pem("server-pss-cert.pem"),
24     "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
25     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
26     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
27     "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
28     "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
29     "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
30     "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
31     "MaxProtocol" => "TLSv1.2"
32 };
33
34 my $server_pss_only = {
35     "Certificate" => test_pem("server-pss-cert.pem"),
36     "PrivateKey" => test_pem("server-pss-key.pem"),
37 };
38
39 our @tests = (
40     {
41         name => "ECDSA CipherString Selection",
42         server => $server,
43         client => {
44             "CipherString" => "aECDSA",
45             "MaxProtocol" => "TLSv1.2",
46             "RequestCAFile" => test_pem("root-cert.pem"),
47         },
48         test   => {
49             "ExpectedServerCertType" =>, "P-256",
50             "ExpectedServerSignType" =>, "EC",
51             # Note: certificate_authorities not sent for TLS < 1.3
52             "ExpectedServerCANames" =>, "empty",
53             "ExpectedResult" => "Success"
54         },
55     },
56     {
57         name => "Ed25519 CipherString and Signature Algorithm Selection",
58         server => $server,
59         client => {
60             "CipherString" => "aECDSA",
61             "MaxProtocol" => "TLSv1.2",
62             "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
63             "RequestCAFile" => test_pem("root-cert.pem"),
64         },
65         test   => {
66             "ExpectedServerCertType" =>, "Ed25519",
67             "ExpectedServerSignType" =>, "Ed25519",
68             # Note: certificate_authorities not sent for TLS < 1.3
69             "ExpectedServerCANames" =>, "empty",
70             "ExpectedResult" => "Success"
71         },
72     },
73     {
74         name => "Ed448 CipherString and Signature Algorithm Selection",
75         server => $server,
76         client => {
77             "CipherString" => "aECDSA",
78             "MaxProtocol" => "TLSv1.2",
79             "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
80             "RequestCAFile" => test_pem("root-cert.pem"),
81         },
82         test   => {
83             "ExpectedServerCertType" =>, "Ed448",
84             "ExpectedServerSignType" =>, "Ed448",
85             # Note: certificate_authorities not sent for TLS < 1.3
86             "ExpectedServerCANames" =>, "empty",
87             "ExpectedResult" => "Success"
88         },
89     },
90     {
91         name => "RSA CipherString Selection",
92         server => $server,
93         client => {
94             "CipherString" => "aRSA",
95             "MaxProtocol" => "TLSv1.2",
96         },
97         test   => {
98             "ExpectedServerCertType" =>, "RSA",
99             "ExpectedServerSignType" =>, "RSA-PSS",
100             "ExpectedResult" => "Success"
101         },
102     },
103     {
104         name => "RSA-PSS Certificate CipherString Selection",
105         server => $server_pss,
106         client => {
107             "CipherString" => "aRSA",
108             "MaxProtocol" => "TLSv1.2",
109         },
110         test   => {
111             "ExpectedServerCertType" =>, "RSA-PSS",
112             "ExpectedServerSignType" =>, "RSA-PSS",
113             "ExpectedResult" => "Success"
114         },
115     },
116     {
117         name => "P-256 CipherString and Signature Algorithm Selection",
118         server => $server,
119         client => {
120             "CipherString" => "aECDSA",
121             "MaxProtocol" => "TLSv1.2",
122             "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
123         },
124         test   => {
125             "ExpectedServerCertType" => "P-256",
126             "ExpectedServerSignHash" => "SHA256",
127             "ExpectedServerSignType" => "EC",
128             "ExpectedResult" => "Success"
129         },
130     },
131     {
132         name => "Ed25519 CipherString and Curves Selection",
133         server => $server,
134         client => {
135             "CipherString" => "aECDSA",
136             "MaxProtocol" => "TLSv1.2",
137             "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
138             # Excluding P-256 from the supported curves list means server
139             # certificate should be Ed25519 and not P-256
140             "Curves" => "X25519"
141         },
142         test   => {
143             "ExpectedServerCertType" =>, "Ed25519",
144             "ExpectedServerSignType" =>, "Ed25519",
145             "ExpectedResult" => "Success"
146         },
147     },
148     {
149         name => "Ed448 CipherString and Curves Selection",
150         server => $server,
151         client => {
152             "CipherString" => "aECDSA",
153             "MaxProtocol" => "TLSv1.2",
154             "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
155             # Excluding P-256 from the supported curves list means server
156             # certificate should be Ed25519 and not P-256
157             "Curves" => "X448"
158         },
159         test   => {
160             "ExpectedServerCertType" =>, "Ed448",
161             "ExpectedServerSignType" =>, "Ed448",
162             "ExpectedResult" => "Success"
163         },
164     },
165     {
166         name => "ECDSA CipherString Selection, no ECDSA certificate",
167         server => {
168             "MaxProtocol" => "TLSv1.2"
169         },
170         client => {
171             "CipherString" => "aECDSA",
172             "MaxProtocol" => "TLSv1.2"
173         },
174         test   => {
175             "ExpectedResult" => "ServerFail"
176         },
177     },
178     {
179         name => "ECDSA Signature Algorithm Selection",
180         server => $server,
181         client => {
182             "SignatureAlgorithms" => "ECDSA+SHA256",
183         },
184         test   => {
185             "ExpectedServerCertType" => "P-256",
186             "ExpectedServerSignHash" => "SHA256",
187             "ExpectedServerSignType" => "EC",
188             "ExpectedResult" => "Success"
189         },
190     },
191     {
192         name => "ECDSA Signature Algorithm Selection SHA384",
193         server => $server,
194         client => {
195             "SignatureAlgorithms" => "ECDSA+SHA384",
196         },
197         test   => {
198             "ExpectedServerCertType" => "P-256",
199             "ExpectedServerSignHash" => "SHA384",
200             "ExpectedServerSignType" => "EC",
201             "ExpectedResult" => "Success"
202         },
203     },
204     {
205         name => "ECDSA Signature Algorithm Selection SHA1",
206         server => $server,
207         client => {
208             "SignatureAlgorithms" => "ECDSA+SHA1",
209         },
210         test   => {
211             "ExpectedServerCertType" => "P-256",
212             "ExpectedServerSignHash" => "SHA1",
213             "ExpectedServerSignType" => "EC",
214             "ExpectedResult" => "Success"
215         },
216     },
217     {
218         name => "ECDSA Signature Algorithm Selection compressed point",
219         server => {
220             "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
221             "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
222             "MaxProtocol" => "TLSv1.2"
223         },
224         client => {
225             "SignatureAlgorithms" => "ECDSA+SHA256",
226         },
227         test   => {
228             "ExpectedServerCertType" => "P-256",
229             "ExpectedServerSignHash" => "SHA256",
230             "ExpectedServerSignType" => "EC",
231             "ExpectedResult" => "Success"
232         },
233     },
234     {
235         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
236         server => {
237              "MaxProtocol" => "TLSv1.2"
238         },
239         client => {
240             "SignatureAlgorithms" => "ECDSA+SHA256",
241         },
242         test   => {
243             "ExpectedResult" => "ServerFail"
244         },
245     },
246     {
247         name => "RSA Signature Algorithm Selection",
248         server => $server,
249         client => {
250             "SignatureAlgorithms" => "RSA+SHA256",
251         },
252         test   => {
253             "ExpectedServerCertType" => "RSA",
254             "ExpectedServerSignHash" => "SHA256",
255             "ExpectedServerSignType" => "RSA",
256             "ExpectedResult" => "Success"
257         },
258     },
259     {
260         name => "RSA-PSS Signature Algorithm Selection",
261         server => $server,
262         client => {
263             "SignatureAlgorithms" => "RSA-PSS+SHA256",
264         },
265         test   => {
266             "ExpectedServerCertType" => "RSA",
267             "ExpectedServerSignHash" => "SHA256",
268             "ExpectedServerSignType" => "RSA-PSS",
269             "ExpectedResult" => "Success"
270         },
271     },
272     {
273         name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
274         server => $server_pss,
275         client => {
276             "SignatureAlgorithms" => "RSA-PSS+SHA256",
277         },
278         test   => {
279             "ExpectedServerCertType" => "RSA",
280             "ExpectedServerSignHash" => "SHA256",
281             "ExpectedServerSignType" => "RSA-PSS",
282             "ExpectedResult" => "Success"
283         },
284     },
285     {
286         name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
287         server => $server_pss,
288         client => {
289             "SignatureAlgorithms" => "rsa_pss_pss_sha256",
290         },
291         test   => {
292             "ExpectedServerCertType" => "RSA-PSS",
293             "ExpectedServerSignHash" => "SHA256",
294             "ExpectedServerSignType" => "RSA-PSS",
295             "ExpectedResult" => "Success"
296         },
297     },
298     {
299         name => "Only RSA-PSS Certificate",
300         server => $server_pss_only,
301         client => {},
302         test   => {
303             "ExpectedServerCertType" => "RSA-PSS",
304             "ExpectedServerSignHash" => "SHA256",
305             "ExpectedServerSignType" => "RSA-PSS",
306             "ExpectedResult" => "Success"
307         },
308     },
309     {
310         name => "RSA-PSS Certificate, no PSS signature algorithms",
311         server => $server_pss_only,
312         client => {
313             "SignatureAlgorithms" => "RSA+SHA256",
314         },
315         test   => {
316             "ExpectedResult" => "ServerFail"
317         },
318     },
319     {
320         name => "Suite B P-256 Hash Algorithm Selection",
321         server =>  {
322             "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
323             "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
324             "MaxProtocol" => "TLSv1.2",
325             "CipherString" => "SUITEB128"
326         },
327         client => {
328             "VerifyCAFile" => test_pem("p384-root.pem"),
329             "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
330         },
331         test   => {
332             "ExpectedServerCertType" => "P-256",
333             "ExpectedServerSignHash" => "SHA256",
334             "ExpectedServerSignType" => "EC",
335             "ExpectedResult" => "Success"
336         },
337     },
338     {
339         name => "Suite B P-384 Hash Algorithm Selection",
340         server =>  {
341             "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
342             "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
343             "MaxProtocol" => "TLSv1.2",
344             "CipherString" => "SUITEB128"
345         },
346         client => {
347             "VerifyCAFile" => test_pem("p384-root.pem"),
348             "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
349         },
350         test   => {
351             "ExpectedServerCertType" => "P-384",
352             "ExpectedServerSignHash" => "SHA384",
353             "ExpectedServerSignType" => "EC",
354             "ExpectedResult" => "Success"
355         },
356     },
357     {
358         name => "TLS 1.2 Ed25519 Client Auth",
359         server => {
360             "VerifyCAFile" => test_pem("root-cert.pem"),
361             "VerifyMode" => "Require"
362         },
363         client => {
364             "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
365             "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
366             "MinProtocol" => "TLSv1.2",
367             "MaxProtocol" => "TLSv1.2"
368         },
369         test   => {
370             "ExpectedClientCertType" => "Ed25519",
371             "ExpectedClientSignType" => "Ed25519",
372             "ExpectedResult" => "Success"
373         },
374     },
375     {
376         name => "TLS 1.2 Ed448 Client Auth",
377         server => {
378             "VerifyCAFile" => test_pem("root-cert.pem"),
379             "VerifyMode" => "Require"
380         },
381         client => {
382             "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
383             "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
384             "MinProtocol" => "TLSv1.2",
385             "MaxProtocol" => "TLSv1.2"
386         },
387         test   => {
388             "ExpectedClientCertType" => "Ed448",
389             "ExpectedClientSignType" => "Ed448",
390             "ExpectedResult" => "Success"
391         },
392     },
393 );
394
395 my @tests_tls_1_1 = (
396     {
397         name => "Only RSA-PSS Certificate, TLS v1.1",
398         server => $server_pss_only,
399         client => {
400             "MaxProtocol" => "TLSv1.1",
401         },
402         test   => {
403             "ExpectedResult" => "ServerFail"
404         },
405     },
406 );
407
408 push @tests, @tests_tls_1_1 unless disabled("tls1_1");
409
410 my $server_tls_1_3 = {
411     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
412     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
413     "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
414     "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
415     "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
416     "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
417     "MinProtocol" => "TLSv1.3",
418     "MaxProtocol" => "TLSv1.3"
419 };
420
421 my $server_tls_1_3_pss = {
422     "PSS.Certificate" => test_pem("server-pss-cert.pem"),
423     "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
424     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
425     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
426     "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
427     "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
428     "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
429     "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
430     "MinProtocol" => "TLSv1.3",
431     "MaxProtocol" => "TLSv1.3"
432 };
433
434 my $client_tls_1_3 = {
435     "RSA.Certificate" => test_pem("ee-client-chain.pem"),
436     "RSA.PrivateKey" => test_pem("ee-key.pem"),
437     "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
438     "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
439     "MinProtocol" => "TLSv1.3",
440     "MaxProtocol" => "TLSv1.3"
441 };
442
443 my @tests_tls_1_3 = (
444     {
445         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
446         server => $server_tls_1_3,
447         client => {
448             "SignatureAlgorithms" => "ECDSA+SHA256",
449         },
450         test   => {
451             "ExpectedServerCertType" => "P-256",
452             "ExpectedServerSignHash" => "SHA256",
453             "ExpectedServerSignType" => "EC",
454             "ExpectedServerCANames" => "empty",
455             "ExpectedResult" => "Success"
456         },
457     },
458     {
459         name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
460         server => {
461             "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
462             "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
463             "MinProtocol" => "TLSv1.3",
464             "MaxProtocol" => "TLSv1.3"
465         },
466         client => {
467             "SignatureAlgorithms" => "ECDSA+SHA256",
468         },
469         test   => {
470             "ExpectedResult" => "ServerFail"
471         },
472     },
473     {
474         name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
475         server => $server_tls_1_3,
476         client => {
477             "SignatureAlgorithms" => "ECDSA+SHA1",
478         },
479         test   => {
480             "ExpectedResult" => "ServerFail"
481         },
482     },
483     {
484         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
485         server => $server_tls_1_3,
486         client => {
487             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
488             "RequestCAFile" => test_pem("root-cert.pem"),
489         },
490         test   => {
491             "ExpectedServerCertType" => "P-256",
492             "ExpectedServerSignHash" => "SHA256",
493             "ExpectedServerSignType" => "EC",
494             "ExpectedServerCANames" => test_pem("root-cert.pem"),
495             "ExpectedResult" => "Success"
496         },
497     },
498     {
499         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
500         server => $server_tls_1_3,
501         client => {
502             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
503         },
504         test   => {
505             "ExpectedServerCertType" => "RSA",
506             "ExpectedServerSignHash" => "SHA384",
507             "ExpectedServerSignType" => "RSA-PSS",
508             "ExpectedResult" => "Success"
509         },
510     },
511     {
512         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
513         server => {
514             "MinProtocol" => "TLSv1.3",
515             "MaxProtocol" => "TLSv1.3"
516         },
517         client => {
518             "SignatureAlgorithms" => "ECDSA+SHA256",
519         },
520         test   => {
521             "ExpectedResult" => "ServerFail"
522         },
523     },
524     {
525         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
526         server => $server_tls_1_3,
527         client => {
528             "SignatureAlgorithms" => "RSA+SHA256",
529         },
530         test   => {
531             "ExpectedResult" => "ServerFail"
532         },
533     },
534     {
535         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
536         server => $server_tls_1_3,
537         client => {
538             "SignatureAlgorithms" => "RSA-PSS+SHA256",
539         },
540         test   => {
541             "ExpectedServerCertType" => "RSA",
542             "ExpectedServerSignHash" => "SHA256",
543             "ExpectedServerSignType" => "RSA-PSS",
544             "ExpectedResult" => "Success"
545         },
546     },
547     {
548         name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
549         server => $server_tls_1_3,
550         client => {
551             "SignatureAlgorithms" => "ed25519",
552         },
553         test   => {
554             "ExpectedServerCertType" => "Ed25519",
555             "ExpectedServerSignType" => "Ed25519",
556             "ExpectedResult" => "Success"
557         },
558     },
559     {
560         name => "TLS 1.3 Ed448 Signature Algorithm Selection",
561         server => $server_tls_1_3,
562         client => {
563             "SignatureAlgorithms" => "ed448",
564         },
565         test   => {
566             "ExpectedServerCertType" => "Ed448",
567             "ExpectedServerSignType" => "Ed448",
568             "ExpectedResult" => "Success"
569         },
570     },
571     {
572         name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
573         server => $server_tls_1_3,
574         client => {
575             "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
576             # Excluding P-256 from the supported groups list should
577             # mean server still uses a P-256 certificate because supported
578             # groups is not used in signature selection for TLS 1.3
579             "Groups" => "X25519"
580         },
581         test   => {
582             "ExpectedServerCertType" =>, "P-256",
583             "ExpectedServerSignType" =>, "EC",
584             "ExpectedResult" => "Success"
585         },
586     },
587     {
588         name => "TLS 1.3 Ed448 CipherString and Groups Selection",
589         server => $server_tls_1_3,
590         client => {
591             "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
592             # Excluding P-256 from the supported groups list should
593             # mean server still uses a P-256 certificate because supported
594             # groups is not used in signature selection for TLS 1.3
595             "Groups" => "X448"
596         },
597         test   => {
598             "ExpectedServerCertType" =>, "P-256",
599             "ExpectedServerSignType" =>, "EC",
600             "ExpectedResult" => "Success"
601         },
602     },
603     {
604         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
605         server => {
606             "ClientSignatureAlgorithms" => "PSS+SHA256",
607             "VerifyCAFile" => test_pem("root-cert.pem"),
608             "VerifyMode" => "Require"
609         },
610         client => $client_tls_1_3,
611         test   => {
612             "ExpectedClientCertType" => "RSA",
613             "ExpectedClientSignHash" => "SHA256",
614             "ExpectedClientSignType" => "RSA-PSS",
615             "ExpectedClientCANames" => "empty",
616             "ExpectedResult" => "Success"
617         },
618     },
619     {
620         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
621         server => {
622             "ClientSignatureAlgorithms" => "PSS+SHA256",
623             "VerifyCAFile" => test_pem("root-cert.pem"),
624             "RequestCAFile" => test_pem("root-cert.pem"),
625             "VerifyMode" => "Require"
626         },
627         client => $client_tls_1_3,
628         test   => {
629             "ExpectedClientCertType" => "RSA",
630             "ExpectedClientSignHash" => "SHA256",
631             "ExpectedClientSignType" => "RSA-PSS",
632             "ExpectedClientCANames" => test_pem("root-cert.pem"),
633             "ExpectedResult" => "Success"
634         },
635     },
636     {
637         name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
638         server => {
639             "ClientSignatureAlgorithms" => "ECDSA+SHA256",
640             "VerifyCAFile" => test_pem("root-cert.pem"),
641             "VerifyMode" => "Require"
642         },
643         client => $client_tls_1_3,
644         test   => {
645             "ExpectedClientCertType" => "P-256",
646             "ExpectedClientSignHash" => "SHA256",
647             "ExpectedClientSignType" => "EC",
648             "ExpectedResult" => "Success"
649         },
650     },
651     {
652         name => "TLS 1.3 Ed25519 Client Auth",
653         server => {
654             "VerifyCAFile" => test_pem("root-cert.pem"),
655             "VerifyMode" => "Require"
656         },
657         client => {
658             "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
659             "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
660             "MinProtocol" => "TLSv1.3",
661             "MaxProtocol" => "TLSv1.3"
662         },
663         test   => {
664             "ExpectedClientCertType" => "Ed25519",
665             "ExpectedClientSignType" => "Ed25519",
666             "ExpectedResult" => "Success"
667         },
668     },
669     {
670         name => "TLS 1.3 Ed448 Client Auth",
671         server => {
672             "VerifyCAFile" => test_pem("root-cert.pem"),
673             "VerifyMode" => "Require"
674         },
675         client => {
676             "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
677             "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
678             "MinProtocol" => "TLSv1.3",
679             "MaxProtocol" => "TLSv1.3"
680         },
681         test   => {
682             "ExpectedClientCertType" => "Ed448",
683             "ExpectedClientSignType" => "Ed448",
684             "ExpectedResult" => "Success"
685         },
686     },
687 );
688
689 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
690
691 my @tests_dsa_tls_1_2 = (
692     {
693         name => "TLS 1.2 DSA Certificate Test",
694         server => {
695             "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
696             "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
697             "DHParameters" => test_pem("dhp2048.pem"),
698             "MinProtocol" => "TLSv1.2",
699             "MaxProtocol" => "TLSv1.2",
700             "CipherString" => "ALL",
701         },
702         client => {
703             "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
704             "CipherString" => "ALL",
705         },
706         test   => {
707             "ExpectedResult" => "Success"
708         },
709     },
710 );
711
712 my @tests_dsa_tls_1_3 = (
713     {
714         name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
715         server => {
716             "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
717             "VerifyCAFile" => test_pem("root-cert.pem"),
718             "VerifyMode" => "Request"
719         },
720         client => {},
721         test   => {
722             "ExpectedResult" => "ServerFail"
723         },
724     },
725     {
726         name => "TLS 1.3 DSA Certificate Test",
727         server => {
728             "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
729             "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
730             "MinProtocol" => "TLSv1.3",
731             "MaxProtocol" => "TLSv1.3",
732             "CipherString" => "ALL",
733         },
734         client => {
735             "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
736             "CipherString" => "ALL",
737         },
738         test   => {
739             "ExpectedResult" => "ServerFail"
740         },
741     },
742 );
743
744 if (!disabled("dsa")) {
745     push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
746     push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
747 }
Unnamed repository; edit this file 'description' to name the repository.