Add missing MinProtocol/MaxProtocol
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5
6 use strict;
7 use warnings;
8
9 package ssltests;
10 use OpenSSL::Test::Utils;
11
12 my $dir_sep = $^O ne "VMS" ? "/" : "";
13
14 my $server = {
15     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
16     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
17     "MaxProtocol" => "TLSv1.2"
18 };
19
20 our @tests = (
21     {
22         name => "ECDSA CipherString Selection",
23         server => $server,
24         client => {
25             "CipherString" => "aECDSA",
26         },
27         test   => {
28             "ExpectedServerCertType" =>, "P-256",
29             "ExpectedServerSignType" =>, "EC",
30             "ExpectedResult" => "Success"
31         },
32     },
33     {
34         name => "RSA CipherString Selection",
35         server => $server,
36         client => {
37             "CipherString" => "aRSA",
38         },
39         test   => {
40             "ExpectedServerCertType" =>, "RSA",
41             "ExpectedServerSignType" =>, "RSA-PSS",
42             "ExpectedResult" => "Success"
43         },
44     },
45     {
46         name => "ECDSA CipherString Selection, no ECDSA certificate",
47         server => {
48             "MaxProtocol" => "TLSv1.2"
49         },
50         client => {
51             "CipherString" => "aECDSA"
52         },
53         test   => {
54             "ExpectedResult" => "ServerFail"
55         },
56     },
57     {
58         name => "ECDSA Signature Algorithm Selection",
59         server => $server,
60         client => {
61             "SignatureAlgorithms" => "ECDSA+SHA256",
62         },
63         test   => {
64             "ExpectedServerCertType" => "P-256",
65             "ExpectedServerSignHash" => "SHA256",
66             "ExpectedServerSignType" => "EC",
67             "ExpectedResult" => "Success"
68         },
69     },
70     {
71         name => "ECDSA Signature Algorithm Selection SHA384",
72         server => $server,
73         client => {
74             "SignatureAlgorithms" => "ECDSA+SHA384",
75         },
76         test   => {
77             "ExpectedServerCertType" => "P-256",
78             "ExpectedServerSignHash" => "SHA384",
79             "ExpectedServerSignType" => "EC",
80             "ExpectedResult" => "Success"
81         },
82     },
83     {
84         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
85         server => {
86              "MaxProtocol" => "TLSv1.2"
87         },
88         client => {
89             "SignatureAlgorithms" => "ECDSA+SHA256",
90         },
91         test   => {
92             "ExpectedResult" => "ServerFail"
93         },
94     },
95     {
96         name => "RSA Signature Algorithm Selection",
97         server => $server,
98         client => {
99             "SignatureAlgorithms" => "RSA+SHA256",
100         },
101         test   => {
102             "ExpectedServerCertType" => "RSA",
103             "ExpectedServerSignHash" => "SHA256",
104             "ExpectedServerSignType" => "RSA",
105             "ExpectedResult" => "Success"
106         },
107     },
108     {
109         name => "RSA-PSS Signature Algorithm Selection",
110         server => $server,
111         client => {
112             "SignatureAlgorithms" => "RSA-PSS+SHA256",
113         },
114         test   => {
115             "ExpectedServerCertType" => "RSA",
116             "ExpectedServerSignHash" => "SHA256",
117             "ExpectedServerSignType" => "RSA-PSS",
118             "ExpectedResult" => "Success"
119         },
120     }
121 );
122
123
124 my $server_tls_1_3 = {
125     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
126     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
127     "MinProtocol" => "TLSv1.3",
128     "MaxProtocol" => "TLSv1.3"
129 };
130
131 my @tests_tls_1_3 = (
132     {
133         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
134         server => $server_tls_1_3,
135         client => {
136             "SignatureAlgorithms" => "ECDSA+SHA256",
137         },
138         test   => {
139             "ExpectedServerCertType" => "P-256",
140             "ExpectedServerSignHash" => "SHA256",
141             "ExpectedServerSignType" => "EC",
142             "ExpectedResult" => "Success"
143         },
144     },
145     {
146         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
147         server => $server_tls_1_3,
148         client => {
149             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
150         },
151         test   => {
152             "ExpectedServerCertType" => "P-256",
153             "ExpectedServerSignHash" => "SHA256",
154             "ExpectedServerSignType" => "EC",
155             "ExpectedResult" => "Success"
156         },
157     },
158     {
159         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
160         server => $server_tls_1_3,
161         client => {
162             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
163         },
164         test   => {
165             "ExpectedServerCertType" => "RSA",
166             "ExpectedServerSignHash" => "SHA384",
167             "ExpectedServerSignType" => "RSA-PSS",
168             "ExpectedResult" => "Success"
169         },
170     },
171     {
172         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
173         server => {
174             "MinProtocol" => "TLSv1.3",
175             "MaxProtocol" => "TLSv1.3"
176         },
177         client => {
178             "SignatureAlgorithms" => "ECDSA+SHA256",
179         },
180         test   => {
181             "ExpectedResult" => "ServerFail"
182         },
183     },
184     {
185         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
186         server => $server_tls_1_3,
187         client => {
188             "SignatureAlgorithms" => "RSA+SHA256",
189         },
190         test   => {
191             "ExpectedResult" => "ServerFail"
192         },
193     },
194     {
195         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
196         server => $server_tls_1_3,
197         client => {
198             "SignatureAlgorithms" => "RSA-PSS+SHA256",
199         },
200         test   => {
201             "ExpectedServerCertType" => "RSA",
202             "ExpectedServerSignHash" => "SHA256",
203             "ExpectedServerSignType" => "RSA-PSS",
204             "ExpectedResult" => "Success"
205         },
206     }
207 );
208
209 push @tests, @tests_tls_1_3 unless disabled("tls1_3");