00-base-templates.conf: wire keccak1600-armv8 module.
[openssl.git] / test / ssl-tests / 26-tls13_client_auth.conf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 14
4
5 test-0 = 0-server-auth-TLSv1.3
6 test-1 = 1-client-auth-TLSv1.3-request
7 test-2 = 2-client-auth-TLSv1.3-require-fail
8 test-3 = 3-client-auth-TLSv1.3-require
9 test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
10 test-5 = 5-client-auth-TLSv1.3-noroot
11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
19 # ===========================================================
20
21 [0-server-auth-TLSv1.3]
22 ssl_conf = 0-server-auth-TLSv1.3-ssl
23
24 [0-server-auth-TLSv1.3-ssl]
25 server = 0-server-auth-TLSv1.3-server
26 client = 0-server-auth-TLSv1.3-client
27
28 [0-server-auth-TLSv1.3-server]
29 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
30 CipherString = DEFAULT
31 MaxProtocol = TLSv1.3
32 MinProtocol = TLSv1.3
33 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
34
35 [0-server-auth-TLSv1.3-client]
36 CipherString = DEFAULT
37 MaxProtocol = TLSv1.3
38 MinProtocol = TLSv1.3
39 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
40 VerifyMode = Peer
41
42 [test-0]
43 ExpectedResult = Success
44
45
46 # ===========================================================
47
48 [1-client-auth-TLSv1.3-request]
49 ssl_conf = 1-client-auth-TLSv1.3-request-ssl
50
51 [1-client-auth-TLSv1.3-request-ssl]
52 server = 1-client-auth-TLSv1.3-request-server
53 client = 1-client-auth-TLSv1.3-request-client
54
55 [1-client-auth-TLSv1.3-request-server]
56 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
57 CipherString = DEFAULT
58 MaxProtocol = TLSv1.3
59 MinProtocol = TLSv1.3
60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
61 VerifyMode = Request
62
63 [1-client-auth-TLSv1.3-request-client]
64 CipherString = DEFAULT
65 MaxProtocol = TLSv1.3
66 MinProtocol = TLSv1.3
67 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
68 VerifyMode = Peer
69
70 [test-1]
71 ExpectedResult = Success
72
73
74 # ===========================================================
75
76 [2-client-auth-TLSv1.3-require-fail]
77 ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
78
79 [2-client-auth-TLSv1.3-require-fail-ssl]
80 server = 2-client-auth-TLSv1.3-require-fail-server
81 client = 2-client-auth-TLSv1.3-require-fail-client
82
83 [2-client-auth-TLSv1.3-require-fail-server]
84 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
85 CipherString = DEFAULT
86 MaxProtocol = TLSv1.3
87 MinProtocol = TLSv1.3
88 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
90 VerifyMode = Require
91
92 [2-client-auth-TLSv1.3-require-fail-client]
93 CipherString = DEFAULT
94 MaxProtocol = TLSv1.3
95 MinProtocol = TLSv1.3
96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
97 VerifyMode = Peer
98
99 [test-2]
100 ExpectedResult = ServerFail
101 ExpectedServerAlert = HandshakeFailure
102
103
104 # ===========================================================
105
106 [3-client-auth-TLSv1.3-require]
107 ssl_conf = 3-client-auth-TLSv1.3-require-ssl
108
109 [3-client-auth-TLSv1.3-require-ssl]
110 server = 3-client-auth-TLSv1.3-require-server
111 client = 3-client-auth-TLSv1.3-require-client
112
113 [3-client-auth-TLSv1.3-require-server]
114 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115 CipherString = DEFAULT
116 ClientSignatureAlgorithms = PSS+SHA256
117 MaxProtocol = TLSv1.3
118 MinProtocol = TLSv1.3
119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
121 VerifyMode = Request
122
123 [3-client-auth-TLSv1.3-require-client]
124 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
125 CipherString = DEFAULT
126 MaxProtocol = TLSv1.3
127 MinProtocol = TLSv1.3
128 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
129 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
130 VerifyMode = Peer
131
132 [test-3]
133 ExpectedClientCANames = empty
134 ExpectedClientCertType = RSA
135 ExpectedClientSignHash = SHA256
136 ExpectedClientSignType = RSA-PSS
137 ExpectedResult = Success
138
139
140 # ===========================================================
141
142 [4-client-auth-TLSv1.3-require-non-empty-names]
143 ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
144
145 [4-client-auth-TLSv1.3-require-non-empty-names-ssl]
146 server = 4-client-auth-TLSv1.3-require-non-empty-names-server
147 client = 4-client-auth-TLSv1.3-require-non-empty-names-client
148
149 [4-client-auth-TLSv1.3-require-non-empty-names-server]
150 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151 CipherString = DEFAULT
152 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153 ClientSignatureAlgorithms = PSS+SHA256
154 MaxProtocol = TLSv1.3
155 MinProtocol = TLSv1.3
156 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158 VerifyMode = Request
159
160 [4-client-auth-TLSv1.3-require-non-empty-names-client]
161 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162 CipherString = DEFAULT
163 MaxProtocol = TLSv1.3
164 MinProtocol = TLSv1.3
165 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
166 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
167 VerifyMode = Peer
168
169 [test-4]
170 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
171 ExpectedClientCertType = RSA
172 ExpectedClientSignHash = SHA256
173 ExpectedClientSignType = RSA-PSS
174 ExpectedResult = Success
175
176
177 # ===========================================================
178
179 [5-client-auth-TLSv1.3-noroot]
180 ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
181
182 [5-client-auth-TLSv1.3-noroot-ssl]
183 server = 5-client-auth-TLSv1.3-noroot-server
184 client = 5-client-auth-TLSv1.3-noroot-client
185
186 [5-client-auth-TLSv1.3-noroot-server]
187 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
188 CipherString = DEFAULT
189 MaxProtocol = TLSv1.3
190 MinProtocol = TLSv1.3
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192 VerifyMode = Require
193
194 [5-client-auth-TLSv1.3-noroot-client]
195 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
196 CipherString = DEFAULT
197 MaxProtocol = TLSv1.3
198 MinProtocol = TLSv1.3
199 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201 VerifyMode = Peer
202
203 [test-5]
204 ExpectedResult = ServerFail
205 ExpectedServerAlert = UnknownCA
206
207
208 # ===========================================================
209
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
212
213 [6-client-auth-TLSv1.3-request-post-handshake-ssl]
214 server = 6-client-auth-TLSv1.3-request-post-handshake-server
215 client = 6-client-auth-TLSv1.3-request-post-handshake-client
216
217 [6-client-auth-TLSv1.3-request-post-handshake-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT
220 MaxProtocol = TLSv1.3
221 MinProtocol = TLSv1.3
222 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223 VerifyMode = RequestPostHandshake
224
225 [6-client-auth-TLSv1.3-request-post-handshake-client]
226 CipherString = DEFAULT
227 MaxProtocol = TLSv1.3
228 MinProtocol = TLSv1.3
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230 VerifyMode = Peer
231
232 [test-6]
233 ExpectedResult = ServerFail
234 HandshakeMode = PostHandshakeAuth
235
236
237 # ===========================================================
238
239 [7-client-auth-TLSv1.3-require-fail-post-handshake]
240 ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
241
242 [7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
243 server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
244 client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
245
246 [7-client-auth-TLSv1.3-require-fail-post-handshake-server]
247 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248 CipherString = DEFAULT
249 MaxProtocol = TLSv1.3
250 MinProtocol = TLSv1.3
251 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253 VerifyMode = RequirePostHandshake
254
255 [7-client-auth-TLSv1.3-require-fail-post-handshake-client]
256 CipherString = DEFAULT
257 MaxProtocol = TLSv1.3
258 MinProtocol = TLSv1.3
259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
260 VerifyMode = Peer
261
262 [test-7]
263 ExpectedResult = ServerFail
264 HandshakeMode = PostHandshakeAuth
265
266
267 # ===========================================================
268
269 [8-client-auth-TLSv1.3-require-post-handshake]
270 ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
271
272 [8-client-auth-TLSv1.3-require-post-handshake-ssl]
273 server = 8-client-auth-TLSv1.3-require-post-handshake-server
274 client = 8-client-auth-TLSv1.3-require-post-handshake-client
275
276 [8-client-auth-TLSv1.3-require-post-handshake-server]
277 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
278 CipherString = DEFAULT
279 ClientSignatureAlgorithms = PSS+SHA256
280 MaxProtocol = TLSv1.3
281 MinProtocol = TLSv1.3
282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
284 VerifyMode = RequestPostHandshake
285
286 [8-client-auth-TLSv1.3-require-post-handshake-client]
287 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
288 CipherString = DEFAULT
289 MaxProtocol = TLSv1.3
290 MinProtocol = TLSv1.3
291 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
292 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
293 VerifyMode = Peer
294
295 [test-8]
296 ExpectedClientCANames = empty
297 ExpectedClientCertType = RSA
298 ExpectedClientSignHash = SHA256
299 ExpectedClientSignType = RSA-PSS
300 ExpectedResult = Success
301 HandshakeMode = PostHandshakeAuth
302
303
304 # ===========================================================
305
306 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
307 ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
308
309 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
310 server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
311 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
312
313 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
314 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
315 CipherString = DEFAULT
316 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
317 ClientSignatureAlgorithms = PSS+SHA256
318 MaxProtocol = TLSv1.3
319 MinProtocol = TLSv1.3
320 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
321 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
322 VerifyMode = RequestPostHandshake
323
324 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
325 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
326 CipherString = DEFAULT
327 MaxProtocol = TLSv1.3
328 MinProtocol = TLSv1.3
329 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
330 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
331 VerifyMode = Peer
332
333 [test-9]
334 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335 ExpectedClientCertType = RSA
336 ExpectedClientSignHash = SHA256
337 ExpectedClientSignType = RSA-PSS
338 ExpectedResult = Success
339 HandshakeMode = PostHandshakeAuth
340
341
342 # ===========================================================
343
344 [10-client-auth-TLSv1.3-noroot-post-handshake]
345 ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
346
347 [10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
348 server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
349 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
350
351 [10-client-auth-TLSv1.3-noroot-post-handshake-server]
352 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
353 CipherString = DEFAULT
354 MaxProtocol = TLSv1.3
355 MinProtocol = TLSv1.3
356 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
357 VerifyMode = RequirePostHandshake
358
359 [10-client-auth-TLSv1.3-noroot-post-handshake-client]
360 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
361 CipherString = DEFAULT
362 MaxProtocol = TLSv1.3
363 MinProtocol = TLSv1.3
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
365 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
366 VerifyMode = Peer
367
368 [test-10]
369 ExpectedResult = ServerFail
370 ExpectedServerAlert = UnknownCA
371 HandshakeMode = PostHandshakeAuth
372
373
374 # ===========================================================
375
376 [11-client-auth-TLSv1.3-request-force-client-post-handshake]
377 ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
378
379 [11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
380 server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
381 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
382
383 [11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
384 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
385 CipherString = DEFAULT
386 MaxProtocol = TLSv1.3
387 MinProtocol = TLSv1.3
388 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
389 VerifyMode = RequestPostHandshake
390
391 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
392 CipherString = DEFAULT
393 MaxProtocol = TLSv1.3
394 MinProtocol = TLSv1.3
395 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
396 VerifyMode = Peer
397
398 [test-11]
399 ExpectedResult = Success
400 HandshakeMode = PostHandshakeAuth
401 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
402
403 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
404 ForcePHA = Yes
405
406
407 # ===========================================================
408
409 [12-client-auth-TLSv1.3-request-force-server-post-handshake]
410 ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
411
412 [12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
413 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
414 client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
415
416 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
417 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
418 CipherString = DEFAULT
419 MaxProtocol = TLSv1.3
420 MinProtocol = TLSv1.3
421 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
422 VerifyMode = RequestPostHandshake
423
424 [12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
425 CipherString = DEFAULT
426 MaxProtocol = TLSv1.3
427 MinProtocol = TLSv1.3
428 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
429 VerifyMode = Peer
430
431 [test-12]
432 ExpectedResult = ClientFail
433 HandshakeMode = PostHandshakeAuth
434 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
435
436 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
437 ForcePHA = Yes
438
439
440 # ===========================================================
441
442 [13-client-auth-TLSv1.3-request-force-both-post-handshake]
443 ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
444
445 [13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
446 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
447 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
448
449 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
450 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
451 CipherString = DEFAULT
452 MaxProtocol = TLSv1.3
453 MinProtocol = TLSv1.3
454 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
455 VerifyMode = RequestPostHandshake
456
457 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
458 CipherString = DEFAULT
459 MaxProtocol = TLSv1.3
460 MinProtocol = TLSv1.3
461 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
462 VerifyMode = Peer
463
464 [test-13]
465 ExpectedResult = Success
466 HandshakeMode = PostHandshakeAuth
467 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
468 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
469
470 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
471 ForcePHA = Yes
472
473 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
474 ForcePHA = Yes
475
476