projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add and use function test_pem to work out test filenames.
[openssl.git] / test / ssl-tests / 04-client_auth.conf
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
index 6504bf18b555d6d0cfc3e8990c199a3716b3e26f..96024884d99ccd4c742f268b4c4a4a924998ed6f 100644 (file)
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@@ -29,7 +29,6 @@ ssl_conf = 0-server-auth-flex-ssl
 
 [0-server-auth-flex-ssl]
 server = 0-server-auth-flex-server
-server2 = 0-server-auth-flex-server2
 client = 0-server-auth-flex-client
 
 [0-server-auth-flex-server]
@@ -37,19 +36,11 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-
-[0-server-auth-flex-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-
 [0-server-auth-flex-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-0]
 ExpectedResult = Success
 
@@ -61,7 +52,6 @@ ssl_conf = 1-client-auth-flex-request-ssl
 
 [1-client-auth-flex-request-ssl]
 server = 1-client-auth-flex-request-server
-server2 = 1-client-auth-flex-request-server2
 client = 1-client-auth-flex-request-client
 
 [1-client-auth-flex-request-server]
@@ -70,20 +60,11 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyMode = Request
 
-
-[1-client-auth-flex-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-
 [1-client-auth-flex-request-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-1]
 ExpectedResult = Success
 
@@ -95,7 +76,6 @@ ssl_conf = 2-client-auth-flex-require-fail-ssl
 
 [2-client-auth-flex-require-fail-ssl]
 server = 2-client-auth-flex-require-fail-server
-server2 = 2-client-auth-flex-require-fail-server2
 client = 2-client-auth-flex-require-fail-client
 
 [2-client-auth-flex-require-fail-server]
@@ -105,24 +85,14 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[2-client-auth-flex-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [2-client-auth-flex-require-fail-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-2]
 ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
 
 
 # ===========================================================
@@ -132,7 +102,6 @@ ssl_conf = 3-client-auth-flex-require-ssl
 
 [3-client-auth-flex-require-ssl]
 server = 3-client-auth-flex-require-server
-server2 = 3-client-auth-flex-require-server2
 client = 3-client-auth-flex-require-client
 
 [3-client-auth-flex-require-server]
@@ -142,15 +111,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
-[3-client-auth-flex-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
 [3-client-auth-flex-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -158,8 +118,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-3]
+ExpectedClientCertType = RSA
 ExpectedResult = Success
 
 
@@ -170,7 +130,6 @@ ssl_conf = 4-client-auth-flex-noroot-ssl
 
 [4-client-auth-flex-noroot-ssl]
 server = 4-client-auth-flex-noroot-server
-server2 = 4-client-auth-flex-noroot-server2
 client = 4-client-auth-flex-noroot-client
 
 [4-client-auth-flex-noroot-server]
@@ -179,14 +138,6 @@ CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 VerifyMode = Require
 
-
-[4-client-auth-flex-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-
 [4-client-auth-flex-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
@@ -194,10 +145,9 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-4]
 ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
 
 
 # ===========================================================
@@ -207,30 +157,22 @@ ssl_conf = 5-server-auth-TLSv1-ssl
 
 [5-server-auth-TLSv1-ssl]
 server = 5-server-auth-TLSv1-server
-server2 = 5-server-auth-TLSv1-server2
 client = 5-server-auth-TLSv1-client
 
 [5-server-auth-TLSv1-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-
-
-[5-server-auth-TLSv1-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-
 
 [5-server-auth-TLSv1-client]
 CipherString = DEFAULT
-Protocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-5]
 ExpectedResult = Success
 
@@ -242,32 +184,23 @@ ssl_conf = 6-client-auth-TLSv1-request-ssl
 
 [6-client-auth-TLSv1-request-ssl]
 server = 6-client-auth-TLSv1-request-server
-server2 = 6-client-auth-TLSv1-request-server2
 client = 6-client-auth-TLSv1-request-client
 
 [6-client-auth-TLSv1-request-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
 VerifyMode = Request
 
-
-[6-client-auth-TLSv1-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyMode = Request
-
-
 [6-client-auth-TLSv1-request-client]
 CipherString = DEFAULT
-Protocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-6]
 ExpectedResult = Success
 
@@ -279,37 +212,27 @@ ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
 
 [7-client-auth-TLSv1-require-fail-ssl]
 server = 7-client-auth-TLSv1-require-fail-server
-server2 = 7-client-auth-TLSv1-require-fail-server2
 client = 7-client-auth-TLSv1-require-fail-client
 
 [7-client-auth-TLSv1-require-fail-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[7-client-auth-TLSv1-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [7-client-auth-TLSv1-require-fail-client]
 CipherString = DEFAULT
-Protocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-7]
 ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
 
 
 # ===========================================================
@@ -319,37 +242,28 @@ ssl_conf = 8-client-auth-TLSv1-require-ssl
 
 [8-client-auth-TLSv1-require-ssl]
 server = 8-client-auth-TLSv1-require-server
-server2 = 8-client-auth-TLSv1-require-server2
 client = 8-client-auth-TLSv1-require-client
 
 [8-client-auth-TLSv1-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
-[8-client-auth-TLSv1-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
 [8-client-auth-TLSv1-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-8]
+ExpectedClientCertType = RSA
 ExpectedResult = Success
 
 
@@ -360,37 +274,28 @@ ssl_conf = 9-client-auth-TLSv1-noroot-ssl
 
 [9-client-auth-TLSv1-noroot-ssl]
 server = 9-client-auth-TLSv1-noroot-server
-server2 = 9-client-auth-TLSv1-noroot-server2
 client = 9-client-auth-TLSv1-noroot-client
 
 [9-client-auth-TLSv1-noroot-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
-VerifyMode = Require
-
-
-[9-client-auth-TLSv1-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1
 VerifyMode = Require
 
-
 [9-client-auth-TLSv1-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-9]
 ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
 
 
 # ===========================================================
@@ -400,30 +305,22 @@ ssl_conf = 10-server-auth-TLSv1.1-ssl
 
 [10-server-auth-TLSv1.1-ssl]
 server = 10-server-auth-TLSv1.1-server
-server2 = 10-server-auth-TLSv1.1-server2
 client = 10-server-auth-TLSv1.1-client
 
 [10-server-auth-TLSv1.1-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-
-
-[10-server-auth-TLSv1.1-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-
 
 [10-server-auth-TLSv1.1-client]
 CipherString = DEFAULT
-Protocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-10]
 ExpectedResult = Success
 
@@ -435,32 +332,23 @@ ssl_conf = 11-client-auth-TLSv1.1-request-ssl
 
 [11-client-auth-TLSv1.1-request-ssl]
 server = 11-client-auth-TLSv1.1-request-server
-server2 = 11-client-auth-TLSv1.1-request-server2
 client = 11-client-auth-TLSv1.1-request-client
 
 [11-client-auth-TLSv1.1-request-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
 VerifyMode = Request
 
-
-[11-client-auth-TLSv1.1-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyMode = Request
-
-
 [11-client-auth-TLSv1.1-request-client]
 CipherString = DEFAULT
-Protocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-11]
 ExpectedResult = Success
 
@@ -472,37 +360,27 @@ ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
 
 [12-client-auth-TLSv1.1-require-fail-ssl]
 server = 12-client-auth-TLSv1.1-require-fail-server
-server2 = 12-client-auth-TLSv1.1-require-fail-server2
 client = 12-client-auth-TLSv1.1-require-fail-client
 
 [12-client-auth-TLSv1.1-require-fail-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[12-client-auth-TLSv1.1-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [12-client-auth-TLSv1.1-require-fail-client]
 CipherString = DEFAULT
-Protocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-12]
 ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
 
 
 # ===========================================================
@@ -512,37 +390,28 @@ ssl_conf = 13-client-auth-TLSv1.1-require-ssl
 
 [13-client-auth-TLSv1.1-require-ssl]
 server = 13-client-auth-TLSv1.1-require-server
-server2 = 13-client-auth-TLSv1.1-require-server2
 client = 13-client-auth-TLSv1.1-require-client
 
 [13-client-auth-TLSv1.1-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
-[13-client-auth-TLSv1.1-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
 [13-client-auth-TLSv1.1-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-13]
+ExpectedClientCertType = RSA
 ExpectedResult = Success
 
 
@@ -553,37 +422,28 @@ ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
 
 [14-client-auth-TLSv1.1-noroot-ssl]
 server = 14-client-auth-TLSv1.1-noroot-server
-server2 = 14-client-auth-TLSv1.1-noroot-server2
 client = 14-client-auth-TLSv1.1-noroot-client
 
 [14-client-auth-TLSv1.1-noroot-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
-VerifyMode = Require
-
-
-[14-client-auth-TLSv1.1-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.1
 VerifyMode = Require
 
-
 [14-client-auth-TLSv1.1-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-14]
 ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
 
 
 # ===========================================================
@@ -593,30 +453,22 @@ ssl_conf = 15-server-auth-TLSv1.2-ssl
 
 [15-server-auth-TLSv1.2-ssl]
 server = 15-server-auth-TLSv1.2-server
-server2 = 15-server-auth-TLSv1.2-server2
 client = 15-server-auth-TLSv1.2-client
 
 [15-server-auth-TLSv1.2-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-
-
-[15-server-auth-TLSv1.2-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-
 
 [15-server-auth-TLSv1.2-client]
 CipherString = DEFAULT
-Protocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-15]
 ExpectedResult = Success
 
@@ -628,32 +480,23 @@ ssl_conf = 16-client-auth-TLSv1.2-request-ssl
 
 [16-client-auth-TLSv1.2-request-ssl]
 server = 16-client-auth-TLSv1.2-request-server
-server2 = 16-client-auth-TLSv1.2-request-server2
 client = 16-client-auth-TLSv1.2-request-client
 
 [16-client-auth-TLSv1.2-request-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
 VerifyMode = Request
 
-
-[16-client-auth-TLSv1.2-request-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyMode = Request
-
-
 [16-client-auth-TLSv1.2-request-client]
 CipherString = DEFAULT
-Protocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-16]
 ExpectedResult = Success
 
@@ -665,37 +508,27 @@ ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
 
 [17-client-auth-TLSv1.2-require-fail-ssl]
 server = 17-client-auth-TLSv1.2-require-fail-server
-server2 = 17-client-auth-TLSv1.2-require-fail-server2
 client = 17-client-auth-TLSv1.2-require-fail-client
 
 [17-client-auth-TLSv1.2-require-fail-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Require
 
-
-[17-client-auth-TLSv1.2-require-fail-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-
 [17-client-auth-TLSv1.2-require-fail-client]
 CipherString = DEFAULT
-Protocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-17]
 ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
 
 
 # ===========================================================
@@ -705,37 +538,31 @@ ssl_conf = 18-client-auth-TLSv1.2-require-ssl
 
 [18-client-auth-TLSv1.2-require-ssl]
 server = 18-client-auth-TLSv1.2-require-server
-server2 = 18-client-auth-TLSv1.2-require-server2
 client = 18-client-auth-TLSv1.2-require-client
 
 [18-client-auth-TLSv1.2-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-
-[18-client-auth-TLSv1.2-require-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyMode = Request
 
-
 [18-client-auth-TLSv1.2-require-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-18]
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA
 ExpectedResult = Success
 
 
@@ -746,36 +573,27 @@ ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
 
 [19-client-auth-TLSv1.2-noroot-ssl]
 server = 19-client-auth-TLSv1.2-noroot-server
-server2 = 19-client-auth-TLSv1.2-noroot-server2
 client = 19-client-auth-TLSv1.2-noroot-client
 
 [19-client-auth-TLSv1.2-noroot-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
-VerifyMode = Require
-
-
-[19-client-auth-TLSv1.2-noroot-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-Protocol = TLSv1.2
 VerifyMode = Require
 
-
 [19-client-auth-TLSv1.2-noroot-client]
 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-Protocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
-
 [test-19]
 ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
 
 
Unnamed repository; edit this file 'description' to name the repository.