Add and use function test_pem to work out test filenames.
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
index 7767aca..c5a5c31 100644 (file)
@@ -9,11 +9,9 @@ use warnings;
 package ssltests;
 use OpenSSL::Test::Utils;
 
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
 my $server = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
     "MaxProtocol" => "TLSv1.2"
 };
 
@@ -44,7 +42,9 @@ our @tests = (
     },
     {
         name => "ECDSA CipherString Selection, no ECDSA certificate",
-        server => { },
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
         client => {
             "CipherString" => "aECDSA"
         },
@@ -80,7 +80,9 @@ our @tests = (
     },
     {
         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => { },
+        server => {
+             "MaxProtocol" => "TLSv1.2"
+        },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
@@ -118,8 +120,17 @@ our @tests = (
 
 
 my $server_tls_1_3 = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $client_tls_1_3 = {
+    "RSA.Certificate" => test_pem("ee-client-chain.pem"),
+    "RSA.PrivateKey" => test_pem("ee-key.pem"),
+    "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
+    "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
     "MinProtocol" => "TLSv1.3",
     "MaxProtocol" => "TLSv1.3"
 };
@@ -166,7 +177,10 @@ my @tests_tls_1_3 = (
     },
     {
         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => { },
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
@@ -196,7 +210,37 @@ my @tests_tls_1_3 = (
             "ExpectedServerSignType" => "RSA-PSS",
             "ExpectedResult" => "Success"
         },
-    }
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "P-256",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
 );
 
 push @tests, @tests_tls_1_3 unless disabled("tls1_3");