Change Post Handshake auth so that it is opt-in
[openssl.git] / test / ssl-tests / 26-tls13_client_auth.conf
index 55361dd..9c42391 100644 (file)
@@ -299,6 +299,10 @@ ExpectedClientSignHash = SHA256
 ExpectedClientSignType = RSA-PSS
 ExpectedResult = Success
 HandshakeMode = PostHandshakeAuth
+client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
+
+[8-client-auth-TLSv1.3-require-post-handshake-client-extra]
+EnablePHA = Yes
 
 
 # ===========================================================
@@ -337,6 +341,10 @@ ExpectedClientSignHash = SHA256
 ExpectedClientSignType = RSA-PSS
 ExpectedResult = Success
 HandshakeMode = PostHandshakeAuth
+client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
+EnablePHA = Yes
 
 
 # ===========================================================
@@ -369,6 +377,10 @@ VerifyMode = Peer
 ExpectedResult = ServerFail
 ExpectedServerAlert = UnknownCA
 HandshakeMode = PostHandshakeAuth
+client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
+
+[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
+EnablePHA = Yes
 
 
 # ===========================================================
@@ -401,7 +413,7 @@ HandshakeMode = PostHandshakeAuth
 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
 
 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
-ForcePHA = Yes
+EnablePHA = Yes
 
 
 # ===========================================================
@@ -471,6 +483,6 @@ client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
 ForcePHA = Yes
 
 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
-ForcePHA = Yes
+EnablePHA = Yes