add DSA cert tests

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2667)

diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index 72ce425..1598dad 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
 # Generated with generate_ssl_tests.pl
 

-num_tests = 8
+num_tests = 9

 
 test-0 = 0-ECDSA CipherString Selection
 test-1 = 1-RSA CipherString Selection
 
 test-0 = 0-ECDSA CipherString Selection
 test-1 = 1-RSA CipherString Selection


@@ -10,6 +10,7 @@ test-4 = 4-ECDSA Signature Algorithm Selection SHA384
 test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate
 test-6 = 6-RSA Signature Algorithm Selection
 test-7 = 7-RSA-PSS Signature Algorithm Selection
 test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate
 test-6 = 6-RSA Signature Algorithm Selection
 test-7 = 7-RSA-PSS Signature Algorithm Selection

+test-8 = 8-TLS 1.2 DSA Certificate Test

 # ===========================================================
 
 [0-ECDSA CipherString Selection]
 # ===========================================================
 
 [0-ECDSA CipherString Selection]


@@ -235,3 +236,32 @@ ExpectedServerSignHash = SHA256
 ExpectedServerSignType = RSA-PSS
 
 
 ExpectedServerSignType = RSA-PSS
 
 

+# ===========================================================
+
+[8-TLS 1.2 DSA Certificate Test]
+ssl_conf = 8-TLS 1.2 DSA Certificate Test-ssl
+
+[8-TLS 1.2 DSA Certificate Test-ssl]
+server = 8-TLS 1.2 DSA Certificate Test-server
+client = 8-TLS 1.2 DSA Certificate Test-client
+
+[8-TLS 1.2 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-TLS 1.2 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA256:DSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+
+

diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index c5a5c31..7edfed6 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -244,3 +244,49 @@ my @tests_tls_1_3 = (
 );
 
 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
 );
 
 push @tests, @tests_tls_1_3 unless disabled("tls1_3");

+
+my @tests_dsa_tls_1_2 = (
+    {
+        name => "TLS 1.2 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "DHParameters" => test_pem("dhp2048.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "Success"
+        },
+    },
+);
+
+my @tests_dsa_tls_1_3 = (
+    {
+        name => "TLS 1.3 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
+
+if (!disabled("dsa")) {
+    push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
+    push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
+}