Add client auth TLS 1.3 certificate selection tests
authorDr. Stephen Henson <steve@openssl.org>
Wed, 15 Feb 2017 22:16:09 +0000 (22:16 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 16 Feb 2017 16:43:44 +0000 (16:43 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)

test/ssl-tests/20-cert-select.conf.in

index 2036d2c..3d36a0e 100644 (file)
@@ -11,9 +11,11 @@ use OpenSSL::Test::Utils;
 
 my $dir_sep = $^O ne "VMS" ? "/" : "";
 
+my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
+
 my $server = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
     "MaxProtocol" => "TLSv1.2"
 };
 
@@ -122,8 +124,17 @@ our @tests = (
 
 
 my $server_tls_1_3 = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $client_tls_1_3 = {
+    "RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
+    "RSA.PrivateKey" => "${cert_dir}ee-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
     "MinProtocol" => "TLSv1.3",
     "MaxProtocol" => "TLSv1.3"
 };
@@ -203,7 +214,37 @@ my @tests_tls_1_3 = (
             "ExpectedServerSignType" => "RSA-PSS",
             "ExpectedResult" => "Success"
         },
-    }
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "P-256",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
 );
 
 push @tests, @tests_tls_1_3 unless disabled("tls1_3");