From 0a10825a009c830125fef94c81d34e41300a24a5 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Wed, 24 Oct 2018 23:10:38 +0200 Subject: [PATCH] Enable brainpool curves for TLS1.3 See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7485) --- include/internal/tlsgroups.h | 10 +++ ssl/s3_lib.c | 5 +- ssl/ssl_local.h | 5 ++ ssl/statem/extensions.c | 2 +- ssl/statem/extensions_clnt.c | 20 ++++- ssl/statem/extensions_srvr.c | 15 ++-- ssl/statem/statem_lib.c | 6 ++ ssl/t1_lib.c | 129 +++++++++++++++++++-------- ssl/t1_trce.c | 3 + test/ssl-tests/20-cert-select.cnf | 4 +- test/ssl-tests/20-cert-select.cnf.in | 4 +- 11 files changed, 153 insertions(+), 50 deletions(-) diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h index 8a35ced122..73fb53bc5f 100644 --- a/include/internal/tlsgroups.h +++ b/include/internal/tlsgroups.h @@ -41,6 +41,16 @@ # define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C # define OSSL_TLS_GROUP_ID_x25519 0x001D # define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 # define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 # define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 # define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 88565a7000..1a89bde851 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3607,8 +3607,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) int *cptr = parg; for (i = 0; i < clistlen; i++) { + uint16_t cid = SSL_IS_TLS13(s) + ? ssl_group_id_tls13_to_internal(clist[i]) + : clist[i]; const TLS_GROUP_INFO *cinf - = tls1_group_id_lookup(s->ctx, clist[i]); + = tls1_group_id_lookup(s->ctx, cid); if (cinf != NULL) cptr[i] = tls1_group_id2nid(cinf->group_id, 1); diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 9b88140a28..ddae48b2af 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2169,6 +2169,9 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_ed25519 0x0807 #define TLSEXT_SIGALG_ed448 0x0808 +#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a +#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b +#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 @@ -2642,6 +2645,8 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); +__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id); +__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur uint16_t tls1_nid2group_id(int nid); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index bc437be26a..0ac8253be3 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1369,7 +1369,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1)) + 2)) break; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b38c9ca684..d6d4e55ce7 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -224,6 +224,21 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, if (tls_valid_group(s, ctmp, min_version, max_version, 0, &okfortls13) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { +#ifndef OPENSSL_NO_TLS1_3 + int ctmp13 = ssl_group_id_internal_to_tls13(ctmp); + + if (ctmp13 != 0 && ctmp13 != ctmp + && max_version == TLS1_3_VERSION) { + if (!WPACKET_put_bytes_u16(pkt, ctmp13)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return EXT_RETURN_FAIL; + } + tls13added++; + added++; + if (min_version == TLS1_3_VERSION) + continue; + } +#endif if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -622,7 +637,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) } /* Create KeyShareEntry */ - if (!WPACKET_put_bytes_u16(pkt, curve_id) + if (!WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13(curve_id)) || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -675,6 +690,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, curve_id = s->s3.group_id; } else { for (i = 0; i < num_groups; i++) { + if (ssl_group_id_internal_to_tls13(pgroups[i]) == 0) + continue; if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; @@ -1747,6 +1764,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } + group_id = ssl_group_id_tls13_to_internal(group_id); if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) { const uint16_t *pgroups = NULL; size_t i, num_groups; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 3afb18c312..fa64435a00 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -635,7 +635,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * we requested, and must be the only key_share sent. */ if (s->s3.group_id != 0 - && (group_id != s->s3.group_id + && (ssl_group_id_tls13_to_internal(group_id) != s->s3.group_id || PACKET_remaining(&key_share_list) != 0)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; @@ -653,16 +653,18 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, continue; } + s->s3.group_id = group_id; + /* Cache the selected group ID in the SSL_SESSION */ + s->session->kex_group = group_id; + + group_id = ssl_group_id_tls13_to_internal(group_id); + if ((s->s3.peer_tmp = ssl_generate_param_group(s, group_id)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); return 0; } - s->s3.group_id = group_id; - /* Cache the selected group ID in the SSL_SESSION */ - s->session->kex_group = group_id; - if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt)) <= 0) { @@ -1591,7 +1593,8 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u16(pkt, s->s3.group_id) + || !WPACKET_put_bytes_u16(pkt, ssl_group_id_internal_to_tls13( + s->s3.group_id)) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 79ac9be04b..334e1c7bd4 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -2165,9 +2165,15 @@ int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, if (groups == NULL || num_groups == 0) return 0; + if (checkallow == 1) + group_id = ssl_group_id_tls13_to_internal(group_id); + for (i = 0; i < num_groups; i++) { uint16_t group = groups[i]; + if (checkallow == 2) + group = ssl_group_id_tls13_to_internal(group); + if (group_id == group && (!checkallow || tls_group_allowed(s, group, SSL_SECOP_CURVE_CHECK))) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fc32bb3556..88912be23c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -171,13 +171,13 @@ static struct { {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1}, {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519}, {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448}, - {NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022}, - {NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023}, - {NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024}, - {NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025}, - {NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026}, - {NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027}, - {NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028}, + {NID_id_tc26_gost_3410_2012_256_paramSetA, OSSL_TLS_GROUP_ID_gc256A}, + {NID_id_tc26_gost_3410_2012_256_paramSetB, OSSL_TLS_GROUP_ID_gc256B}, + {NID_id_tc26_gost_3410_2012_256_paramSetC, OSSL_TLS_GROUP_ID_gc256C}, + {NID_id_tc26_gost_3410_2012_256_paramSetD, OSSL_TLS_GROUP_ID_gc256D}, + {NID_id_tc26_gost_3410_2012_512_paramSetA, OSSL_TLS_GROUP_ID_gc512A}, + {NID_id_tc26_gost_3410_2012_512_paramSetB, OSSL_TLS_GROUP_ID_gc512B}, + {NID_id_tc26_gost_3410_2012_512_paramSetC, OSSL_TLS_GROUP_ID_gc512C}, {NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048}, {NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072}, {NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096}, @@ -193,28 +193,28 @@ static const unsigned char ecformats_default[] = { /* The default curves */ static const uint16_t supported_groups_default[] = { - 29, /* X25519 (29) */ - 23, /* secp256r1 (23) */ - 30, /* X448 (30) */ - 25, /* secp521r1 (25) */ - 24, /* secp384r1 (24) */ - 34, /* GC256A (34) */ - 35, /* GC256B (35) */ - 36, /* GC256C (36) */ - 37, /* GC256D (37) */ - 38, /* GC512A (38) */ - 39, /* GC512B (39) */ - 40, /* GC512C (40) */ - 0x100, /* ffdhe2048 (0x100) */ - 0x101, /* ffdhe3072 (0x101) */ - 0x102, /* ffdhe4096 (0x102) */ - 0x103, /* ffdhe6144 (0x103) */ - 0x104, /* ffdhe8192 (0x104) */ + OSSL_TLS_GROUP_ID_x25519, /* X25519 (29) */ + OSSL_TLS_GROUP_ID_secp256r1, /* secp256r1 (23) */ + OSSL_TLS_GROUP_ID_x448, /* X448 (30) */ + OSSL_TLS_GROUP_ID_secp521r1, /* secp521r1 (25) */ + OSSL_TLS_GROUP_ID_secp384r1, /* secp384r1 (24) */ + OSSL_TLS_GROUP_ID_gc256A, /* GC256A (34) */ + OSSL_TLS_GROUP_ID_gc256B, /* GC256B (35) */ + OSSL_TLS_GROUP_ID_gc256C, /* GC256C (36) */ + OSSL_TLS_GROUP_ID_gc256D, /* GC256D (37) */ + OSSL_TLS_GROUP_ID_gc512A, /* GC512A (38) */ + OSSL_TLS_GROUP_ID_gc512B, /* GC512B (39) */ + OSSL_TLS_GROUP_ID_gc512C, /* GC512C (40) */ + OSSL_TLS_GROUP_ID_ffdhe2048, /* ffdhe2048 (0x100) */ + OSSL_TLS_GROUP_ID_ffdhe3072, /* ffdhe3072 (0x101) */ + OSSL_TLS_GROUP_ID_ffdhe4096, /* ffdhe4096 (0x102) */ + OSSL_TLS_GROUP_ID_ffdhe6144, /* ffdhe6144 (0x103) */ + OSSL_TLS_GROUP_ID_ffdhe8192, /* ffdhe8192 (0x104) */ }; static const uint16_t suiteb_curves[] = { - TLSEXT_curve_P_256, - TLSEXT_curve_P_384 + OSSL_TLS_GROUP_ID_secp256r1, + OSSL_TLS_GROUP_ID_secp384r1, }; struct provider_group_data_st { @@ -433,6 +433,42 @@ static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name) return 0; } +uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id) +{ + switch(curve_id) { + case OSSL_TLS_GROUP_ID_brainpoolP256r1: + return OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13; + case OSSL_TLS_GROUP_ID_brainpoolP384r1: + return OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13; + case OSSL_TLS_GROUP_ID_brainpoolP512r1: + return OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13; + case OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13: + case OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13: + case OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13: + return 0; + default: + return curve_id; + } +} + +uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id) +{ + switch(curve_id) { + case OSSL_TLS_GROUP_ID_brainpoolP256r1: + case OSSL_TLS_GROUP_ID_brainpoolP384r1: + case OSSL_TLS_GROUP_ID_brainpoolP512r1: + return 0; + case OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13: + return OSSL_TLS_GROUP_ID_brainpoolP256r1; + case OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13: + return OSSL_TLS_GROUP_ID_brainpoolP384r1; + case OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13: + return OSSL_TLS_GROUP_ID_brainpoolP512r1; + default: + return curve_id; + } +} + const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t group_id) { size_t i; @@ -611,9 +647,9 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) unsigned long cid = s->s3.tmp.new_cipher->id; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) - return TLSEXT_curve_P_256; + return OSSL_TLS_GROUP_ID_secp256r1; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) - return TLSEXT_curve_P_384; + return OSSL_TLS_GROUP_ID_secp384r1; /* Should never happen */ return 0; } @@ -634,10 +670,17 @@ uint16_t tls1_shared_group(SSL *s, int nmatch) for (k = 0, i = 0; i < num_pref; i++) { uint16_t id = pref[i]; + uint16_t cid = id; - if (!tls1_in_list(id, supp, num_supp) - || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) - continue; + if (SSL_IS_TLS13(s)) { + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) + cid = ssl_group_id_internal_to_tls13(id); + else + cid = id = ssl_group_id_tls13_to_internal(id); + } + if (!tls1_in_list(cid, supp, num_supp) + || !tls_group_allowed(s, id, SSL_SECOP_CURVE_SHARED)) + continue; if (nmatch == k) return id; k++; @@ -782,10 +825,10 @@ int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups) unsigned long cid = s->s3.tmp.new_cipher->id; if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { - if (group_id != TLSEXT_curve_P_256) + if (group_id != OSSL_TLS_GROUP_ID_secp256r1) return 0; } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) { - if (group_id != TLSEXT_curve_P_384) + if (group_id != OSSL_TLS_GROUP_ID_secp384r1) return 0; } else { /* Should never happen */ @@ -931,9 +974,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md) size_t i; /* Check to see we have necessary signing algorithm */ - if (group_id == TLSEXT_curve_P_256) + if (group_id == OSSL_TLS_GROUP_ID_secp256r1) check_md = NID_ecdsa_with_SHA256; - else if (group_id == TLSEXT_curve_P_384) + else if (group_id == OSSL_TLS_GROUP_ID_secp384r1) check_md = NID_ecdsa_with_SHA384; else return 0; /* Should never happen */ @@ -966,9 +1009,9 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) * curves permitted. */ if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) - return tls1_check_group_id(s, TLSEXT_curve_P_256, 1); + return tls1_check_group_id(s, OSSL_TLS_GROUP_ID_secp256r1, 1); if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) - return tls1_check_group_id(s, TLSEXT_curve_P_384, 1); + return tls1_check_group_id(s, OSSL_TLS_GROUP_ID_secp384r1, 1); return 0; } @@ -980,6 +1023,9 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_ecdsa_secp521r1_sha512, TLSEXT_SIGALG_ed25519, TLSEXT_SIGALG_ed448, + TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, + TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, + TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, TLSEXT_SIGALG_rsa_pss_pss_sha256, TLSEXT_SIGALG_rsa_pss_pss_sha384, @@ -1042,6 +1088,15 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {NULL, TLSEXT_SIGALG_ecdsa_sha1, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, NID_ecdsa_with_SHA1, NID_undef, 1}, + {"ecdsa_brainpoolP256r1_sha256", TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA256, NID_brainpoolP256r1, 1}, + {"ecdsa_brainpoolP384r1_sha384", TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA384, NID_brainpoolP384r1, 1}, + {"ecdsa_brainpoolP512r1_sha512", TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA512, NID_brainpoolP512r1, 1}, {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, NID_undef, NID_undef, 1}, diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 405b1e6864..3ae97ac822 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -584,6 +584,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, + {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, "ecdsa_brainpoolP256r1_sha256"}, + {TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, "ecdsa_brainpoolP384r1_sha384"}, + {TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, "ecdsa_brainpoolP512r1_sha512"}, }; static const ssl_trace_tbl ssl_ctype_tbl[] = { diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 79dcd4c8f4..853deff1d4 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1728,7 +1728,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1754,7 +1754,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedResult = ServerFail +ExpectedResult = Success # =========================================================== diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 30cde592c6..26c7318974 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -909,7 +909,7 @@ my @tests_tls_1_3_non_fips = ( #We only configured brainpoolP256r1 on the client side, but TLSv1.3 #is enabled and this group is not allowed in TLSv1.3. Therefore this #should fail - "ExpectedResult" => "ClientFail" + "ExpectedResult" => "ServerFail" }, }, { @@ -924,7 +924,7 @@ my @tests_tls_1_3_non_fips = ( "MaxProtocol" => "TLSv1.3" }, test => { - "ExpectedResult" => "ServerFail" + "ExpectedResult" => "Success" }, }, ); -- 2.34.1