From 29b0cab0174e1c1d02e549c0aaa2b08ab3051bd2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 17 Jun 2017 17:15:11 +0100 Subject: [PATCH] Update test config file Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3585) --- test/ssl-tests/20-cert-select.conf | 299 ++++++++++++++++++----------- 1 file changed, 190 insertions(+), 109 deletions(-) diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index f84d9b1b37..f34a6de3db 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,20 +1,22 @@ # Generated with generate_ssl_tests.pl -num_tests = 13 +num_tests = 15 test-0 = 0-ECDSA CipherString Selection -test-1 = 1-RSA CipherString Selection -test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate -test-3 = 3-ECDSA Signature Algorithm Selection -test-4 = 4-ECDSA Signature Algorithm Selection SHA384 -test-5 = 5-ECDSA Signature Algorithm Selection SHA1 -test-6 = 6-ECDSA Signature Algorithm Selection compressed point -test-7 = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-8 = 8-RSA Signature Algorithm Selection -test-9 = 9-RSA-PSS Signature Algorithm Selection -test-10 = 10-Suite B P-256 Hash Algorithm Selection -test-11 = 11-Suite B P-384 Hash Algorithm Selection -test-12 = 12-TLS 1.2 DSA Certificate Test +test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection +test-2 = 2-RSA CipherString Selection +test-3 = 3-ECDSA CipherString Selection, no ECDSA certificate +test-4 = 4-ECDSA Signature Algorithm Selection +test-5 = 5-ECDSA Signature Algorithm Selection SHA384 +test-6 = 6-ECDSA Signature Algorithm Selection SHA1 +test-7 = 7-ECDSA Signature Algorithm Selection compressed point +test-8 = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-9 = 9-RSA Signature Algorithm Selection +test-10 = 10-RSA-PSS Signature Algorithm Selection +test-11 = 11-Suite B P-256 Hash Algorithm Selection +test-12 = 12-Suite B P-384 Hash Algorithm Selection +test-13 = 13-TLS 1.2 Ed25519 Client Auth +test-14 = 14-TLS 1.2 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -29,6 +31,8 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -48,82 +52,120 @@ ExpectedServerSignType = EC # =========================================================== -[1-RSA CipherString Selection] -ssl_conf = 1-RSA CipherString Selection-ssl +[1-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 1-Ed25519 CipherString and Signature Algorithm Selection-ssl -[1-RSA CipherString Selection-ssl] -server = 1-RSA CipherString Selection-server -client = 1-RSA CipherString Selection-client +[1-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 1-Ed25519 CipherString and Signature Algorithm Selection-server +client = 1-Ed25519 CipherString and Signature Algorithm Selection-client -[1-RSA CipherString Selection-server] +[1-Ed25519 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-RSA CipherString Selection-client] -CipherString = aRSA +[1-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[2-RSA CipherString Selection] +ssl_conf = 2-RSA CipherString Selection-ssl + +[2-RSA CipherString Selection-ssl] +server = 2-RSA CipherString Selection-server +client = 2-RSA CipherString Selection-client + +[2-RSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-RSA CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignType = RSA-PSS # =========================================================== -[2-ECDSA CipherString Selection, no ECDSA certificate] -ssl_conf = 2-ECDSA CipherString Selection, no ECDSA certificate-ssl +[3-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 3-ECDSA CipherString Selection, no ECDSA certificate-ssl -[2-ECDSA CipherString Selection, no ECDSA certificate-ssl] -server = 2-ECDSA CipherString Selection, no ECDSA certificate-server -client = 2-ECDSA CipherString Selection, no ECDSA certificate-client +[3-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 3-ECDSA CipherString Selection, no ECDSA certificate-server +client = 3-ECDSA CipherString Selection, no ECDSA certificate-client -[2-ECDSA CipherString Selection, no ECDSA certificate-server] +[3-ECDSA CipherString Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-ECDSA CipherString Selection, no ECDSA certificate-client] +[3-ECDSA CipherString Selection, no ECDSA certificate-client] CipherString = aECDSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-2] +[test-3] ExpectedResult = ServerFail # =========================================================== -[3-ECDSA Signature Algorithm Selection] -ssl_conf = 3-ECDSA Signature Algorithm Selection-ssl +[4-ECDSA Signature Algorithm Selection] +ssl_conf = 4-ECDSA Signature Algorithm Selection-ssl -[3-ECDSA Signature Algorithm Selection-ssl] -server = 3-ECDSA Signature Algorithm Selection-server -client = 3-ECDSA Signature Algorithm Selection-client +[4-ECDSA Signature Algorithm Selection-ssl] +server = 4-ECDSA Signature Algorithm Selection-server +client = 4-ECDSA Signature Algorithm Selection-client -[3-ECDSA Signature Algorithm Selection-server] +[4-ECDSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-ECDSA Signature Algorithm Selection-client] +[4-ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-3] +[test-4] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -132,28 +174,30 @@ ExpectedServerSignType = EC # =========================================================== -[4-ECDSA Signature Algorithm Selection SHA384] -ssl_conf = 4-ECDSA Signature Algorithm Selection SHA384-ssl +[5-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 5-ECDSA Signature Algorithm Selection SHA384-ssl -[4-ECDSA Signature Algorithm Selection SHA384-ssl] -server = 4-ECDSA Signature Algorithm Selection SHA384-server -client = 4-ECDSA Signature Algorithm Selection SHA384-client +[5-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 5-ECDSA Signature Algorithm Selection SHA384-server +client = 5-ECDSA Signature Algorithm Selection SHA384-client -[4-ECDSA Signature Algorithm Selection SHA384-server] +[5-ECDSA Signature Algorithm Selection SHA384-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[4-ECDSA Signature Algorithm Selection SHA384-client] +[5-ECDSA Signature Algorithm Selection SHA384-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-4] +[test-5] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA384 @@ -162,28 +206,30 @@ ExpectedServerSignType = EC # =========================================================== -[5-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 5-ECDSA Signature Algorithm Selection SHA1-ssl +[6-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 6-ECDSA Signature Algorithm Selection SHA1-ssl -[5-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 5-ECDSA Signature Algorithm Selection SHA1-server -client = 5-ECDSA Signature Algorithm Selection SHA1-client +[6-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 6-ECDSA Signature Algorithm Selection SHA1-server +client = 6-ECDSA Signature Algorithm Selection SHA1-client -[5-ECDSA Signature Algorithm Selection SHA1-server] +[6-ECDSA Signature Algorithm Selection SHA1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-ECDSA Signature Algorithm Selection SHA1-client] +[6-ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-6] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA1 @@ -192,14 +238,14 @@ ExpectedServerSignType = EC # =========================================================== -[6-ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 6-ECDSA Signature Algorithm Selection compressed point-ssl +[7-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 7-ECDSA Signature Algorithm Selection compressed point-ssl -[6-ECDSA Signature Algorithm Selection compressed point-ssl] -server = 6-ECDSA Signature Algorithm Selection compressed point-server -client = 6-ECDSA Signature Algorithm Selection compressed point-client +[7-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 7-ECDSA Signature Algorithm Selection compressed point-server +client = 7-ECDSA Signature Algorithm Selection compressed point-client -[6-ECDSA Signature Algorithm Selection compressed point-server] +[7-ECDSA Signature Algorithm Selection compressed point-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem @@ -207,13 +253,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-ECDSA Signature Algorithm Selection compressed point-client] +[7-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-7] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -222,53 +268,55 @@ ExpectedServerSignType = EC # =========================================================== -[7-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl +[8-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl -[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-client +[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client -[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-8] ExpectedResult = ServerFail # =========================================================== -[8-RSA Signature Algorithm Selection] -ssl_conf = 8-RSA Signature Algorithm Selection-ssl +[9-RSA Signature Algorithm Selection] +ssl_conf = 9-RSA Signature Algorithm Selection-ssl -[8-RSA Signature Algorithm Selection-ssl] -server = 8-RSA Signature Algorithm Selection-server -client = 8-RSA Signature Algorithm Selection-client +[9-RSA Signature Algorithm Selection-ssl] +server = 9-RSA Signature Algorithm Selection-server +client = 9-RSA Signature Algorithm Selection-client -[8-RSA Signature Algorithm Selection-server] +[9-RSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-RSA Signature Algorithm Selection-client] +[9-RSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-9] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -277,28 +325,30 @@ ExpectedServerSignType = RSA # =========================================================== -[9-RSA-PSS Signature Algorithm Selection] -ssl_conf = 9-RSA-PSS Signature Algorithm Selection-ssl +[10-RSA-PSS Signature Algorithm Selection] +ssl_conf = 10-RSA-PSS Signature Algorithm Selection-ssl -[9-RSA-PSS Signature Algorithm Selection-ssl] -server = 9-RSA-PSS Signature Algorithm Selection-server -client = 9-RSA-PSS Signature Algorithm Selection-client +[10-RSA-PSS Signature Algorithm Selection-ssl] +server = 10-RSA-PSS Signature Algorithm Selection-server +client = 10-RSA-PSS Signature Algorithm Selection-client -[9-RSA-PSS Signature Algorithm Selection-server] +[10-RSA-PSS Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-RSA-PSS Signature Algorithm Selection-client] +[10-RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-10] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -307,14 +357,14 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[10-Suite B P-256 Hash Algorithm Selection] -ssl_conf = 10-Suite B P-256 Hash Algorithm Selection-ssl +[11-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 11-Suite B P-256 Hash Algorithm Selection-ssl -[10-Suite B P-256 Hash Algorithm Selection-ssl] -server = 10-Suite B P-256 Hash Algorithm Selection-server -client = 10-Suite B P-256 Hash Algorithm Selection-client +[11-Suite B P-256 Hash Algorithm Selection-ssl] +server = 11-Suite B P-256 Hash Algorithm Selection-server +client = 11-Suite B P-256 Hash Algorithm Selection-client -[10-Suite B P-256 Hash Algorithm Selection-server] +[11-Suite B P-256 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem @@ -322,13 +372,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-Suite B P-256 Hash Algorithm Selection-client] +[11-Suite B P-256 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-10] +[test-11] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -337,14 +387,14 @@ ExpectedServerSignType = EC # =========================================================== -[11-Suite B P-384 Hash Algorithm Selection] -ssl_conf = 11-Suite B P-384 Hash Algorithm Selection-ssl +[12-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 12-Suite B P-384 Hash Algorithm Selection-ssl -[11-Suite B P-384 Hash Algorithm Selection-ssl] -server = 11-Suite B P-384 Hash Algorithm Selection-server -client = 11-Suite B P-384 Hash Algorithm Selection-client +[12-Suite B P-384 Hash Algorithm Selection-ssl] +server = 12-Suite B P-384 Hash Algorithm Selection-server +client = 12-Suite B P-384 Hash Algorithm Selection-client -[11-Suite B P-384 Hash Algorithm Selection-server] +[12-Suite B P-384 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem @@ -352,13 +402,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-Suite B P-384 Hash Algorithm Selection-client] +[12-Suite B P-384 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-11] +[test-12] ExpectedResult = Success ExpectedServerCertType = P-384 ExpectedServerSignHash = SHA384 @@ -367,14 +417,45 @@ ExpectedServerSignType = EC # =========================================================== -[12-TLS 1.2 DSA Certificate Test] -ssl_conf = 12-TLS 1.2 DSA Certificate Test-ssl +[13-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 13-TLS 1.2 Ed25519 Client Auth-ssl -[12-TLS 1.2 DSA Certificate Test-ssl] -server = 12-TLS 1.2 DSA Certificate Test-server -client = 12-TLS 1.2 DSA Certificate Test-client +[13-TLS 1.2 Ed25519 Client Auth-ssl] +server = 13-TLS 1.2 Ed25519 Client Auth-server +client = 13-TLS 1.2 Ed25519 Client Auth-client -[12-TLS 1.2 DSA Certificate Test-server] +[13-TLS 1.2 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[13-TLS 1.2 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[14-TLS 1.2 DSA Certificate Test] +ssl_conf = 14-TLS 1.2 DSA Certificate Test-ssl + +[14-TLS 1.2 DSA Certificate Test-ssl] +server = 14-TLS 1.2 DSA Certificate Test-server +client = 14-TLS 1.2 DSA Certificate Test-client + +[14-TLS 1.2 DSA Certificate Test-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ALL DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem @@ -384,13 +465,13 @@ MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-TLS 1.2 DSA Certificate Test-client] +[14-TLS 1.2 DSA Certificate Test-client] CipherString = ALL SignatureAlgorithms = DSA+SHA256:DSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-14] ExpectedResult = Success -- 2.34.1