# Generated with generate_ssl_tests.pl
-num_tests = 36
+num_tests = 40
test-0 = 0-server-auth-flex
test-1 = 1-client-auth-flex-request
test-2 = 2-client-auth-flex-require-fail
test-3 = 3-client-auth-flex-require
-test-4 = 4-client-auth-flex-require-non-empty-names
-test-5 = 5-client-auth-flex-noroot
-test-6 = 6-server-auth-TLSv1
-test-7 = 7-client-auth-TLSv1-request
-test-8 = 8-client-auth-TLSv1-require-fail
-test-9 = 9-client-auth-TLSv1-require
-test-10 = 10-client-auth-TLSv1-require-non-empty-names
-test-11 = 11-client-auth-TLSv1-noroot
-test-12 = 12-server-auth-TLSv1.1
-test-13 = 13-client-auth-TLSv1.1-request
-test-14 = 14-client-auth-TLSv1.1-require-fail
-test-15 = 15-client-auth-TLSv1.1-require
-test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
-test-17 = 17-client-auth-TLSv1.1-noroot
-test-18 = 18-server-auth-TLSv1.2
-test-19 = 19-client-auth-TLSv1.2-request
-test-20 = 20-client-auth-TLSv1.2-require-fail
-test-21 = 21-client-auth-TLSv1.2-require
-test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
-test-23 = 23-client-auth-TLSv1.2-noroot
-test-24 = 24-server-auth-DTLSv1
-test-25 = 25-client-auth-DTLSv1-request
-test-26 = 26-client-auth-DTLSv1-require-fail
-test-27 = 27-client-auth-DTLSv1-require
-test-28 = 28-client-auth-DTLSv1-require-non-empty-names
-test-29 = 29-client-auth-DTLSv1-noroot
-test-30 = 30-server-auth-DTLSv1.2
-test-31 = 31-client-auth-DTLSv1.2-request
-test-32 = 32-client-auth-DTLSv1.2-require-fail
-test-33 = 33-client-auth-DTLSv1.2-require
-test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
-test-35 = 35-client-auth-DTLSv1.2-noroot
+test-4 = 4-client-auth-flex-rsa-pss
+test-5 = 5-client-auth-flex-rsa-pss-bad
+test-6 = 6-client-auth-flex-require-non-empty-names
+test-7 = 7-client-auth-flex-noroot
+test-8 = 8-server-auth-TLSv1
+test-9 = 9-client-auth-TLSv1-request
+test-10 = 10-client-auth-TLSv1-require-fail
+test-11 = 11-client-auth-TLSv1-require
+test-12 = 12-client-auth-TLSv1-require-non-empty-names
+test-13 = 13-client-auth-TLSv1-noroot
+test-14 = 14-server-auth-TLSv1.1
+test-15 = 15-client-auth-TLSv1.1-request
+test-16 = 16-client-auth-TLSv1.1-require-fail
+test-17 = 17-client-auth-TLSv1.1-require
+test-18 = 18-client-auth-TLSv1.1-require-non-empty-names
+test-19 = 19-client-auth-TLSv1.1-noroot
+test-20 = 20-server-auth-TLSv1.2
+test-21 = 21-client-auth-TLSv1.2-request
+test-22 = 22-client-auth-TLSv1.2-require-fail
+test-23 = 23-client-auth-TLSv1.2-require
+test-24 = 24-client-auth-TLSv1.2-rsa-pss
+test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad
+test-26 = 26-client-auth-TLSv1.2-require-non-empty-names
+test-27 = 27-client-auth-TLSv1.2-noroot
+test-28 = 28-server-auth-DTLSv1
+test-29 = 29-client-auth-DTLSv1-request
+test-30 = 30-client-auth-DTLSv1-require-fail
+test-31 = 31-client-auth-DTLSv1-require
+test-32 = 32-client-auth-DTLSv1-require-non-empty-names
+test-33 = 33-client-auth-DTLSv1-noroot
+test-34 = 34-server-auth-DTLSv1.2
+test-35 = 35-client-auth-DTLSv1.2-request
+test-36 = 36-client-auth-DTLSv1.2-require-fail
+test-37 = 37-client-auth-DTLSv1.2-require
+test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names
+test-39 = 39-client-auth-DTLSv1.2-noroot
# ===========================================================
[0-server-auth-flex]
# ===========================================================
-[4-client-auth-flex-require-non-empty-names]
-ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
+[4-client-auth-flex-rsa-pss]
+ssl_conf = 4-client-auth-flex-rsa-pss-ssl
-[4-client-auth-flex-require-non-empty-names-ssl]
-server = 4-client-auth-flex-require-non-empty-names-server
-client = 4-client-auth-flex-require-non-empty-names-client
+[4-client-auth-flex-rsa-pss-ssl]
+server = 4-client-auth-flex-rsa-pss-server
+client = 4-client-auth-flex-rsa-pss-client
-[4-client-auth-flex-require-non-empty-names-server]
+[4-client-auth-flex-rsa-pss-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Require
+
+[4-client-auth-flex-rsa-pss-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+Options = StrictCertCheck
+PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ExpectedClientCertType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-client-auth-flex-rsa-pss-bad]
+ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl
+
+[5-client-auth-flex-rsa-pss-bad-ssl]
+server = 5-client-auth-flex-rsa-pss-bad-server
+client = 5-client-auth-flex-rsa-pss-bad-client
+
+[5-client-auth-flex-rsa-pss-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
+VerifyMode = Require
+
+[5-client-auth-flex-rsa-pss-bad-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+Options = StrictCertCheck
+PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ServerFail
+ExpectedServerAlert = CertificateRequired
+
+
+# ===========================================================
+
+[6-client-auth-flex-require-non-empty-names]
+ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl
+
+[6-client-auth-flex-require-non-empty-names-ssl]
+server = 6-client-auth-flex-require-non-empty-names-server
+client = 6-client-auth-flex-require-non-empty-names-client
+
+[6-client-auth-flex-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[4-client-auth-flex-require-non-empty-names-client]
+[6-client-auth-flex-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-4]
+[test-6]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[5-client-auth-flex-noroot]
-ssl_conf = 5-client-auth-flex-noroot-ssl
+[7-client-auth-flex-noroot]
+ssl_conf = 7-client-auth-flex-noroot-ssl
-[5-client-auth-flex-noroot-ssl]
-server = 5-client-auth-flex-noroot-server
-client = 5-client-auth-flex-noroot-client
+[7-client-auth-flex-noroot-ssl]
+server = 7-client-auth-flex-noroot-server
+client = 7-client-auth-flex-noroot-client
-[5-client-auth-flex-noroot-server]
+[7-client-auth-flex-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[5-client-auth-flex-noroot-client]
+[7-client-auth-flex-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-5]
+[test-7]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
# ===========================================================
-[6-server-auth-TLSv1]
-ssl_conf = 6-server-auth-TLSv1-ssl
+[8-server-auth-TLSv1]
+ssl_conf = 8-server-auth-TLSv1-ssl
-[6-server-auth-TLSv1-ssl]
-server = 6-server-auth-TLSv1-server
-client = 6-server-auth-TLSv1-client
+[8-server-auth-TLSv1-ssl]
+server = 8-server-auth-TLSv1-server
+client = 8-server-auth-TLSv1-client
-[6-server-auth-TLSv1-server]
+[8-server-auth-TLSv1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[6-server-auth-TLSv1-client]
+[8-server-auth-TLSv1-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-6]
+[test-8]
ExpectedResult = Success
# ===========================================================
-[7-client-auth-TLSv1-request]
-ssl_conf = 7-client-auth-TLSv1-request-ssl
+[9-client-auth-TLSv1-request]
+ssl_conf = 9-client-auth-TLSv1-request-ssl
-[7-client-auth-TLSv1-request-ssl]
-server = 7-client-auth-TLSv1-request-server
-client = 7-client-auth-TLSv1-request-client
+[9-client-auth-TLSv1-request-ssl]
+server = 9-client-auth-TLSv1-request-server
+client = 9-client-auth-TLSv1-request-client
-[7-client-auth-TLSv1-request-server]
+[9-client-auth-TLSv1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
-[7-client-auth-TLSv1-request-client]
+[9-client-auth-TLSv1-request-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-7]
+[test-9]
ExpectedResult = Success
# ===========================================================
-[8-client-auth-TLSv1-require-fail]
-ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
+[10-client-auth-TLSv1-require-fail]
+ssl_conf = 10-client-auth-TLSv1-require-fail-ssl
-[8-client-auth-TLSv1-require-fail-ssl]
-server = 8-client-auth-TLSv1-require-fail-server
-client = 8-client-auth-TLSv1-require-fail-client
+[10-client-auth-TLSv1-require-fail-ssl]
+server = 10-client-auth-TLSv1-require-fail-server
+client = 10-client-auth-TLSv1-require-fail-client
-[8-client-auth-TLSv1-require-fail-server]
+[10-client-auth-TLSv1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[8-client-auth-TLSv1-require-fail-client]
+[10-client-auth-TLSv1-require-fail-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-8]
+[test-10]
ExpectedResult = ServerFail
ExpectedServerAlert = HandshakeFailure
# ===========================================================
-[9-client-auth-TLSv1-require]
-ssl_conf = 9-client-auth-TLSv1-require-ssl
+[11-client-auth-TLSv1-require]
+ssl_conf = 11-client-auth-TLSv1-require-ssl
-[9-client-auth-TLSv1-require-ssl]
-server = 9-client-auth-TLSv1-require-server
-client = 9-client-auth-TLSv1-require-client
+[11-client-auth-TLSv1-require-ssl]
+server = 11-client-auth-TLSv1-require-server
+client = 11-client-auth-TLSv1-require-client
-[9-client-auth-TLSv1-require-server]
+[11-client-auth-TLSv1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[9-client-auth-TLSv1-require-client]
+[11-client-auth-TLSv1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-9]
+[test-11]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[10-client-auth-TLSv1-require-non-empty-names]
-ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
+[12-client-auth-TLSv1-require-non-empty-names]
+ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl
-[10-client-auth-TLSv1-require-non-empty-names-ssl]
-server = 10-client-auth-TLSv1-require-non-empty-names-server
-client = 10-client-auth-TLSv1-require-non-empty-names-client
+[12-client-auth-TLSv1-require-non-empty-names-ssl]
+server = 12-client-auth-TLSv1-require-non-empty-names-server
+client = 12-client-auth-TLSv1-require-non-empty-names-client
-[10-client-auth-TLSv1-require-non-empty-names-server]
+[12-client-auth-TLSv1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[10-client-auth-TLSv1-require-non-empty-names-client]
+[12-client-auth-TLSv1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-10]
+[test-12]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[11-client-auth-TLSv1-noroot]
-ssl_conf = 11-client-auth-TLSv1-noroot-ssl
+[13-client-auth-TLSv1-noroot]
+ssl_conf = 13-client-auth-TLSv1-noroot-ssl
-[11-client-auth-TLSv1-noroot-ssl]
-server = 11-client-auth-TLSv1-noroot-server
-client = 11-client-auth-TLSv1-noroot-client
+[13-client-auth-TLSv1-noroot-ssl]
+server = 13-client-auth-TLSv1-noroot-server
+client = 13-client-auth-TLSv1-noroot-client
-[11-client-auth-TLSv1-noroot-server]
+[13-client-auth-TLSv1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[11-client-auth-TLSv1-noroot-client]
+[13-client-auth-TLSv1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-11]
+[test-13]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
# ===========================================================
-[12-server-auth-TLSv1.1]
-ssl_conf = 12-server-auth-TLSv1.1-ssl
+[14-server-auth-TLSv1.1]
+ssl_conf = 14-server-auth-TLSv1.1-ssl
-[12-server-auth-TLSv1.1-ssl]
-server = 12-server-auth-TLSv1.1-server
-client = 12-server-auth-TLSv1.1-client
+[14-server-auth-TLSv1.1-ssl]
+server = 14-server-auth-TLSv1.1-server
+client = 14-server-auth-TLSv1.1-client
-[12-server-auth-TLSv1.1-server]
+[14-server-auth-TLSv1.1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[12-server-auth-TLSv1.1-client]
+[14-server-auth-TLSv1.1-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-12]
+[test-14]
ExpectedResult = Success
# ===========================================================
-[13-client-auth-TLSv1.1-request]
-ssl_conf = 13-client-auth-TLSv1.1-request-ssl
+[15-client-auth-TLSv1.1-request]
+ssl_conf = 15-client-auth-TLSv1.1-request-ssl
-[13-client-auth-TLSv1.1-request-ssl]
-server = 13-client-auth-TLSv1.1-request-server
-client = 13-client-auth-TLSv1.1-request-client
+[15-client-auth-TLSv1.1-request-ssl]
+server = 15-client-auth-TLSv1.1-request-server
+client = 15-client-auth-TLSv1.1-request-client
-[13-client-auth-TLSv1.1-request-server]
+[15-client-auth-TLSv1.1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
-[13-client-auth-TLSv1.1-request-client]
+[15-client-auth-TLSv1.1-request-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-13]
+[test-15]
ExpectedResult = Success
# ===========================================================
-[14-client-auth-TLSv1.1-require-fail]
-ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
+[16-client-auth-TLSv1.1-require-fail]
+ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl
-[14-client-auth-TLSv1.1-require-fail-ssl]
-server = 14-client-auth-TLSv1.1-require-fail-server
-client = 14-client-auth-TLSv1.1-require-fail-client
+[16-client-auth-TLSv1.1-require-fail-ssl]
+server = 16-client-auth-TLSv1.1-require-fail-server
+client = 16-client-auth-TLSv1.1-require-fail-client
-[14-client-auth-TLSv1.1-require-fail-server]
+[16-client-auth-TLSv1.1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[14-client-auth-TLSv1.1-require-fail-client]
+[16-client-auth-TLSv1.1-require-fail-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-14]
+[test-16]
ExpectedResult = ServerFail
ExpectedServerAlert = HandshakeFailure
# ===========================================================
-[15-client-auth-TLSv1.1-require]
-ssl_conf = 15-client-auth-TLSv1.1-require-ssl
+[17-client-auth-TLSv1.1-require]
+ssl_conf = 17-client-auth-TLSv1.1-require-ssl
-[15-client-auth-TLSv1.1-require-ssl]
-server = 15-client-auth-TLSv1.1-require-server
-client = 15-client-auth-TLSv1.1-require-client
+[17-client-auth-TLSv1.1-require-ssl]
+server = 17-client-auth-TLSv1.1-require-server
+client = 17-client-auth-TLSv1.1-require-client
-[15-client-auth-TLSv1.1-require-server]
+[17-client-auth-TLSv1.1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[15-client-auth-TLSv1.1-require-client]
+[17-client-auth-TLSv1.1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-15]
+[test-17]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[16-client-auth-TLSv1.1-require-non-empty-names]
-ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
+[18-client-auth-TLSv1.1-require-non-empty-names]
+ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl
-[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
-server = 16-client-auth-TLSv1.1-require-non-empty-names-server
-client = 16-client-auth-TLSv1.1-require-non-empty-names-client
+[18-client-auth-TLSv1.1-require-non-empty-names-ssl]
+server = 18-client-auth-TLSv1.1-require-non-empty-names-server
+client = 18-client-auth-TLSv1.1-require-non-empty-names-client
-[16-client-auth-TLSv1.1-require-non-empty-names-server]
+[18-client-auth-TLSv1.1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[16-client-auth-TLSv1.1-require-non-empty-names-client]
+[18-client-auth-TLSv1.1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-16]
+[test-18]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[17-client-auth-TLSv1.1-noroot]
-ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
+[19-client-auth-TLSv1.1-noroot]
+ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl
-[17-client-auth-TLSv1.1-noroot-ssl]
-server = 17-client-auth-TLSv1.1-noroot-server
-client = 17-client-auth-TLSv1.1-noroot-client
+[19-client-auth-TLSv1.1-noroot-ssl]
+server = 19-client-auth-TLSv1.1-noroot-server
+client = 19-client-auth-TLSv1.1-noroot-client
-[17-client-auth-TLSv1.1-noroot-server]
+[19-client-auth-TLSv1.1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[17-client-auth-TLSv1.1-noroot-client]
+[19-client-auth-TLSv1.1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-17]
+[test-19]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
# ===========================================================
-[18-server-auth-TLSv1.2]
-ssl_conf = 18-server-auth-TLSv1.2-ssl
+[20-server-auth-TLSv1.2]
+ssl_conf = 20-server-auth-TLSv1.2-ssl
-[18-server-auth-TLSv1.2-ssl]
-server = 18-server-auth-TLSv1.2-server
-client = 18-server-auth-TLSv1.2-client
+[20-server-auth-TLSv1.2-ssl]
+server = 20-server-auth-TLSv1.2-server
+client = 20-server-auth-TLSv1.2-client
-[18-server-auth-TLSv1.2-server]
+[20-server-auth-TLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-server-auth-TLSv1.2-client]
+[20-server-auth-TLSv1.2-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-18]
+[test-20]
ExpectedResult = Success
# ===========================================================
-[19-client-auth-TLSv1.2-request]
-ssl_conf = 19-client-auth-TLSv1.2-request-ssl
+[21-client-auth-TLSv1.2-request]
+ssl_conf = 21-client-auth-TLSv1.2-request-ssl
-[19-client-auth-TLSv1.2-request-ssl]
-server = 19-client-auth-TLSv1.2-request-server
-client = 19-client-auth-TLSv1.2-request-client
+[21-client-auth-TLSv1.2-request-ssl]
+server = 21-client-auth-TLSv1.2-request-server
+client = 21-client-auth-TLSv1.2-request-client
-[19-client-auth-TLSv1.2-request-server]
+[21-client-auth-TLSv1.2-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
-[19-client-auth-TLSv1.2-request-client]
+[21-client-auth-TLSv1.2-request-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-19]
+[test-21]
ExpectedResult = Success
# ===========================================================
-[20-client-auth-TLSv1.2-require-fail]
-ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
+[22-client-auth-TLSv1.2-require-fail]
+ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl
-[20-client-auth-TLSv1.2-require-fail-ssl]
-server = 20-client-auth-TLSv1.2-require-fail-server
-client = 20-client-auth-TLSv1.2-require-fail-client
+[22-client-auth-TLSv1.2-require-fail-ssl]
+server = 22-client-auth-TLSv1.2-require-fail-server
+client = 22-client-auth-TLSv1.2-require-fail-client
-[20-client-auth-TLSv1.2-require-fail-server]
+[22-client-auth-TLSv1.2-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[20-client-auth-TLSv1.2-require-fail-client]
+[22-client-auth-TLSv1.2-require-fail-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-20]
+[test-22]
ExpectedResult = ServerFail
ExpectedServerAlert = HandshakeFailure
# ===========================================================
-[21-client-auth-TLSv1.2-require]
-ssl_conf = 21-client-auth-TLSv1.2-require-ssl
+[23-client-auth-TLSv1.2-require]
+ssl_conf = 23-client-auth-TLSv1.2-require-ssl
-[21-client-auth-TLSv1.2-require-ssl]
-server = 21-client-auth-TLSv1.2-require-server
-client = 21-client-auth-TLSv1.2-require-client
+[23-client-auth-TLSv1.2-require-ssl]
+server = 23-client-auth-TLSv1.2-require-server
+client = 23-client-auth-TLSv1.2-require-client
-[21-client-auth-TLSv1.2-require-server]
+[23-client-auth-TLSv1.2-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientSignatureAlgorithms = SHA256+RSA
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[21-client-auth-TLSv1.2-require-client]
+[23-client-auth-TLSv1.2-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-21]
+[test-23]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256
# ===========================================================
-[22-client-auth-TLSv1.2-require-non-empty-names]
-ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
+[24-client-auth-TLSv1.2-rsa-pss]
+ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl
+
+[24-client-auth-TLSv1.2-rsa-pss-ssl]
+server = 24-client-auth-TLSv1.2-rsa-pss-server
+client = 24-client-auth-TLSv1.2-rsa-pss-client
+
+[24-client-auth-TLSv1.2-rsa-pss-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Require
+
+[24-client-auth-TLSv1.2-rsa-pss-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = StrictCertCheck
+PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+ExpectedClientCertType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[25-client-auth-TLSv1.2-rsa-pss-bad]
+ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl
+
+[25-client-auth-TLSv1.2-rsa-pss-bad-ssl]
+server = 25-client-auth-TLSv1.2-rsa-pss-bad-server
+client = 25-client-auth-TLSv1.2-rsa-pss-bad-client
+
+[25-client-auth-TLSv1.2-rsa-pss-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
+VerifyMode = Require
+
+[25-client-auth-TLSv1.2-rsa-pss-bad-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
+CipherString = DEFAULT:@SECLEVEL=0
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = StrictCertCheck
+PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[26-client-auth-TLSv1.2-require-non-empty-names]
+ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl
-[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
-server = 22-client-auth-TLSv1.2-require-non-empty-names-server
-client = 22-client-auth-TLSv1.2-require-non-empty-names-client
+[26-client-auth-TLSv1.2-require-non-empty-names-ssl]
+server = 26-client-auth-TLSv1.2-require-non-empty-names-server
+client = 26-client-auth-TLSv1.2-require-non-empty-names-client
-[22-client-auth-TLSv1.2-require-non-empty-names-server]
+[26-client-auth-TLSv1.2-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[22-client-auth-TLSv1.2-require-non-empty-names-client]
+[26-client-auth-TLSv1.2-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-22]
+[test-26]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256
# ===========================================================
-[23-client-auth-TLSv1.2-noroot]
-ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
+[27-client-auth-TLSv1.2-noroot]
+ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl
-[23-client-auth-TLSv1.2-noroot-ssl]
-server = 23-client-auth-TLSv1.2-noroot-server
-client = 23-client-auth-TLSv1.2-noroot-client
+[27-client-auth-TLSv1.2-noroot-ssl]
+server = 27-client-auth-TLSv1.2-noroot-server
+client = 27-client-auth-TLSv1.2-noroot-client
-[23-client-auth-TLSv1.2-noroot-server]
+[27-client-auth-TLSv1.2-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[23-client-auth-TLSv1.2-noroot-client]
+[27-client-auth-TLSv1.2-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-23]
+[test-27]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
# ===========================================================
-[24-server-auth-DTLSv1]
-ssl_conf = 24-server-auth-DTLSv1-ssl
+[28-server-auth-DTLSv1]
+ssl_conf = 28-server-auth-DTLSv1-ssl
-[24-server-auth-DTLSv1-ssl]
-server = 24-server-auth-DTLSv1-server
-client = 24-server-auth-DTLSv1-client
+[28-server-auth-DTLSv1-ssl]
+server = 28-server-auth-DTLSv1-server
+client = 28-server-auth-DTLSv1-client
-[24-server-auth-DTLSv1-server]
+[28-server-auth-DTLSv1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-server-auth-DTLSv1-client]
+[28-server-auth-DTLSv1-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-24]
+[test-28]
ExpectedResult = Success
Method = DTLS
# ===========================================================
-[25-client-auth-DTLSv1-request]
-ssl_conf = 25-client-auth-DTLSv1-request-ssl
+[29-client-auth-DTLSv1-request]
+ssl_conf = 29-client-auth-DTLSv1-request-ssl
-[25-client-auth-DTLSv1-request-ssl]
-server = 25-client-auth-DTLSv1-request-server
-client = 25-client-auth-DTLSv1-request-client
+[29-client-auth-DTLSv1-request-ssl]
+server = 29-client-auth-DTLSv1-request-server
+client = 29-client-auth-DTLSv1-request-client
-[25-client-auth-DTLSv1-request-server]
+[29-client-auth-DTLSv1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
-[25-client-auth-DTLSv1-request-client]
+[29-client-auth-DTLSv1-request-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-25]
+[test-29]
ExpectedResult = Success
Method = DTLS
# ===========================================================
-[26-client-auth-DTLSv1-require-fail]
-ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
+[30-client-auth-DTLSv1-require-fail]
+ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl
-[26-client-auth-DTLSv1-require-fail-ssl]
-server = 26-client-auth-DTLSv1-require-fail-server
-client = 26-client-auth-DTLSv1-require-fail-client
+[30-client-auth-DTLSv1-require-fail-ssl]
+server = 30-client-auth-DTLSv1-require-fail-server
+client = 30-client-auth-DTLSv1-require-fail-client
-[26-client-auth-DTLSv1-require-fail-server]
+[30-client-auth-DTLSv1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[26-client-auth-DTLSv1-require-fail-client]
+[30-client-auth-DTLSv1-require-fail-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-26]
+[test-30]
ExpectedResult = ServerFail
ExpectedServerAlert = HandshakeFailure
Method = DTLS
# ===========================================================
-[27-client-auth-DTLSv1-require]
-ssl_conf = 27-client-auth-DTLSv1-require-ssl
+[31-client-auth-DTLSv1-require]
+ssl_conf = 31-client-auth-DTLSv1-require-ssl
-[27-client-auth-DTLSv1-require-ssl]
-server = 27-client-auth-DTLSv1-require-server
-client = 27-client-auth-DTLSv1-require-client
+[31-client-auth-DTLSv1-require-ssl]
+server = 31-client-auth-DTLSv1-require-server
+client = 31-client-auth-DTLSv1-require-client
-[27-client-auth-DTLSv1-require-server]
+[31-client-auth-DTLSv1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[27-client-auth-DTLSv1-require-client]
+[31-client-auth-DTLSv1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-27]
+[test-31]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[28-client-auth-DTLSv1-require-non-empty-names]
-ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
+[32-client-auth-DTLSv1-require-non-empty-names]
+ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl
-[28-client-auth-DTLSv1-require-non-empty-names-ssl]
-server = 28-client-auth-DTLSv1-require-non-empty-names-server
-client = 28-client-auth-DTLSv1-require-non-empty-names-client
+[32-client-auth-DTLSv1-require-non-empty-names-ssl]
+server = 32-client-auth-DTLSv1-require-non-empty-names-server
+client = 32-client-auth-DTLSv1-require-non-empty-names-client
-[28-client-auth-DTLSv1-require-non-empty-names-server]
+[32-client-auth-DTLSv1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[28-client-auth-DTLSv1-require-non-empty-names-client]
+[32-client-auth-DTLSv1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-28]
+[test-32]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[29-client-auth-DTLSv1-noroot]
-ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
+[33-client-auth-DTLSv1-noroot]
+ssl_conf = 33-client-auth-DTLSv1-noroot-ssl
-[29-client-auth-DTLSv1-noroot-ssl]
-server = 29-client-auth-DTLSv1-noroot-server
-client = 29-client-auth-DTLSv1-noroot-client
+[33-client-auth-DTLSv1-noroot-ssl]
+server = 33-client-auth-DTLSv1-noroot-server
+client = 33-client-auth-DTLSv1-noroot-client
-[29-client-auth-DTLSv1-noroot-server]
+[33-client-auth-DTLSv1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[29-client-auth-DTLSv1-noroot-client]
+[33-client-auth-DTLSv1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-29]
+[test-33]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
Method = DTLS
# ===========================================================
-[30-server-auth-DTLSv1.2]
-ssl_conf = 30-server-auth-DTLSv1.2-ssl
+[34-server-auth-DTLSv1.2]
+ssl_conf = 34-server-auth-DTLSv1.2-ssl
-[30-server-auth-DTLSv1.2-ssl]
-server = 30-server-auth-DTLSv1.2-server
-client = 30-server-auth-DTLSv1.2-client
+[34-server-auth-DTLSv1.2-ssl]
+server = 34-server-auth-DTLSv1.2-server
+client = 34-server-auth-DTLSv1.2-client
-[30-server-auth-DTLSv1.2-server]
+[34-server-auth-DTLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-server-auth-DTLSv1.2-client]
+[34-server-auth-DTLSv1.2-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-30]
+[test-34]
ExpectedResult = Success
Method = DTLS
# ===========================================================
-[31-client-auth-DTLSv1.2-request]
-ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
+[35-client-auth-DTLSv1.2-request]
+ssl_conf = 35-client-auth-DTLSv1.2-request-ssl
-[31-client-auth-DTLSv1.2-request-ssl]
-server = 31-client-auth-DTLSv1.2-request-server
-client = 31-client-auth-DTLSv1.2-request-client
+[35-client-auth-DTLSv1.2-request-ssl]
+server = 35-client-auth-DTLSv1.2-request-server
+client = 35-client-auth-DTLSv1.2-request-client
-[31-client-auth-DTLSv1.2-request-server]
+[35-client-auth-DTLSv1.2-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
-[31-client-auth-DTLSv1.2-request-client]
+[35-client-auth-DTLSv1.2-request-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-31]
+[test-35]
ExpectedResult = Success
Method = DTLS
# ===========================================================
-[32-client-auth-DTLSv1.2-require-fail]
-ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
+[36-client-auth-DTLSv1.2-require-fail]
+ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl
-[32-client-auth-DTLSv1.2-require-fail-ssl]
-server = 32-client-auth-DTLSv1.2-require-fail-server
-client = 32-client-auth-DTLSv1.2-require-fail-client
+[36-client-auth-DTLSv1.2-require-fail-ssl]
+server = 36-client-auth-DTLSv1.2-require-fail-server
+client = 36-client-auth-DTLSv1.2-require-fail-client
-[32-client-auth-DTLSv1.2-require-fail-server]
+[36-client-auth-DTLSv1.2-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[32-client-auth-DTLSv1.2-require-fail-client]
+[36-client-auth-DTLSv1.2-require-fail-client]
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-32]
+[test-36]
ExpectedResult = ServerFail
ExpectedServerAlert = HandshakeFailure
Method = DTLS
# ===========================================================
-[33-client-auth-DTLSv1.2-require]
-ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
+[37-client-auth-DTLSv1.2-require]
+ssl_conf = 37-client-auth-DTLSv1.2-require-ssl
-[33-client-auth-DTLSv1.2-require-ssl]
-server = 33-client-auth-DTLSv1.2-require-server
-client = 33-client-auth-DTLSv1.2-require-client
+[37-client-auth-DTLSv1.2-require-ssl]
+server = 37-client-auth-DTLSv1.2-require-server
+client = 37-client-auth-DTLSv1.2-require-client
-[33-client-auth-DTLSv1.2-require-server]
+[37-client-auth-DTLSv1.2-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[33-client-auth-DTLSv1.2-require-client]
+[37-client-auth-DTLSv1.2-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-33]
+[test-37]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[34-client-auth-DTLSv1.2-require-non-empty-names]
-ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
+[38-client-auth-DTLSv1.2-require-non-empty-names]
+ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl
-[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
-server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
-client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
+[38-client-auth-DTLSv1.2-require-non-empty-names-ssl]
+server = 38-client-auth-DTLSv1.2-require-non-empty-names-server
+client = 38-client-auth-DTLSv1.2-require-non-empty-names-client
-[34-client-auth-DTLSv1.2-require-non-empty-names-server]
+[38-client-auth-DTLSv1.2-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[34-client-auth-DTLSv1.2-require-non-empty-names-client]
+[38-client-auth-DTLSv1.2-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-34]
+[test-38]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedResult = Success
# ===========================================================
-[35-client-auth-DTLSv1.2-noroot]
-ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
+[39-client-auth-DTLSv1.2-noroot]
+ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl
-[35-client-auth-DTLSv1.2-noroot-ssl]
-server = 35-client-auth-DTLSv1.2-noroot-server
-client = 35-client-auth-DTLSv1.2-noroot-client
+[39-client-auth-DTLSv1.2-noroot-ssl]
+server = 39-client-auth-DTLSv1.2-noroot-server
+client = 39-client-auth-DTLSv1.2-noroot-client
-[35-client-auth-DTLSv1.2-noroot-server]
+[39-client-auth-DTLSv1.2-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
-[35-client-auth-DTLSv1.2-noroot-client]
+[39-client-auth-DTLSv1.2-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-35]
+[test-39]
ExpectedResult = ServerFail
ExpectedServerAlert = UnknownCA
Method = DTLS
projects / openssl.git / commitdiff