projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Copyright year updates
[openssl.git] / test / ssl-tests / 04-client_auth.cnf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 40
4
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-rsa-pss
10 test-5 = 5-client-auth-flex-rsa-pss-bad
11 test-6 = 6-client-auth-flex-require-non-empty-names
12 test-7 = 7-client-auth-flex-noroot
13 test-8 = 8-server-auth-TLSv1
14 test-9 = 9-client-auth-TLSv1-request
15 test-10 = 10-client-auth-TLSv1-require-fail
16 test-11 = 11-client-auth-TLSv1-require
17 test-12 = 12-client-auth-TLSv1-require-non-empty-names
18 test-13 = 13-client-auth-TLSv1-noroot
19 test-14 = 14-server-auth-TLSv1.1
20 test-15 = 15-client-auth-TLSv1.1-request
21 test-16 = 16-client-auth-TLSv1.1-require-fail
22 test-17 = 17-client-auth-TLSv1.1-require
23 test-18 = 18-client-auth-TLSv1.1-require-non-empty-names
24 test-19 = 19-client-auth-TLSv1.1-noroot
25 test-20 = 20-server-auth-TLSv1.2
26 test-21 = 21-client-auth-TLSv1.2-request
27 test-22 = 22-client-auth-TLSv1.2-require-fail
28 test-23 = 23-client-auth-TLSv1.2-require
29 test-24 = 24-client-auth-TLSv1.2-rsa-pss
30 test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad
31 test-26 = 26-client-auth-TLSv1.2-require-non-empty-names
32 test-27 = 27-client-auth-TLSv1.2-noroot
33 test-28 = 28-server-auth-DTLSv1
34 test-29 = 29-client-auth-DTLSv1-request
35 test-30 = 30-client-auth-DTLSv1-require-fail
36 test-31 = 31-client-auth-DTLSv1-require
37 test-32 = 32-client-auth-DTLSv1-require-non-empty-names
38 test-33 = 33-client-auth-DTLSv1-noroot
39 test-34 = 34-server-auth-DTLSv1.2
40 test-35 = 35-client-auth-DTLSv1.2-request
41 test-36 = 36-client-auth-DTLSv1.2-require-fail
42 test-37 = 37-client-auth-DTLSv1.2-require
43 test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names
44 test-39 = 39-client-auth-DTLSv1.2-noroot
45 # ===========================================================
46
47 [0-server-auth-flex]
48 ssl_conf = 0-server-auth-flex-ssl
49
50 [0-server-auth-flex-ssl]
51 server = 0-server-auth-flex-server
52 client = 0-server-auth-flex-client
53
54 [0-server-auth-flex-server]
55 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
56 CipherString = DEFAULT:@SECLEVEL=0
57 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
58
59 [0-server-auth-flex-client]
60 CipherString = DEFAULT:@SECLEVEL=0
61 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
62 VerifyMode = Peer
63
64 [test-0]
65 ExpectedResult = Success
66
67
68 # ===========================================================
69
70 [1-client-auth-flex-request]
71 ssl_conf = 1-client-auth-flex-request-ssl
72
73 [1-client-auth-flex-request-ssl]
74 server = 1-client-auth-flex-request-server
75 client = 1-client-auth-flex-request-client
76
77 [1-client-auth-flex-request-server]
78 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
79 CipherString = DEFAULT:@SECLEVEL=0
80 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
81 VerifyMode = Request
82
83 [1-client-auth-flex-request-client]
84 CipherString = DEFAULT:@SECLEVEL=0
85 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
86 VerifyMode = Peer
87
88 [test-1]
89 ExpectedResult = Success
90
91
92 # ===========================================================
93
94 [2-client-auth-flex-require-fail]
95 ssl_conf = 2-client-auth-flex-require-fail-ssl
96
97 [2-client-auth-flex-require-fail-ssl]
98 server = 2-client-auth-flex-require-fail-server
99 client = 2-client-auth-flex-require-fail-client
100
101 [2-client-auth-flex-require-fail-server]
102 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
103 CipherString = DEFAULT:@SECLEVEL=0
104 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
105 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
106 VerifyMode = Require
107
108 [2-client-auth-flex-require-fail-client]
109 CipherString = DEFAULT:@SECLEVEL=0
110 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
111 VerifyMode = Peer
112
113 [test-2]
114 ExpectedResult = ServerFail
115 ExpectedServerAlert = CertificateRequired
116
117
118 # ===========================================================
119
120 [3-client-auth-flex-require]
121 ssl_conf = 3-client-auth-flex-require-ssl
122
123 [3-client-auth-flex-require-ssl]
124 server = 3-client-auth-flex-require-server
125 client = 3-client-auth-flex-require-client
126
127 [3-client-auth-flex-require-server]
128 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
129 CipherString = DEFAULT:@SECLEVEL=0
130 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
131 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
132 VerifyMode = Request
133
134 [3-client-auth-flex-require-client]
135 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
136 CipherString = DEFAULT:@SECLEVEL=0
137 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
138 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
139 VerifyMode = Peer
140
141 [test-3]
142 ExpectedClientCANames = empty
143 ExpectedClientCertType = RSA
144 ExpectedResult = Success
145
146
147 # ===========================================================
148
149 [4-client-auth-flex-rsa-pss]
150 ssl_conf = 4-client-auth-flex-rsa-pss-ssl
151
152 [4-client-auth-flex-rsa-pss-ssl]
153 server = 4-client-auth-flex-rsa-pss-server
154 client = 4-client-auth-flex-rsa-pss-client
155
156 [4-client-auth-flex-rsa-pss-server]
157 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
158 CipherString = DEFAULT:@SECLEVEL=0
159 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
160 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
161 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
162 VerifyMode = Require
163
164 [4-client-auth-flex-rsa-pss-client]
165 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
166 CipherString = DEFAULT:@SECLEVEL=0
167 Options = StrictCertCheck
168 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
169 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
170 VerifyMode = Peer
171
172 [test-4]
173 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
174 ExpectedClientCertType = RSA-PSS
175 ExpectedResult = Success
176
177
178 # ===========================================================
179
180 [5-client-auth-flex-rsa-pss-bad]
181 ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl
182
183 [5-client-auth-flex-rsa-pss-bad-ssl]
184 server = 5-client-auth-flex-rsa-pss-bad-server
185 client = 5-client-auth-flex-rsa-pss-bad-client
186
187 [5-client-auth-flex-rsa-pss-bad-server]
188 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
189 CipherString = DEFAULT:@SECLEVEL=0
190 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
193 VerifyMode = Require
194
195 [5-client-auth-flex-rsa-pss-bad-client]
196 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
197 CipherString = DEFAULT:@SECLEVEL=0
198 Options = StrictCertCheck
199 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201 VerifyMode = Peer
202
203 [test-5]
204 ExpectedResult = ServerFail
205 ExpectedServerAlert = CertificateRequired
206
207
208 # ===========================================================
209
210 [6-client-auth-flex-require-non-empty-names]
211 ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl
212
213 [6-client-auth-flex-require-non-empty-names-ssl]
214 server = 6-client-auth-flex-require-non-empty-names-server
215 client = 6-client-auth-flex-require-non-empty-names-client
216
217 [6-client-auth-flex-require-non-empty-names-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT:@SECLEVEL=0
220 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
221 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
222 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
223 VerifyMode = Request
224
225 [6-client-auth-flex-require-non-empty-names-client]
226 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
227 CipherString = DEFAULT:@SECLEVEL=0
228 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230 VerifyMode = Peer
231
232 [test-6]
233 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
234 ExpectedClientCertType = RSA
235 ExpectedResult = Success
236
237
238 # ===========================================================
239
240 [7-client-auth-flex-noroot]
241 ssl_conf = 7-client-auth-flex-noroot-ssl
242
243 [7-client-auth-flex-noroot-ssl]
244 server = 7-client-auth-flex-noroot-server
245 client = 7-client-auth-flex-noroot-client
246
247 [7-client-auth-flex-noroot-server]
248 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
249 CipherString = DEFAULT:@SECLEVEL=0
250 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
251 VerifyMode = Require
252
253 [7-client-auth-flex-noroot-client]
254 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
255 CipherString = DEFAULT:@SECLEVEL=0
256 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
257 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
258 VerifyMode = Peer
259
260 [test-7]
261 ExpectedResult = ServerFail
262 ExpectedServerAlert = UnknownCA
263
264
265 # ===========================================================
266
267 [8-server-auth-TLSv1]
268 ssl_conf = 8-server-auth-TLSv1-ssl
269
270 [8-server-auth-TLSv1-ssl]
271 server = 8-server-auth-TLSv1-server
272 client = 8-server-auth-TLSv1-client
273
274 [8-server-auth-TLSv1-server]
275 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
276 CipherString = DEFAULT:@SECLEVEL=0
277 MaxProtocol = TLSv1
278 MinProtocol = TLSv1
279 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
280
281 [8-server-auth-TLSv1-client]
282 CipherString = DEFAULT:@SECLEVEL=0
283 MaxProtocol = TLSv1
284 MinProtocol = TLSv1
285 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
286 VerifyMode = Peer
287
288 [test-8]
289 ExpectedResult = Success
290
291
292 # ===========================================================
293
294 [9-client-auth-TLSv1-request]
295 ssl_conf = 9-client-auth-TLSv1-request-ssl
296
297 [9-client-auth-TLSv1-request-ssl]
298 server = 9-client-auth-TLSv1-request-server
299 client = 9-client-auth-TLSv1-request-client
300
301 [9-client-auth-TLSv1-request-server]
302 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
303 CipherString = DEFAULT:@SECLEVEL=0
304 MaxProtocol = TLSv1
305 MinProtocol = TLSv1
306 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
307 VerifyMode = Request
308
309 [9-client-auth-TLSv1-request-client]
310 CipherString = DEFAULT:@SECLEVEL=0
311 MaxProtocol = TLSv1
312 MinProtocol = TLSv1
313 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
314 VerifyMode = Peer
315
316 [test-9]
317 ExpectedResult = Success
318
319
320 # ===========================================================
321
322 [10-client-auth-TLSv1-require-fail]
323 ssl_conf = 10-client-auth-TLSv1-require-fail-ssl
324
325 [10-client-auth-TLSv1-require-fail-ssl]
326 server = 10-client-auth-TLSv1-require-fail-server
327 client = 10-client-auth-TLSv1-require-fail-client
328
329 [10-client-auth-TLSv1-require-fail-server]
330 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
331 CipherString = DEFAULT:@SECLEVEL=0
332 MaxProtocol = TLSv1
333 MinProtocol = TLSv1
334 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
335 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
336 VerifyMode = Require
337
338 [10-client-auth-TLSv1-require-fail-client]
339 CipherString = DEFAULT:@SECLEVEL=0
340 MaxProtocol = TLSv1
341 MinProtocol = TLSv1
342 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
343 VerifyMode = Peer
344
345 [test-10]
346 ExpectedResult = ServerFail
347 ExpectedServerAlert = HandshakeFailure
348
349
350 # ===========================================================
351
352 [11-client-auth-TLSv1-require]
353 ssl_conf = 11-client-auth-TLSv1-require-ssl
354
355 [11-client-auth-TLSv1-require-ssl]
356 server = 11-client-auth-TLSv1-require-server
357 client = 11-client-auth-TLSv1-require-client
358
359 [11-client-auth-TLSv1-require-server]
360 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361 CipherString = DEFAULT:@SECLEVEL=0
362 MaxProtocol = TLSv1
363 MinProtocol = TLSv1
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
366 VerifyMode = Request
367
368 [11-client-auth-TLSv1-require-client]
369 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
370 CipherString = DEFAULT:@SECLEVEL=0
371 MaxProtocol = TLSv1
372 MinProtocol = TLSv1
373 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
374 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
375 VerifyMode = Peer
376
377 [test-11]
378 ExpectedClientCANames = empty
379 ExpectedClientCertType = RSA
380 ExpectedResult = Success
381
382
383 # ===========================================================
384
385 [12-client-auth-TLSv1-require-non-empty-names]
386 ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl
387
388 [12-client-auth-TLSv1-require-non-empty-names-ssl]
389 server = 12-client-auth-TLSv1-require-non-empty-names-server
390 client = 12-client-auth-TLSv1-require-non-empty-names-client
391
392 [12-client-auth-TLSv1-require-non-empty-names-server]
393 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394 CipherString = DEFAULT:@SECLEVEL=0
395 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
396 MaxProtocol = TLSv1
397 MinProtocol = TLSv1
398 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
399 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
400 VerifyMode = Request
401
402 [12-client-auth-TLSv1-require-non-empty-names-client]
403 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
404 CipherString = DEFAULT:@SECLEVEL=0
405 MaxProtocol = TLSv1
406 MinProtocol = TLSv1
407 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
408 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
409 VerifyMode = Peer
410
411 [test-12]
412 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
413 ExpectedClientCertType = RSA
414 ExpectedResult = Success
415
416
417 # ===========================================================
418
419 [13-client-auth-TLSv1-noroot]
420 ssl_conf = 13-client-auth-TLSv1-noroot-ssl
421
422 [13-client-auth-TLSv1-noroot-ssl]
423 server = 13-client-auth-TLSv1-noroot-server
424 client = 13-client-auth-TLSv1-noroot-client
425
426 [13-client-auth-TLSv1-noroot-server]
427 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
428 CipherString = DEFAULT:@SECLEVEL=0
429 MaxProtocol = TLSv1
430 MinProtocol = TLSv1
431 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
432 VerifyMode = Require
433
434 [13-client-auth-TLSv1-noroot-client]
435 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
436 CipherString = DEFAULT:@SECLEVEL=0
437 MaxProtocol = TLSv1
438 MinProtocol = TLSv1
439 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
440 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
441 VerifyMode = Peer
442
443 [test-13]
444 ExpectedResult = ServerFail
445 ExpectedServerAlert = UnknownCA
446
447
448 # ===========================================================
449
450 [14-server-auth-TLSv1.1]
451 ssl_conf = 14-server-auth-TLSv1.1-ssl
452
453 [14-server-auth-TLSv1.1-ssl]
454 server = 14-server-auth-TLSv1.1-server
455 client = 14-server-auth-TLSv1.1-client
456
457 [14-server-auth-TLSv1.1-server]
458 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
459 CipherString = DEFAULT:@SECLEVEL=0
460 MaxProtocol = TLSv1.1
461 MinProtocol = TLSv1.1
462 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
463
464 [14-server-auth-TLSv1.1-client]
465 CipherString = DEFAULT:@SECLEVEL=0
466 MaxProtocol = TLSv1.1
467 MinProtocol = TLSv1.1
468 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
469 VerifyMode = Peer
470
471 [test-14]
472 ExpectedResult = Success
473
474
475 # ===========================================================
476
477 [15-client-auth-TLSv1.1-request]
478 ssl_conf = 15-client-auth-TLSv1.1-request-ssl
479
480 [15-client-auth-TLSv1.1-request-ssl]
481 server = 15-client-auth-TLSv1.1-request-server
482 client = 15-client-auth-TLSv1.1-request-client
483
484 [15-client-auth-TLSv1.1-request-server]
485 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
486 CipherString = DEFAULT:@SECLEVEL=0
487 MaxProtocol = TLSv1.1
488 MinProtocol = TLSv1.1
489 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
490 VerifyMode = Request
491
492 [15-client-auth-TLSv1.1-request-client]
493 CipherString = DEFAULT:@SECLEVEL=0
494 MaxProtocol = TLSv1.1
495 MinProtocol = TLSv1.1
496 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
497 VerifyMode = Peer
498
499 [test-15]
500 ExpectedResult = Success
501
502
503 # ===========================================================
504
505 [16-client-auth-TLSv1.1-require-fail]
506 ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl
507
508 [16-client-auth-TLSv1.1-require-fail-ssl]
509 server = 16-client-auth-TLSv1.1-require-fail-server
510 client = 16-client-auth-TLSv1.1-require-fail-client
511
512 [16-client-auth-TLSv1.1-require-fail-server]
513 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
514 CipherString = DEFAULT:@SECLEVEL=0
515 MaxProtocol = TLSv1.1
516 MinProtocol = TLSv1.1
517 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
518 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
519 VerifyMode = Require
520
521 [16-client-auth-TLSv1.1-require-fail-client]
522 CipherString = DEFAULT:@SECLEVEL=0
523 MaxProtocol = TLSv1.1
524 MinProtocol = TLSv1.1
525 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
526 VerifyMode = Peer
527
528 [test-16]
529 ExpectedResult = ServerFail
530 ExpectedServerAlert = HandshakeFailure
531
532
533 # ===========================================================
534
535 [17-client-auth-TLSv1.1-require]
536 ssl_conf = 17-client-auth-TLSv1.1-require-ssl
537
538 [17-client-auth-TLSv1.1-require-ssl]
539 server = 17-client-auth-TLSv1.1-require-server
540 client = 17-client-auth-TLSv1.1-require-client
541
542 [17-client-auth-TLSv1.1-require-server]
543 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
544 CipherString = DEFAULT:@SECLEVEL=0
545 MaxProtocol = TLSv1.1
546 MinProtocol = TLSv1.1
547 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
548 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
549 VerifyMode = Request
550
551 [17-client-auth-TLSv1.1-require-client]
552 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
553 CipherString = DEFAULT:@SECLEVEL=0
554 MaxProtocol = TLSv1.1
555 MinProtocol = TLSv1.1
556 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
557 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
558 VerifyMode = Peer
559
560 [test-17]
561 ExpectedClientCANames = empty
562 ExpectedClientCertType = RSA
563 ExpectedResult = Success
564
565
566 # ===========================================================
567
568 [18-client-auth-TLSv1.1-require-non-empty-names]
569 ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl
570
571 [18-client-auth-TLSv1.1-require-non-empty-names-ssl]
572 server = 18-client-auth-TLSv1.1-require-non-empty-names-server
573 client = 18-client-auth-TLSv1.1-require-non-empty-names-client
574
575 [18-client-auth-TLSv1.1-require-non-empty-names-server]
576 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577 CipherString = DEFAULT:@SECLEVEL=0
578 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
579 MaxProtocol = TLSv1.1
580 MinProtocol = TLSv1.1
581 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
582 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
583 VerifyMode = Request
584
585 [18-client-auth-TLSv1.1-require-non-empty-names-client]
586 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
587 CipherString = DEFAULT:@SECLEVEL=0
588 MaxProtocol = TLSv1.1
589 MinProtocol = TLSv1.1
590 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
591 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
592 VerifyMode = Peer
593
594 [test-18]
595 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
596 ExpectedClientCertType = RSA
597 ExpectedResult = Success
598
599
600 # ===========================================================
601
602 [19-client-auth-TLSv1.1-noroot]
603 ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl
604
605 [19-client-auth-TLSv1.1-noroot-ssl]
606 server = 19-client-auth-TLSv1.1-noroot-server
607 client = 19-client-auth-TLSv1.1-noroot-client
608
609 [19-client-auth-TLSv1.1-noroot-server]
610 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
611 CipherString = DEFAULT:@SECLEVEL=0
612 MaxProtocol = TLSv1.1
613 MinProtocol = TLSv1.1
614 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
615 VerifyMode = Require
616
617 [19-client-auth-TLSv1.1-noroot-client]
618 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
619 CipherString = DEFAULT:@SECLEVEL=0
620 MaxProtocol = TLSv1.1
621 MinProtocol = TLSv1.1
622 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
623 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
624 VerifyMode = Peer
625
626 [test-19]
627 ExpectedResult = ServerFail
628 ExpectedServerAlert = UnknownCA
629
630
631 # ===========================================================
632
633 [20-server-auth-TLSv1.2]
634 ssl_conf = 20-server-auth-TLSv1.2-ssl
635
636 [20-server-auth-TLSv1.2-ssl]
637 server = 20-server-auth-TLSv1.2-server
638 client = 20-server-auth-TLSv1.2-client
639
640 [20-server-auth-TLSv1.2-server]
641 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
642 CipherString = DEFAULT:@SECLEVEL=0
643 MaxProtocol = TLSv1.2
644 MinProtocol = TLSv1.2
645 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
646
647 [20-server-auth-TLSv1.2-client]
648 CipherString = DEFAULT:@SECLEVEL=0
649 MaxProtocol = TLSv1.2
650 MinProtocol = TLSv1.2
651 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
652 VerifyMode = Peer
653
654 [test-20]
655 ExpectedResult = Success
656
657
658 # ===========================================================
659
660 [21-client-auth-TLSv1.2-request]
661 ssl_conf = 21-client-auth-TLSv1.2-request-ssl
662
663 [21-client-auth-TLSv1.2-request-ssl]
664 server = 21-client-auth-TLSv1.2-request-server
665 client = 21-client-auth-TLSv1.2-request-client
666
667 [21-client-auth-TLSv1.2-request-server]
668 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
669 CipherString = DEFAULT:@SECLEVEL=0
670 MaxProtocol = TLSv1.2
671 MinProtocol = TLSv1.2
672 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
673 VerifyMode = Request
674
675 [21-client-auth-TLSv1.2-request-client]
676 CipherString = DEFAULT:@SECLEVEL=0
677 MaxProtocol = TLSv1.2
678 MinProtocol = TLSv1.2
679 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
680 VerifyMode = Peer
681
682 [test-21]
683 ExpectedResult = Success
684
685
686 # ===========================================================
687
688 [22-client-auth-TLSv1.2-require-fail]
689 ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl
690
691 [22-client-auth-TLSv1.2-require-fail-ssl]
692 server = 22-client-auth-TLSv1.2-require-fail-server
693 client = 22-client-auth-TLSv1.2-require-fail-client
694
695 [22-client-auth-TLSv1.2-require-fail-server]
696 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
697 CipherString = DEFAULT:@SECLEVEL=0
698 MaxProtocol = TLSv1.2
699 MinProtocol = TLSv1.2
700 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
701 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
702 VerifyMode = Require
703
704 [22-client-auth-TLSv1.2-require-fail-client]
705 CipherString = DEFAULT:@SECLEVEL=0
706 MaxProtocol = TLSv1.2
707 MinProtocol = TLSv1.2
708 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
709 VerifyMode = Peer
710
711 [test-22]
712 ExpectedResult = ServerFail
713 ExpectedServerAlert = HandshakeFailure
714
715
716 # ===========================================================
717
718 [23-client-auth-TLSv1.2-require]
719 ssl_conf = 23-client-auth-TLSv1.2-require-ssl
720
721 [23-client-auth-TLSv1.2-require-ssl]
722 server = 23-client-auth-TLSv1.2-require-server
723 client = 23-client-auth-TLSv1.2-require-client
724
725 [23-client-auth-TLSv1.2-require-server]
726 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
727 CipherString = DEFAULT:@SECLEVEL=0
728 ClientSignatureAlgorithms = SHA256+RSA
729 MaxProtocol = TLSv1.2
730 MinProtocol = TLSv1.2
731 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
732 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
733 VerifyMode = Request
734
735 [23-client-auth-TLSv1.2-require-client]
736 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
737 CipherString = DEFAULT:@SECLEVEL=0
738 MaxProtocol = TLSv1.2
739 MinProtocol = TLSv1.2
740 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
741 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
742 VerifyMode = Peer
743
744 [test-23]
745 ExpectedClientCANames = empty
746 ExpectedClientCertType = RSA
747 ExpectedClientSignHash = SHA256
748 ExpectedClientSignType = RSA
749 ExpectedResult = Success
750
751
752 # ===========================================================
753
754 [24-client-auth-TLSv1.2-rsa-pss]
755 ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl
756
757 [24-client-auth-TLSv1.2-rsa-pss-ssl]
758 server = 24-client-auth-TLSv1.2-rsa-pss-server
759 client = 24-client-auth-TLSv1.2-rsa-pss-client
760
761 [24-client-auth-TLSv1.2-rsa-pss-server]
762 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
763 CipherString = DEFAULT:@SECLEVEL=0
764 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
765 MaxProtocol = TLSv1.2
766 MinProtocol = TLSv1.2
767 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
768 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
769 VerifyMode = Require
770
771 [24-client-auth-TLSv1.2-rsa-pss-client]
772 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
773 CipherString = DEFAULT:@SECLEVEL=0
774 MaxProtocol = TLSv1.2
775 MinProtocol = TLSv1.2
776 Options = StrictCertCheck
777 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
778 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
779 VerifyMode = Peer
780
781 [test-24]
782 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
783 ExpectedClientCertType = RSA-PSS
784 ExpectedResult = Success
785
786
787 # ===========================================================
788
789 [25-client-auth-TLSv1.2-rsa-pss-bad]
790 ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl
791
792 [25-client-auth-TLSv1.2-rsa-pss-bad-ssl]
793 server = 25-client-auth-TLSv1.2-rsa-pss-bad-server
794 client = 25-client-auth-TLSv1.2-rsa-pss-bad-client
795
796 [25-client-auth-TLSv1.2-rsa-pss-bad-server]
797 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
798 CipherString = DEFAULT:@SECLEVEL=0
799 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
800 MaxProtocol = TLSv1.2
801 MinProtocol = TLSv1.2
802 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
803 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
804 VerifyMode = Require
805
806 [25-client-auth-TLSv1.2-rsa-pss-bad-client]
807 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
808 CipherString = DEFAULT:@SECLEVEL=0
809 MaxProtocol = TLSv1.2
810 MinProtocol = TLSv1.2
811 Options = StrictCertCheck
812 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
813 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
814 VerifyMode = Peer
815
816 [test-25]
817 ExpectedResult = ServerFail
818 ExpectedServerAlert = HandshakeFailure
819
820
821 # ===========================================================
822
823 [26-client-auth-TLSv1.2-require-non-empty-names]
824 ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl
825
826 [26-client-auth-TLSv1.2-require-non-empty-names-ssl]
827 server = 26-client-auth-TLSv1.2-require-non-empty-names-server
828 client = 26-client-auth-TLSv1.2-require-non-empty-names-client
829
830 [26-client-auth-TLSv1.2-require-non-empty-names-server]
831 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
832 CipherString = DEFAULT:@SECLEVEL=0
833 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
834 ClientSignatureAlgorithms = SHA256+RSA
835 MaxProtocol = TLSv1.2
836 MinProtocol = TLSv1.2
837 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
838 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
839 VerifyMode = Request
840
841 [26-client-auth-TLSv1.2-require-non-empty-names-client]
842 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
843 CipherString = DEFAULT:@SECLEVEL=0
844 MaxProtocol = TLSv1.2
845 MinProtocol = TLSv1.2
846 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
847 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
848 VerifyMode = Peer
849
850 [test-26]
851 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
852 ExpectedClientCertType = RSA
853 ExpectedClientSignHash = SHA256
854 ExpectedClientSignType = RSA
855 ExpectedResult = Success
856
857
858 # ===========================================================
859
860 [27-client-auth-TLSv1.2-noroot]
861 ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl
862
863 [27-client-auth-TLSv1.2-noroot-ssl]
864 server = 27-client-auth-TLSv1.2-noroot-server
865 client = 27-client-auth-TLSv1.2-noroot-client
866
867 [27-client-auth-TLSv1.2-noroot-server]
868 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
869 CipherString = DEFAULT:@SECLEVEL=0
870 MaxProtocol = TLSv1.2
871 MinProtocol = TLSv1.2
872 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
873 VerifyMode = Require
874
875 [27-client-auth-TLSv1.2-noroot-client]
876 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
877 CipherString = DEFAULT:@SECLEVEL=0
878 MaxProtocol = TLSv1.2
879 MinProtocol = TLSv1.2
880 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
881 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
882 VerifyMode = Peer
883
884 [test-27]
885 ExpectedResult = ServerFail
886 ExpectedServerAlert = UnknownCA
887
888
889 # ===========================================================
890
891 [28-server-auth-DTLSv1]
892 ssl_conf = 28-server-auth-DTLSv1-ssl
893
894 [28-server-auth-DTLSv1-ssl]
895 server = 28-server-auth-DTLSv1-server
896 client = 28-server-auth-DTLSv1-client
897
898 [28-server-auth-DTLSv1-server]
899 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
900 CipherString = DEFAULT:@SECLEVEL=0
901 MaxProtocol = DTLSv1
902 MinProtocol = DTLSv1
903 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
904
905 [28-server-auth-DTLSv1-client]
906 CipherString = DEFAULT:@SECLEVEL=0
907 MaxProtocol = DTLSv1
908 MinProtocol = DTLSv1
909 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
910 VerifyMode = Peer
911
912 [test-28]
913 ExpectedResult = Success
914 Method = DTLS
915
916
917 # ===========================================================
918
919 [29-client-auth-DTLSv1-request]
920 ssl_conf = 29-client-auth-DTLSv1-request-ssl
921
922 [29-client-auth-DTLSv1-request-ssl]
923 server = 29-client-auth-DTLSv1-request-server
924 client = 29-client-auth-DTLSv1-request-client
925
926 [29-client-auth-DTLSv1-request-server]
927 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
928 CipherString = DEFAULT:@SECLEVEL=0
929 MaxProtocol = DTLSv1
930 MinProtocol = DTLSv1
931 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
932 VerifyMode = Request
933
934 [29-client-auth-DTLSv1-request-client]
935 CipherString = DEFAULT:@SECLEVEL=0
936 MaxProtocol = DTLSv1
937 MinProtocol = DTLSv1
938 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
939 VerifyMode = Peer
940
941 [test-29]
942 ExpectedResult = Success
943 Method = DTLS
944
945
946 # ===========================================================
947
948 [30-client-auth-DTLSv1-require-fail]
949 ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl
950
951 [30-client-auth-DTLSv1-require-fail-ssl]
952 server = 30-client-auth-DTLSv1-require-fail-server
953 client = 30-client-auth-DTLSv1-require-fail-client
954
955 [30-client-auth-DTLSv1-require-fail-server]
956 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
957 CipherString = DEFAULT:@SECLEVEL=0
958 MaxProtocol = DTLSv1
959 MinProtocol = DTLSv1
960 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
961 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
962 VerifyMode = Require
963
964 [30-client-auth-DTLSv1-require-fail-client]
965 CipherString = DEFAULT:@SECLEVEL=0
966 MaxProtocol = DTLSv1
967 MinProtocol = DTLSv1
968 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
969 VerifyMode = Peer
970
971 [test-30]
972 ExpectedResult = ServerFail
973 ExpectedServerAlert = HandshakeFailure
974 Method = DTLS
975
976
977 # ===========================================================
978
979 [31-client-auth-DTLSv1-require]
980 ssl_conf = 31-client-auth-DTLSv1-require-ssl
981
982 [31-client-auth-DTLSv1-require-ssl]
983 server = 31-client-auth-DTLSv1-require-server
984 client = 31-client-auth-DTLSv1-require-client
985
986 [31-client-auth-DTLSv1-require-server]
987 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
988 CipherString = DEFAULT:@SECLEVEL=0
989 MaxProtocol = DTLSv1
990 MinProtocol = DTLSv1
991 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
992 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
993 VerifyMode = Request
994
995 [31-client-auth-DTLSv1-require-client]
996 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
997 CipherString = DEFAULT:@SECLEVEL=0
998 MaxProtocol = DTLSv1
999 MinProtocol = DTLSv1
1000 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1001 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1002 VerifyMode = Peer
1003
1004 [test-31]
1005 ExpectedClientCANames = empty
1006 ExpectedClientCertType = RSA
1007 ExpectedResult = Success
1008 Method = DTLS
1009
1010
1011 # ===========================================================
1012
1013 [32-client-auth-DTLSv1-require-non-empty-names]
1014 ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl
1015
1016 [32-client-auth-DTLSv1-require-non-empty-names-ssl]
1017 server = 32-client-auth-DTLSv1-require-non-empty-names-server
1018 client = 32-client-auth-DTLSv1-require-non-empty-names-client
1019
1020 [32-client-auth-DTLSv1-require-non-empty-names-server]
1021 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1022 CipherString = DEFAULT:@SECLEVEL=0
1023 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1024 MaxProtocol = DTLSv1
1025 MinProtocol = DTLSv1
1026 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1027 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1028 VerifyMode = Request
1029
1030 [32-client-auth-DTLSv1-require-non-empty-names-client]
1031 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1032 CipherString = DEFAULT:@SECLEVEL=0
1033 MaxProtocol = DTLSv1
1034 MinProtocol = DTLSv1
1035 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1036 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1037 VerifyMode = Peer
1038
1039 [test-32]
1040 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1041 ExpectedClientCertType = RSA
1042 ExpectedResult = Success
1043 Method = DTLS
1044
1045
1046 # ===========================================================
1047
1048 [33-client-auth-DTLSv1-noroot]
1049 ssl_conf = 33-client-auth-DTLSv1-noroot-ssl
1050
1051 [33-client-auth-DTLSv1-noroot-ssl]
1052 server = 33-client-auth-DTLSv1-noroot-server
1053 client = 33-client-auth-DTLSv1-noroot-client
1054
1055 [33-client-auth-DTLSv1-noroot-server]
1056 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1057 CipherString = DEFAULT:@SECLEVEL=0
1058 MaxProtocol = DTLSv1
1059 MinProtocol = DTLSv1
1060 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1061 VerifyMode = Require
1062
1063 [33-client-auth-DTLSv1-noroot-client]
1064 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1065 CipherString = DEFAULT:@SECLEVEL=0
1066 MaxProtocol = DTLSv1
1067 MinProtocol = DTLSv1
1068 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1069 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1070 VerifyMode = Peer
1071
1072 [test-33]
1073 ExpectedResult = ServerFail
1074 ExpectedServerAlert = UnknownCA
1075 Method = DTLS
1076
1077
1078 # ===========================================================
1079
1080 [34-server-auth-DTLSv1.2]
1081 ssl_conf = 34-server-auth-DTLSv1.2-ssl
1082
1083 [34-server-auth-DTLSv1.2-ssl]
1084 server = 34-server-auth-DTLSv1.2-server
1085 client = 34-server-auth-DTLSv1.2-client
1086
1087 [34-server-auth-DTLSv1.2-server]
1088 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1089 CipherString = DEFAULT:@SECLEVEL=0
1090 MaxProtocol = DTLSv1.2
1091 MinProtocol = DTLSv1.2
1092 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1093
1094 [34-server-auth-DTLSv1.2-client]
1095 CipherString = DEFAULT:@SECLEVEL=0
1096 MaxProtocol = DTLSv1.2
1097 MinProtocol = DTLSv1.2
1098 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1099 VerifyMode = Peer
1100
1101 [test-34]
1102 ExpectedResult = Success
1103 Method = DTLS
1104
1105
1106 # ===========================================================
1107
1108 [35-client-auth-DTLSv1.2-request]
1109 ssl_conf = 35-client-auth-DTLSv1.2-request-ssl
1110
1111 [35-client-auth-DTLSv1.2-request-ssl]
1112 server = 35-client-auth-DTLSv1.2-request-server
1113 client = 35-client-auth-DTLSv1.2-request-client
1114
1115 [35-client-auth-DTLSv1.2-request-server]
1116 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1117 CipherString = DEFAULT:@SECLEVEL=0
1118 MaxProtocol = DTLSv1.2
1119 MinProtocol = DTLSv1.2
1120 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1121 VerifyMode = Request
1122
1123 [35-client-auth-DTLSv1.2-request-client]
1124 CipherString = DEFAULT:@SECLEVEL=0
1125 MaxProtocol = DTLSv1.2
1126 MinProtocol = DTLSv1.2
1127 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1128 VerifyMode = Peer
1129
1130 [test-35]
1131 ExpectedResult = Success
1132 Method = DTLS
1133
1134
1135 # ===========================================================
1136
1137 [36-client-auth-DTLSv1.2-require-fail]
1138 ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl
1139
1140 [36-client-auth-DTLSv1.2-require-fail-ssl]
1141 server = 36-client-auth-DTLSv1.2-require-fail-server
1142 client = 36-client-auth-DTLSv1.2-require-fail-client
1143
1144 [36-client-auth-DTLSv1.2-require-fail-server]
1145 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1146 CipherString = DEFAULT:@SECLEVEL=0
1147 MaxProtocol = DTLSv1.2
1148 MinProtocol = DTLSv1.2
1149 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1150 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1151 VerifyMode = Require
1152
1153 [36-client-auth-DTLSv1.2-require-fail-client]
1154 CipherString = DEFAULT:@SECLEVEL=0
1155 MaxProtocol = DTLSv1.2
1156 MinProtocol = DTLSv1.2
1157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1158 VerifyMode = Peer
1159
1160 [test-36]
1161 ExpectedResult = ServerFail
1162 ExpectedServerAlert = HandshakeFailure
1163 Method = DTLS
1164
1165
1166 # ===========================================================
1167
1168 [37-client-auth-DTLSv1.2-require]
1169 ssl_conf = 37-client-auth-DTLSv1.2-require-ssl
1170
1171 [37-client-auth-DTLSv1.2-require-ssl]
1172 server = 37-client-auth-DTLSv1.2-require-server
1173 client = 37-client-auth-DTLSv1.2-require-client
1174
1175 [37-client-auth-DTLSv1.2-require-server]
1176 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1177 CipherString = DEFAULT:@SECLEVEL=0
1178 MaxProtocol = DTLSv1.2
1179 MinProtocol = DTLSv1.2
1180 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1181 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1182 VerifyMode = Request
1183
1184 [37-client-auth-DTLSv1.2-require-client]
1185 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1186 CipherString = DEFAULT:@SECLEVEL=0
1187 MaxProtocol = DTLSv1.2
1188 MinProtocol = DTLSv1.2
1189 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1190 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1191 VerifyMode = Peer
1192
1193 [test-37]
1194 ExpectedClientCANames = empty
1195 ExpectedClientCertType = RSA
1196 ExpectedResult = Success
1197 Method = DTLS
1198
1199
1200 # ===========================================================
1201
1202 [38-client-auth-DTLSv1.2-require-non-empty-names]
1203 ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl
1204
1205 [38-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1206 server = 38-client-auth-DTLSv1.2-require-non-empty-names-server
1207 client = 38-client-auth-DTLSv1.2-require-non-empty-names-client
1208
1209 [38-client-auth-DTLSv1.2-require-non-empty-names-server]
1210 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1211 CipherString = DEFAULT:@SECLEVEL=0
1212 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1213 MaxProtocol = DTLSv1.2
1214 MinProtocol = DTLSv1.2
1215 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1216 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1217 VerifyMode = Request
1218
1219 [38-client-auth-DTLSv1.2-require-non-empty-names-client]
1220 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1221 CipherString = DEFAULT:@SECLEVEL=0
1222 MaxProtocol = DTLSv1.2
1223 MinProtocol = DTLSv1.2
1224 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1225 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1226 VerifyMode = Peer
1227
1228 [test-38]
1229 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1230 ExpectedClientCertType = RSA
1231 ExpectedResult = Success
1232 Method = DTLS
1233
1234
1235 # ===========================================================
1236
1237 [39-client-auth-DTLSv1.2-noroot]
1238 ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl
1239
1240 [39-client-auth-DTLSv1.2-noroot-ssl]
1241 server = 39-client-auth-DTLSv1.2-noroot-server
1242 client = 39-client-auth-DTLSv1.2-noroot-client
1243
1244 [39-client-auth-DTLSv1.2-noroot-server]
1245 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1246 CipherString = DEFAULT:@SECLEVEL=0
1247 MaxProtocol = DTLSv1.2
1248 MinProtocol = DTLSv1.2
1249 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1250 VerifyMode = Require
1251
1252 [39-client-auth-DTLSv1.2-noroot-client]
1253 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1254 CipherString = DEFAULT:@SECLEVEL=0
1255 MaxProtocol = DTLSv1.2
1256 MinProtocol = DTLSv1.2
1257 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1258 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1259 VerifyMode = Peer
1260
1261 [test-39]
1262 ExpectedResult = ServerFail
1263 ExpectedServerAlert = UnknownCA
1264 Method = DTLS
1265
1266
Unnamed repository; edit this file 'description' to name the repository.