1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-rsa-pss
10 test-5 = 5-client-auth-flex-rsa-pss-bad
11 test-6 = 6-client-auth-flex-require-non-empty-names
12 test-7 = 7-client-auth-flex-noroot
13 test-8 = 8-server-auth-TLSv1
14 test-9 = 9-client-auth-TLSv1-request
15 test-10 = 10-client-auth-TLSv1-require-fail
16 test-11 = 11-client-auth-TLSv1-require
17 test-12 = 12-client-auth-TLSv1-require-non-empty-names
18 test-13 = 13-client-auth-TLSv1-noroot
19 test-14 = 14-server-auth-TLSv1.1
20 test-15 = 15-client-auth-TLSv1.1-request
21 test-16 = 16-client-auth-TLSv1.1-require-fail
22 test-17 = 17-client-auth-TLSv1.1-require
23 test-18 = 18-client-auth-TLSv1.1-require-non-empty-names
24 test-19 = 19-client-auth-TLSv1.1-noroot
25 test-20 = 20-server-auth-TLSv1.2
26 test-21 = 21-client-auth-TLSv1.2-request
27 test-22 = 22-client-auth-TLSv1.2-require-fail
28 test-23 = 23-client-auth-TLSv1.2-require
29 test-24 = 24-client-auth-TLSv1.2-rsa-pss
30 test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad
31 test-26 = 26-client-auth-TLSv1.2-require-non-empty-names
32 test-27 = 27-client-auth-TLSv1.2-noroot
33 test-28 = 28-server-auth-DTLSv1
34 test-29 = 29-client-auth-DTLSv1-request
35 test-30 = 30-client-auth-DTLSv1-require-fail
36 test-31 = 31-client-auth-DTLSv1-require
37 test-32 = 32-client-auth-DTLSv1-require-non-empty-names
38 test-33 = 33-client-auth-DTLSv1-noroot
39 test-34 = 34-server-auth-DTLSv1.2
40 test-35 = 35-client-auth-DTLSv1.2-request
41 test-36 = 36-client-auth-DTLSv1.2-require-fail
42 test-37 = 37-client-auth-DTLSv1.2-require
43 test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names
44 test-39 = 39-client-auth-DTLSv1.2-noroot
45 # ===========================================================
48 ssl_conf = 0-server-auth-flex-ssl
50 [0-server-auth-flex-ssl]
51 server = 0-server-auth-flex-server
52 client = 0-server-auth-flex-client
54 [0-server-auth-flex-server]
55 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
56 CipherString = DEFAULT:@SECLEVEL=0
57 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
59 [0-server-auth-flex-client]
60 CipherString = DEFAULT:@SECLEVEL=0
61 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
65 ExpectedResult = Success
68 # ===========================================================
70 [1-client-auth-flex-request]
71 ssl_conf = 1-client-auth-flex-request-ssl
73 [1-client-auth-flex-request-ssl]
74 server = 1-client-auth-flex-request-server
75 client = 1-client-auth-flex-request-client
77 [1-client-auth-flex-request-server]
78 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
79 CipherString = DEFAULT:@SECLEVEL=0
80 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
83 [1-client-auth-flex-request-client]
84 CipherString = DEFAULT:@SECLEVEL=0
85 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
89 ExpectedResult = Success
92 # ===========================================================
94 [2-client-auth-flex-require-fail]
95 ssl_conf = 2-client-auth-flex-require-fail-ssl
97 [2-client-auth-flex-require-fail-ssl]
98 server = 2-client-auth-flex-require-fail-server
99 client = 2-client-auth-flex-require-fail-client
101 [2-client-auth-flex-require-fail-server]
102 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
103 CipherString = DEFAULT:@SECLEVEL=0
104 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
105 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
108 [2-client-auth-flex-require-fail-client]
109 CipherString = DEFAULT:@SECLEVEL=0
110 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
114 ExpectedResult = ServerFail
115 ExpectedServerAlert = CertificateRequired
118 # ===========================================================
120 [3-client-auth-flex-require]
121 ssl_conf = 3-client-auth-flex-require-ssl
123 [3-client-auth-flex-require-ssl]
124 server = 3-client-auth-flex-require-server
125 client = 3-client-auth-flex-require-client
127 [3-client-auth-flex-require-server]
128 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
129 CipherString = DEFAULT:@SECLEVEL=0
130 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
131 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
134 [3-client-auth-flex-require-client]
135 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
136 CipherString = DEFAULT:@SECLEVEL=0
137 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
138 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
142 ExpectedClientCANames = empty
143 ExpectedClientCertType = RSA
144 ExpectedResult = Success
147 # ===========================================================
149 [4-client-auth-flex-rsa-pss]
150 ssl_conf = 4-client-auth-flex-rsa-pss-ssl
152 [4-client-auth-flex-rsa-pss-ssl]
153 server = 4-client-auth-flex-rsa-pss-server
154 client = 4-client-auth-flex-rsa-pss-client
156 [4-client-auth-flex-rsa-pss-server]
157 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
158 CipherString = DEFAULT:@SECLEVEL=0
159 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
160 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
161 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
164 [4-client-auth-flex-rsa-pss-client]
165 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
166 CipherString = DEFAULT:@SECLEVEL=0
167 Options = StrictCertCheck
168 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
169 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
173 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
174 ExpectedClientCertType = RSA-PSS
175 ExpectedResult = Success
178 # ===========================================================
180 [5-client-auth-flex-rsa-pss-bad]
181 ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl
183 [5-client-auth-flex-rsa-pss-bad-ssl]
184 server = 5-client-auth-flex-rsa-pss-bad-server
185 client = 5-client-auth-flex-rsa-pss-bad-client
187 [5-client-auth-flex-rsa-pss-bad-server]
188 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
189 CipherString = DEFAULT:@SECLEVEL=0
190 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
195 [5-client-auth-flex-rsa-pss-bad-client]
196 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
197 CipherString = DEFAULT:@SECLEVEL=0
198 Options = StrictCertCheck
199 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
204 ExpectedResult = ServerFail
205 ExpectedServerAlert = CertificateRequired
208 # ===========================================================
210 [6-client-auth-flex-require-non-empty-names]
211 ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl
213 [6-client-auth-flex-require-non-empty-names-ssl]
214 server = 6-client-auth-flex-require-non-empty-names-server
215 client = 6-client-auth-flex-require-non-empty-names-client
217 [6-client-auth-flex-require-non-empty-names-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT:@SECLEVEL=0
220 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
221 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
222 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
225 [6-client-auth-flex-require-non-empty-names-client]
226 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
227 CipherString = DEFAULT:@SECLEVEL=0
228 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
233 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
234 ExpectedClientCertType = RSA
235 ExpectedResult = Success
238 # ===========================================================
240 [7-client-auth-flex-noroot]
241 ssl_conf = 7-client-auth-flex-noroot-ssl
243 [7-client-auth-flex-noroot-ssl]
244 server = 7-client-auth-flex-noroot-server
245 client = 7-client-auth-flex-noroot-client
247 [7-client-auth-flex-noroot-server]
248 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
249 CipherString = DEFAULT:@SECLEVEL=0
250 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
253 [7-client-auth-flex-noroot-client]
254 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
255 CipherString = DEFAULT:@SECLEVEL=0
256 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
257 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
261 ExpectedResult = ServerFail
262 ExpectedServerAlert = UnknownCA
265 # ===========================================================
267 [8-server-auth-TLSv1]
268 ssl_conf = 8-server-auth-TLSv1-ssl
270 [8-server-auth-TLSv1-ssl]
271 server = 8-server-auth-TLSv1-server
272 client = 8-server-auth-TLSv1-client
274 [8-server-auth-TLSv1-server]
275 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
276 CipherString = DEFAULT:@SECLEVEL=0
279 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
281 [8-server-auth-TLSv1-client]
282 CipherString = DEFAULT:@SECLEVEL=0
285 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
289 ExpectedResult = Success
292 # ===========================================================
294 [9-client-auth-TLSv1-request]
295 ssl_conf = 9-client-auth-TLSv1-request-ssl
297 [9-client-auth-TLSv1-request-ssl]
298 server = 9-client-auth-TLSv1-request-server
299 client = 9-client-auth-TLSv1-request-client
301 [9-client-auth-TLSv1-request-server]
302 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
303 CipherString = DEFAULT:@SECLEVEL=0
306 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
309 [9-client-auth-TLSv1-request-client]
310 CipherString = DEFAULT:@SECLEVEL=0
313 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
317 ExpectedResult = Success
320 # ===========================================================
322 [10-client-auth-TLSv1-require-fail]
323 ssl_conf = 10-client-auth-TLSv1-require-fail-ssl
325 [10-client-auth-TLSv1-require-fail-ssl]
326 server = 10-client-auth-TLSv1-require-fail-server
327 client = 10-client-auth-TLSv1-require-fail-client
329 [10-client-auth-TLSv1-require-fail-server]
330 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
331 CipherString = DEFAULT:@SECLEVEL=0
334 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
335 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
338 [10-client-auth-TLSv1-require-fail-client]
339 CipherString = DEFAULT:@SECLEVEL=0
342 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
346 ExpectedResult = ServerFail
347 ExpectedServerAlert = HandshakeFailure
350 # ===========================================================
352 [11-client-auth-TLSv1-require]
353 ssl_conf = 11-client-auth-TLSv1-require-ssl
355 [11-client-auth-TLSv1-require-ssl]
356 server = 11-client-auth-TLSv1-require-server
357 client = 11-client-auth-TLSv1-require-client
359 [11-client-auth-TLSv1-require-server]
360 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361 CipherString = DEFAULT:@SECLEVEL=0
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
368 [11-client-auth-TLSv1-require-client]
369 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
370 CipherString = DEFAULT:@SECLEVEL=0
373 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
374 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
378 ExpectedClientCANames = empty
379 ExpectedClientCertType = RSA
380 ExpectedResult = Success
383 # ===========================================================
385 [12-client-auth-TLSv1-require-non-empty-names]
386 ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl
388 [12-client-auth-TLSv1-require-non-empty-names-ssl]
389 server = 12-client-auth-TLSv1-require-non-empty-names-server
390 client = 12-client-auth-TLSv1-require-non-empty-names-client
392 [12-client-auth-TLSv1-require-non-empty-names-server]
393 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394 CipherString = DEFAULT:@SECLEVEL=0
395 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
398 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
399 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
402 [12-client-auth-TLSv1-require-non-empty-names-client]
403 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
404 CipherString = DEFAULT:@SECLEVEL=0
407 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
408 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
412 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
413 ExpectedClientCertType = RSA
414 ExpectedResult = Success
417 # ===========================================================
419 [13-client-auth-TLSv1-noroot]
420 ssl_conf = 13-client-auth-TLSv1-noroot-ssl
422 [13-client-auth-TLSv1-noroot-ssl]
423 server = 13-client-auth-TLSv1-noroot-server
424 client = 13-client-auth-TLSv1-noroot-client
426 [13-client-auth-TLSv1-noroot-server]
427 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
428 CipherString = DEFAULT:@SECLEVEL=0
431 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
434 [13-client-auth-TLSv1-noroot-client]
435 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
436 CipherString = DEFAULT:@SECLEVEL=0
439 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
440 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
444 ExpectedResult = ServerFail
445 ExpectedServerAlert = UnknownCA
448 # ===========================================================
450 [14-server-auth-TLSv1.1]
451 ssl_conf = 14-server-auth-TLSv1.1-ssl
453 [14-server-auth-TLSv1.1-ssl]
454 server = 14-server-auth-TLSv1.1-server
455 client = 14-server-auth-TLSv1.1-client
457 [14-server-auth-TLSv1.1-server]
458 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
459 CipherString = DEFAULT:@SECLEVEL=0
460 MaxProtocol = TLSv1.1
461 MinProtocol = TLSv1.1
462 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
464 [14-server-auth-TLSv1.1-client]
465 CipherString = DEFAULT:@SECLEVEL=0
466 MaxProtocol = TLSv1.1
467 MinProtocol = TLSv1.1
468 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
472 ExpectedResult = Success
475 # ===========================================================
477 [15-client-auth-TLSv1.1-request]
478 ssl_conf = 15-client-auth-TLSv1.1-request-ssl
480 [15-client-auth-TLSv1.1-request-ssl]
481 server = 15-client-auth-TLSv1.1-request-server
482 client = 15-client-auth-TLSv1.1-request-client
484 [15-client-auth-TLSv1.1-request-server]
485 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
486 CipherString = DEFAULT:@SECLEVEL=0
487 MaxProtocol = TLSv1.1
488 MinProtocol = TLSv1.1
489 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
492 [15-client-auth-TLSv1.1-request-client]
493 CipherString = DEFAULT:@SECLEVEL=0
494 MaxProtocol = TLSv1.1
495 MinProtocol = TLSv1.1
496 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
500 ExpectedResult = Success
503 # ===========================================================
505 [16-client-auth-TLSv1.1-require-fail]
506 ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl
508 [16-client-auth-TLSv1.1-require-fail-ssl]
509 server = 16-client-auth-TLSv1.1-require-fail-server
510 client = 16-client-auth-TLSv1.1-require-fail-client
512 [16-client-auth-TLSv1.1-require-fail-server]
513 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
514 CipherString = DEFAULT:@SECLEVEL=0
515 MaxProtocol = TLSv1.1
516 MinProtocol = TLSv1.1
517 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
518 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
521 [16-client-auth-TLSv1.1-require-fail-client]
522 CipherString = DEFAULT:@SECLEVEL=0
523 MaxProtocol = TLSv1.1
524 MinProtocol = TLSv1.1
525 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
529 ExpectedResult = ServerFail
530 ExpectedServerAlert = HandshakeFailure
533 # ===========================================================
535 [17-client-auth-TLSv1.1-require]
536 ssl_conf = 17-client-auth-TLSv1.1-require-ssl
538 [17-client-auth-TLSv1.1-require-ssl]
539 server = 17-client-auth-TLSv1.1-require-server
540 client = 17-client-auth-TLSv1.1-require-client
542 [17-client-auth-TLSv1.1-require-server]
543 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
544 CipherString = DEFAULT:@SECLEVEL=0
545 MaxProtocol = TLSv1.1
546 MinProtocol = TLSv1.1
547 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
548 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
551 [17-client-auth-TLSv1.1-require-client]
552 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
553 CipherString = DEFAULT:@SECLEVEL=0
554 MaxProtocol = TLSv1.1
555 MinProtocol = TLSv1.1
556 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
557 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
561 ExpectedClientCANames = empty
562 ExpectedClientCertType = RSA
563 ExpectedResult = Success
566 # ===========================================================
568 [18-client-auth-TLSv1.1-require-non-empty-names]
569 ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl
571 [18-client-auth-TLSv1.1-require-non-empty-names-ssl]
572 server = 18-client-auth-TLSv1.1-require-non-empty-names-server
573 client = 18-client-auth-TLSv1.1-require-non-empty-names-client
575 [18-client-auth-TLSv1.1-require-non-empty-names-server]
576 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577 CipherString = DEFAULT:@SECLEVEL=0
578 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
579 MaxProtocol = TLSv1.1
580 MinProtocol = TLSv1.1
581 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
582 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
585 [18-client-auth-TLSv1.1-require-non-empty-names-client]
586 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
587 CipherString = DEFAULT:@SECLEVEL=0
588 MaxProtocol = TLSv1.1
589 MinProtocol = TLSv1.1
590 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
591 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
595 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
596 ExpectedClientCertType = RSA
597 ExpectedResult = Success
600 # ===========================================================
602 [19-client-auth-TLSv1.1-noroot]
603 ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl
605 [19-client-auth-TLSv1.1-noroot-ssl]
606 server = 19-client-auth-TLSv1.1-noroot-server
607 client = 19-client-auth-TLSv1.1-noroot-client
609 [19-client-auth-TLSv1.1-noroot-server]
610 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
611 CipherString = DEFAULT:@SECLEVEL=0
612 MaxProtocol = TLSv1.1
613 MinProtocol = TLSv1.1
614 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
617 [19-client-auth-TLSv1.1-noroot-client]
618 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
619 CipherString = DEFAULT:@SECLEVEL=0
620 MaxProtocol = TLSv1.1
621 MinProtocol = TLSv1.1
622 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
623 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
627 ExpectedResult = ServerFail
628 ExpectedServerAlert = UnknownCA
631 # ===========================================================
633 [20-server-auth-TLSv1.2]
634 ssl_conf = 20-server-auth-TLSv1.2-ssl
636 [20-server-auth-TLSv1.2-ssl]
637 server = 20-server-auth-TLSv1.2-server
638 client = 20-server-auth-TLSv1.2-client
640 [20-server-auth-TLSv1.2-server]
641 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
642 CipherString = DEFAULT:@SECLEVEL=0
643 MaxProtocol = TLSv1.2
644 MinProtocol = TLSv1.2
645 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
647 [20-server-auth-TLSv1.2-client]
648 CipherString = DEFAULT:@SECLEVEL=0
649 MaxProtocol = TLSv1.2
650 MinProtocol = TLSv1.2
651 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
655 ExpectedResult = Success
658 # ===========================================================
660 [21-client-auth-TLSv1.2-request]
661 ssl_conf = 21-client-auth-TLSv1.2-request-ssl
663 [21-client-auth-TLSv1.2-request-ssl]
664 server = 21-client-auth-TLSv1.2-request-server
665 client = 21-client-auth-TLSv1.2-request-client
667 [21-client-auth-TLSv1.2-request-server]
668 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
669 CipherString = DEFAULT:@SECLEVEL=0
670 MaxProtocol = TLSv1.2
671 MinProtocol = TLSv1.2
672 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
675 [21-client-auth-TLSv1.2-request-client]
676 CipherString = DEFAULT:@SECLEVEL=0
677 MaxProtocol = TLSv1.2
678 MinProtocol = TLSv1.2
679 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
683 ExpectedResult = Success
686 # ===========================================================
688 [22-client-auth-TLSv1.2-require-fail]
689 ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl
691 [22-client-auth-TLSv1.2-require-fail-ssl]
692 server = 22-client-auth-TLSv1.2-require-fail-server
693 client = 22-client-auth-TLSv1.2-require-fail-client
695 [22-client-auth-TLSv1.2-require-fail-server]
696 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
697 CipherString = DEFAULT:@SECLEVEL=0
698 MaxProtocol = TLSv1.2
699 MinProtocol = TLSv1.2
700 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
701 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
704 [22-client-auth-TLSv1.2-require-fail-client]
705 CipherString = DEFAULT:@SECLEVEL=0
706 MaxProtocol = TLSv1.2
707 MinProtocol = TLSv1.2
708 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
712 ExpectedResult = ServerFail
713 ExpectedServerAlert = HandshakeFailure
716 # ===========================================================
718 [23-client-auth-TLSv1.2-require]
719 ssl_conf = 23-client-auth-TLSv1.2-require-ssl
721 [23-client-auth-TLSv1.2-require-ssl]
722 server = 23-client-auth-TLSv1.2-require-server
723 client = 23-client-auth-TLSv1.2-require-client
725 [23-client-auth-TLSv1.2-require-server]
726 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
727 CipherString = DEFAULT:@SECLEVEL=0
728 ClientSignatureAlgorithms = SHA256+RSA
729 MaxProtocol = TLSv1.2
730 MinProtocol = TLSv1.2
731 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
732 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
735 [23-client-auth-TLSv1.2-require-client]
736 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
737 CipherString = DEFAULT:@SECLEVEL=0
738 MaxProtocol = TLSv1.2
739 MinProtocol = TLSv1.2
740 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
741 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
745 ExpectedClientCANames = empty
746 ExpectedClientCertType = RSA
747 ExpectedClientSignHash = SHA256
748 ExpectedClientSignType = RSA
749 ExpectedResult = Success
752 # ===========================================================
754 [24-client-auth-TLSv1.2-rsa-pss]
755 ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl
757 [24-client-auth-TLSv1.2-rsa-pss-ssl]
758 server = 24-client-auth-TLSv1.2-rsa-pss-server
759 client = 24-client-auth-TLSv1.2-rsa-pss-client
761 [24-client-auth-TLSv1.2-rsa-pss-server]
762 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
763 CipherString = DEFAULT:@SECLEVEL=0
764 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
765 MaxProtocol = TLSv1.2
766 MinProtocol = TLSv1.2
767 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
768 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
771 [24-client-auth-TLSv1.2-rsa-pss-client]
772 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
773 CipherString = DEFAULT:@SECLEVEL=0
774 MaxProtocol = TLSv1.2
775 MinProtocol = TLSv1.2
776 Options = StrictCertCheck
777 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
778 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
782 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
783 ExpectedClientCertType = RSA-PSS
784 ExpectedResult = Success
787 # ===========================================================
789 [25-client-auth-TLSv1.2-rsa-pss-bad]
790 ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl
792 [25-client-auth-TLSv1.2-rsa-pss-bad-ssl]
793 server = 25-client-auth-TLSv1.2-rsa-pss-bad-server
794 client = 25-client-auth-TLSv1.2-rsa-pss-bad-client
796 [25-client-auth-TLSv1.2-rsa-pss-bad-server]
797 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
798 CipherString = DEFAULT:@SECLEVEL=0
799 ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
800 MaxProtocol = TLSv1.2
801 MinProtocol = TLSv1.2
802 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
803 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
806 [25-client-auth-TLSv1.2-rsa-pss-bad-client]
807 Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
808 CipherString = DEFAULT:@SECLEVEL=0
809 MaxProtocol = TLSv1.2
810 MinProtocol = TLSv1.2
811 Options = StrictCertCheck
812 PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
813 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
817 ExpectedResult = ServerFail
818 ExpectedServerAlert = HandshakeFailure
821 # ===========================================================
823 [26-client-auth-TLSv1.2-require-non-empty-names]
824 ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl
826 [26-client-auth-TLSv1.2-require-non-empty-names-ssl]
827 server = 26-client-auth-TLSv1.2-require-non-empty-names-server
828 client = 26-client-auth-TLSv1.2-require-non-empty-names-client
830 [26-client-auth-TLSv1.2-require-non-empty-names-server]
831 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
832 CipherString = DEFAULT:@SECLEVEL=0
833 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
834 ClientSignatureAlgorithms = SHA256+RSA
835 MaxProtocol = TLSv1.2
836 MinProtocol = TLSv1.2
837 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
838 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
841 [26-client-auth-TLSv1.2-require-non-empty-names-client]
842 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
843 CipherString = DEFAULT:@SECLEVEL=0
844 MaxProtocol = TLSv1.2
845 MinProtocol = TLSv1.2
846 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
847 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
851 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
852 ExpectedClientCertType = RSA
853 ExpectedClientSignHash = SHA256
854 ExpectedClientSignType = RSA
855 ExpectedResult = Success
858 # ===========================================================
860 [27-client-auth-TLSv1.2-noroot]
861 ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl
863 [27-client-auth-TLSv1.2-noroot-ssl]
864 server = 27-client-auth-TLSv1.2-noroot-server
865 client = 27-client-auth-TLSv1.2-noroot-client
867 [27-client-auth-TLSv1.2-noroot-server]
868 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
869 CipherString = DEFAULT:@SECLEVEL=0
870 MaxProtocol = TLSv1.2
871 MinProtocol = TLSv1.2
872 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
875 [27-client-auth-TLSv1.2-noroot-client]
876 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
877 CipherString = DEFAULT:@SECLEVEL=0
878 MaxProtocol = TLSv1.2
879 MinProtocol = TLSv1.2
880 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
881 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
885 ExpectedResult = ServerFail
886 ExpectedServerAlert = UnknownCA
889 # ===========================================================
891 [28-server-auth-DTLSv1]
892 ssl_conf = 28-server-auth-DTLSv1-ssl
894 [28-server-auth-DTLSv1-ssl]
895 server = 28-server-auth-DTLSv1-server
896 client = 28-server-auth-DTLSv1-client
898 [28-server-auth-DTLSv1-server]
899 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
900 CipherString = DEFAULT:@SECLEVEL=0
903 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
905 [28-server-auth-DTLSv1-client]
906 CipherString = DEFAULT:@SECLEVEL=0
909 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
913 ExpectedResult = Success
917 # ===========================================================
919 [29-client-auth-DTLSv1-request]
920 ssl_conf = 29-client-auth-DTLSv1-request-ssl
922 [29-client-auth-DTLSv1-request-ssl]
923 server = 29-client-auth-DTLSv1-request-server
924 client = 29-client-auth-DTLSv1-request-client
926 [29-client-auth-DTLSv1-request-server]
927 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
928 CipherString = DEFAULT:@SECLEVEL=0
931 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
934 [29-client-auth-DTLSv1-request-client]
935 CipherString = DEFAULT:@SECLEVEL=0
938 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
942 ExpectedResult = Success
946 # ===========================================================
948 [30-client-auth-DTLSv1-require-fail]
949 ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl
951 [30-client-auth-DTLSv1-require-fail-ssl]
952 server = 30-client-auth-DTLSv1-require-fail-server
953 client = 30-client-auth-DTLSv1-require-fail-client
955 [30-client-auth-DTLSv1-require-fail-server]
956 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
957 CipherString = DEFAULT:@SECLEVEL=0
960 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
961 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
964 [30-client-auth-DTLSv1-require-fail-client]
965 CipherString = DEFAULT:@SECLEVEL=0
968 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
972 ExpectedResult = ServerFail
973 ExpectedServerAlert = HandshakeFailure
977 # ===========================================================
979 [31-client-auth-DTLSv1-require]
980 ssl_conf = 31-client-auth-DTLSv1-require-ssl
982 [31-client-auth-DTLSv1-require-ssl]
983 server = 31-client-auth-DTLSv1-require-server
984 client = 31-client-auth-DTLSv1-require-client
986 [31-client-auth-DTLSv1-require-server]
987 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
988 CipherString = DEFAULT:@SECLEVEL=0
991 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
992 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
995 [31-client-auth-DTLSv1-require-client]
996 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
997 CipherString = DEFAULT:@SECLEVEL=0
1000 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1001 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1005 ExpectedClientCANames = empty
1006 ExpectedClientCertType = RSA
1007 ExpectedResult = Success
1011 # ===========================================================
1013 [32-client-auth-DTLSv1-require-non-empty-names]
1014 ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl
1016 [32-client-auth-DTLSv1-require-non-empty-names-ssl]
1017 server = 32-client-auth-DTLSv1-require-non-empty-names-server
1018 client = 32-client-auth-DTLSv1-require-non-empty-names-client
1020 [32-client-auth-DTLSv1-require-non-empty-names-server]
1021 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1022 CipherString = DEFAULT:@SECLEVEL=0
1023 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1024 MaxProtocol = DTLSv1
1025 MinProtocol = DTLSv1
1026 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1027 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1028 VerifyMode = Request
1030 [32-client-auth-DTLSv1-require-non-empty-names-client]
1031 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1032 CipherString = DEFAULT:@SECLEVEL=0
1033 MaxProtocol = DTLSv1
1034 MinProtocol = DTLSv1
1035 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1036 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1040 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1041 ExpectedClientCertType = RSA
1042 ExpectedResult = Success
1046 # ===========================================================
1048 [33-client-auth-DTLSv1-noroot]
1049 ssl_conf = 33-client-auth-DTLSv1-noroot-ssl
1051 [33-client-auth-DTLSv1-noroot-ssl]
1052 server = 33-client-auth-DTLSv1-noroot-server
1053 client = 33-client-auth-DTLSv1-noroot-client
1055 [33-client-auth-DTLSv1-noroot-server]
1056 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1057 CipherString = DEFAULT:@SECLEVEL=0
1058 MaxProtocol = DTLSv1
1059 MinProtocol = DTLSv1
1060 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1061 VerifyMode = Require
1063 [33-client-auth-DTLSv1-noroot-client]
1064 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1065 CipherString = DEFAULT:@SECLEVEL=0
1066 MaxProtocol = DTLSv1
1067 MinProtocol = DTLSv1
1068 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1069 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1073 ExpectedResult = ServerFail
1074 ExpectedServerAlert = UnknownCA
1078 # ===========================================================
1080 [34-server-auth-DTLSv1.2]
1081 ssl_conf = 34-server-auth-DTLSv1.2-ssl
1083 [34-server-auth-DTLSv1.2-ssl]
1084 server = 34-server-auth-DTLSv1.2-server
1085 client = 34-server-auth-DTLSv1.2-client
1087 [34-server-auth-DTLSv1.2-server]
1088 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1089 CipherString = DEFAULT:@SECLEVEL=0
1090 MaxProtocol = DTLSv1.2
1091 MinProtocol = DTLSv1.2
1092 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1094 [34-server-auth-DTLSv1.2-client]
1095 CipherString = DEFAULT:@SECLEVEL=0
1096 MaxProtocol = DTLSv1.2
1097 MinProtocol = DTLSv1.2
1098 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1102 ExpectedResult = Success
1106 # ===========================================================
1108 [35-client-auth-DTLSv1.2-request]
1109 ssl_conf = 35-client-auth-DTLSv1.2-request-ssl
1111 [35-client-auth-DTLSv1.2-request-ssl]
1112 server = 35-client-auth-DTLSv1.2-request-server
1113 client = 35-client-auth-DTLSv1.2-request-client
1115 [35-client-auth-DTLSv1.2-request-server]
1116 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1117 CipherString = DEFAULT:@SECLEVEL=0
1118 MaxProtocol = DTLSv1.2
1119 MinProtocol = DTLSv1.2
1120 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1121 VerifyMode = Request
1123 [35-client-auth-DTLSv1.2-request-client]
1124 CipherString = DEFAULT:@SECLEVEL=0
1125 MaxProtocol = DTLSv1.2
1126 MinProtocol = DTLSv1.2
1127 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1131 ExpectedResult = Success
1135 # ===========================================================
1137 [36-client-auth-DTLSv1.2-require-fail]
1138 ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl
1140 [36-client-auth-DTLSv1.2-require-fail-ssl]
1141 server = 36-client-auth-DTLSv1.2-require-fail-server
1142 client = 36-client-auth-DTLSv1.2-require-fail-client
1144 [36-client-auth-DTLSv1.2-require-fail-server]
1145 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1146 CipherString = DEFAULT:@SECLEVEL=0
1147 MaxProtocol = DTLSv1.2
1148 MinProtocol = DTLSv1.2
1149 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1150 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1151 VerifyMode = Require
1153 [36-client-auth-DTLSv1.2-require-fail-client]
1154 CipherString = DEFAULT:@SECLEVEL=0
1155 MaxProtocol = DTLSv1.2
1156 MinProtocol = DTLSv1.2
1157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1161 ExpectedResult = ServerFail
1162 ExpectedServerAlert = HandshakeFailure
1166 # ===========================================================
1168 [37-client-auth-DTLSv1.2-require]
1169 ssl_conf = 37-client-auth-DTLSv1.2-require-ssl
1171 [37-client-auth-DTLSv1.2-require-ssl]
1172 server = 37-client-auth-DTLSv1.2-require-server
1173 client = 37-client-auth-DTLSv1.2-require-client
1175 [37-client-auth-DTLSv1.2-require-server]
1176 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1177 CipherString = DEFAULT:@SECLEVEL=0
1178 MaxProtocol = DTLSv1.2
1179 MinProtocol = DTLSv1.2
1180 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1181 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1182 VerifyMode = Request
1184 [37-client-auth-DTLSv1.2-require-client]
1185 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1186 CipherString = DEFAULT:@SECLEVEL=0
1187 MaxProtocol = DTLSv1.2
1188 MinProtocol = DTLSv1.2
1189 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1190 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1194 ExpectedClientCANames = empty
1195 ExpectedClientCertType = RSA
1196 ExpectedResult = Success
1200 # ===========================================================
1202 [38-client-auth-DTLSv1.2-require-non-empty-names]
1203 ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl
1205 [38-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1206 server = 38-client-auth-DTLSv1.2-require-non-empty-names-server
1207 client = 38-client-auth-DTLSv1.2-require-non-empty-names-client
1209 [38-client-auth-DTLSv1.2-require-non-empty-names-server]
1210 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1211 CipherString = DEFAULT:@SECLEVEL=0
1212 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1213 MaxProtocol = DTLSv1.2
1214 MinProtocol = DTLSv1.2
1215 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1216 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1217 VerifyMode = Request
1219 [38-client-auth-DTLSv1.2-require-non-empty-names-client]
1220 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1221 CipherString = DEFAULT:@SECLEVEL=0
1222 MaxProtocol = DTLSv1.2
1223 MinProtocol = DTLSv1.2
1224 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1225 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1229 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1230 ExpectedClientCertType = RSA
1231 ExpectedResult = Success
1235 # ===========================================================
1237 [39-client-auth-DTLSv1.2-noroot]
1238 ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl
1240 [39-client-auth-DTLSv1.2-noroot-ssl]
1241 server = 39-client-auth-DTLSv1.2-noroot-server
1242 client = 39-client-auth-DTLSv1.2-noroot-client
1244 [39-client-auth-DTLSv1.2-noroot-server]
1245 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1246 CipherString = DEFAULT:@SECLEVEL=0
1247 MaxProtocol = DTLSv1.2
1248 MinProtocol = DTLSv1.2
1249 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1250 VerifyMode = Require
1252 [39-client-auth-DTLSv1.2-noroot-client]
1253 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1254 CipherString = DEFAULT:@SECLEVEL=0
1255 MaxProtocol = DTLSv1.2
1256 MinProtocol = DTLSv1.2
1257 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1258 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1262 ExpectedResult = ServerFail
1263 ExpectedServerAlert = UnknownCA