projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update client authentication tests
[openssl.git] / test / ssl-tests / 04-client_auth.conf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 20
4
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-noroot
10 test-5 = 5-server-auth-TLSv1
11 test-6 = 6-client-auth-TLSv1-request
12 test-7 = 7-client-auth-TLSv1-require-fail
13 test-8 = 8-client-auth-TLSv1-require
14 test-9 = 9-client-auth-TLSv1-noroot
15 test-10 = 10-server-auth-TLSv1.1
16 test-11 = 11-client-auth-TLSv1.1-request
17 test-12 = 12-client-auth-TLSv1.1-require-fail
18 test-13 = 13-client-auth-TLSv1.1-require
19 test-14 = 14-client-auth-TLSv1.1-noroot
20 test-15 = 15-server-auth-TLSv1.2
21 test-16 = 16-client-auth-TLSv1.2-request
22 test-17 = 17-client-auth-TLSv1.2-require-fail
23 test-18 = 18-client-auth-TLSv1.2-require
24 test-19 = 19-client-auth-TLSv1.2-noroot
25 # ===========================================================
26
27 [0-server-auth-flex]
28 ssl_conf = 0-server-auth-flex-ssl
29
30 [0-server-auth-flex-ssl]
31 server = 0-server-auth-flex-server
32 client = 0-server-auth-flex-client
33
34 [0-server-auth-flex-server]
35 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
36 CipherString = DEFAULT
37 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
38
39
40 [0-server-auth-flex-client]
41 CipherString = DEFAULT
42 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
43 VerifyMode = Peer
44
45
46 [test-0]
47 ExpectedResult = Success
48
49
50 # ===========================================================
51
52 [1-client-auth-flex-request]
53 ssl_conf = 1-client-auth-flex-request-ssl
54
55 [1-client-auth-flex-request-ssl]
56 server = 1-client-auth-flex-request-server
57 client = 1-client-auth-flex-request-client
58
59 [1-client-auth-flex-request-server]
60 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
61 CipherString = DEFAULT
62 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63 VerifyMode = Request
64
65
66 [1-client-auth-flex-request-client]
67 CipherString = DEFAULT
68 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
69 VerifyMode = Peer
70
71
72 [test-1]
73 ExpectedResult = Success
74
75
76 # ===========================================================
77
78 [2-client-auth-flex-require-fail]
79 ssl_conf = 2-client-auth-flex-require-fail-ssl
80
81 [2-client-auth-flex-require-fail-ssl]
82 server = 2-client-auth-flex-require-fail-server
83 client = 2-client-auth-flex-require-fail-client
84
85 [2-client-auth-flex-require-fail-server]
86 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
87 CipherString = DEFAULT
88 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
90 VerifyMode = Require
91
92
93 [2-client-auth-flex-require-fail-client]
94 CipherString = DEFAULT
95 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
96 VerifyMode = Peer
97
98
99 [test-2]
100 ExpectedResult = ServerFail
101 ServerAlert = HandshakeFailure
102
103
104 # ===========================================================
105
106 [3-client-auth-flex-require]
107 ssl_conf = 3-client-auth-flex-require-ssl
108
109 [3-client-auth-flex-require-ssl]
110 server = 3-client-auth-flex-require-server
111 client = 3-client-auth-flex-require-client
112
113 [3-client-auth-flex-require-server]
114 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115 CipherString = DEFAULT
116 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
117 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
118 VerifyMode = Request
119
120
121 [3-client-auth-flex-require-client]
122 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
123 CipherString = DEFAULT
124 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
125 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
126 VerifyMode = Peer
127
128
129 [test-3]
130 ExpectedResult = Success
131
132
133 # ===========================================================
134
135 [4-client-auth-flex-noroot]
136 ssl_conf = 4-client-auth-flex-noroot-ssl
137
138 [4-client-auth-flex-noroot-ssl]
139 server = 4-client-auth-flex-noroot-server
140 client = 4-client-auth-flex-noroot-client
141
142 [4-client-auth-flex-noroot-server]
143 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
144 CipherString = DEFAULT
145 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
146 VerifyMode = Require
147
148
149 [4-client-auth-flex-noroot-client]
150 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
151 CipherString = DEFAULT
152 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
153 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
154 VerifyMode = Peer
155
156
157 [test-4]
158 ExpectedResult = ServerFail
159 ServerAlert = UnknownCA
160
161
162 # ===========================================================
163
164 [5-server-auth-TLSv1]
165 ssl_conf = 5-server-auth-TLSv1-ssl
166
167 [5-server-auth-TLSv1-ssl]
168 server = 5-server-auth-TLSv1-server
169 client = 5-server-auth-TLSv1-client
170
171 [5-server-auth-TLSv1-server]
172 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
173 CipherString = DEFAULT
174 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
175 Protocol = TLSv1
176
177
178 [5-server-auth-TLSv1-client]
179 CipherString = DEFAULT
180 Protocol = TLSv1
181 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
182 VerifyMode = Peer
183
184
185 [test-5]
186 ExpectedResult = Success
187
188
189 # ===========================================================
190
191 [6-client-auth-TLSv1-request]
192 ssl_conf = 6-client-auth-TLSv1-request-ssl
193
194 [6-client-auth-TLSv1-request-ssl]
195 server = 6-client-auth-TLSv1-request-server
196 client = 6-client-auth-TLSv1-request-client
197
198 [6-client-auth-TLSv1-request-server]
199 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
200 CipherString = DEFAULT
201 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
202 Protocol = TLSv1
203 VerifyMode = Request
204
205
206 [6-client-auth-TLSv1-request-client]
207 CipherString = DEFAULT
208 Protocol = TLSv1
209 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
210 VerifyMode = Peer
211
212
213 [test-6]
214 ExpectedResult = Success
215
216
217 # ===========================================================
218
219 [7-client-auth-TLSv1-require-fail]
220 ssl_conf = 7-client-auth-TLSv1-require-fail-ssl
221
222 [7-client-auth-TLSv1-require-fail-ssl]
223 server = 7-client-auth-TLSv1-require-fail-server
224 client = 7-client-auth-TLSv1-require-fail-client
225
226 [7-client-auth-TLSv1-require-fail-server]
227 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
228 CipherString = DEFAULT
229 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
230 Protocol = TLSv1
231 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
232 VerifyMode = Require
233
234
235 [7-client-auth-TLSv1-require-fail-client]
236 CipherString = DEFAULT
237 Protocol = TLSv1
238 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
239 VerifyMode = Peer
240
241
242 [test-7]
243 ExpectedResult = ServerFail
244 ServerAlert = HandshakeFailure
245
246
247 # ===========================================================
248
249 [8-client-auth-TLSv1-require]
250 ssl_conf = 8-client-auth-TLSv1-require-ssl
251
252 [8-client-auth-TLSv1-require-ssl]
253 server = 8-client-auth-TLSv1-require-server
254 client = 8-client-auth-TLSv1-require-client
255
256 [8-client-auth-TLSv1-require-server]
257 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
258 CipherString = DEFAULT
259 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
260 Protocol = TLSv1
261 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
262 VerifyMode = Request
263
264
265 [8-client-auth-TLSv1-require-client]
266 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
267 CipherString = DEFAULT
268 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
269 Protocol = TLSv1
270 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
271 VerifyMode = Peer
272
273
274 [test-8]
275 ExpectedResult = Success
276
277
278 # ===========================================================
279
280 [9-client-auth-TLSv1-noroot]
281 ssl_conf = 9-client-auth-TLSv1-noroot-ssl
282
283 [9-client-auth-TLSv1-noroot-ssl]
284 server = 9-client-auth-TLSv1-noroot-server
285 client = 9-client-auth-TLSv1-noroot-client
286
287 [9-client-auth-TLSv1-noroot-server]
288 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
289 CipherString = DEFAULT
290 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
291 Protocol = TLSv1
292 VerifyMode = Require
293
294
295 [9-client-auth-TLSv1-noroot-client]
296 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
297 CipherString = DEFAULT
298 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
299 Protocol = TLSv1
300 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
301 VerifyMode = Peer
302
303
304 [test-9]
305 ExpectedResult = ServerFail
306 ServerAlert = UnknownCA
307
308
309 # ===========================================================
310
311 [10-server-auth-TLSv1.1]
312 ssl_conf = 10-server-auth-TLSv1.1-ssl
313
314 [10-server-auth-TLSv1.1-ssl]
315 server = 10-server-auth-TLSv1.1-server
316 client = 10-server-auth-TLSv1.1-client
317
318 [10-server-auth-TLSv1.1-server]
319 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
320 CipherString = DEFAULT
321 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
322 Protocol = TLSv1.1
323
324
325 [10-server-auth-TLSv1.1-client]
326 CipherString = DEFAULT
327 Protocol = TLSv1.1
328 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
329 VerifyMode = Peer
330
331
332 [test-10]
333 ExpectedResult = Success
334
335
336 # ===========================================================
337
338 [11-client-auth-TLSv1.1-request]
339 ssl_conf = 11-client-auth-TLSv1.1-request-ssl
340
341 [11-client-auth-TLSv1.1-request-ssl]
342 server = 11-client-auth-TLSv1.1-request-server
343 client = 11-client-auth-TLSv1.1-request-client
344
345 [11-client-auth-TLSv1.1-request-server]
346 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
347 CipherString = DEFAULT
348 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
349 Protocol = TLSv1.1
350 VerifyMode = Request
351
352
353 [11-client-auth-TLSv1.1-request-client]
354 CipherString = DEFAULT
355 Protocol = TLSv1.1
356 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
357 VerifyMode = Peer
358
359
360 [test-11]
361 ExpectedResult = Success
362
363
364 # ===========================================================
365
366 [12-client-auth-TLSv1.1-require-fail]
367 ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl
368
369 [12-client-auth-TLSv1.1-require-fail-ssl]
370 server = 12-client-auth-TLSv1.1-require-fail-server
371 client = 12-client-auth-TLSv1.1-require-fail-client
372
373 [12-client-auth-TLSv1.1-require-fail-server]
374 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
375 CipherString = DEFAULT
376 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
377 Protocol = TLSv1.1
378 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
379 VerifyMode = Require
380
381
382 [12-client-auth-TLSv1.1-require-fail-client]
383 CipherString = DEFAULT
384 Protocol = TLSv1.1
385 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
386 VerifyMode = Peer
387
388
389 [test-12]
390 ExpectedResult = ServerFail
391 ServerAlert = HandshakeFailure
392
393
394 # ===========================================================
395
396 [13-client-auth-TLSv1.1-require]
397 ssl_conf = 13-client-auth-TLSv1.1-require-ssl
398
399 [13-client-auth-TLSv1.1-require-ssl]
400 server = 13-client-auth-TLSv1.1-require-server
401 client = 13-client-auth-TLSv1.1-require-client
402
403 [13-client-auth-TLSv1.1-require-server]
404 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
405 CipherString = DEFAULT
406 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
407 Protocol = TLSv1.1
408 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
409 VerifyMode = Request
410
411
412 [13-client-auth-TLSv1.1-require-client]
413 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
414 CipherString = DEFAULT
415 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
416 Protocol = TLSv1.1
417 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
418 VerifyMode = Peer
419
420
421 [test-13]
422 ExpectedResult = Success
423
424
425 # ===========================================================
426
427 [14-client-auth-TLSv1.1-noroot]
428 ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl
429
430 [14-client-auth-TLSv1.1-noroot-ssl]
431 server = 14-client-auth-TLSv1.1-noroot-server
432 client = 14-client-auth-TLSv1.1-noroot-client
433
434 [14-client-auth-TLSv1.1-noroot-server]
435 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
436 CipherString = DEFAULT
437 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
438 Protocol = TLSv1.1
439 VerifyMode = Require
440
441
442 [14-client-auth-TLSv1.1-noroot-client]
443 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
444 CipherString = DEFAULT
445 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
446 Protocol = TLSv1.1
447 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
448 VerifyMode = Peer
449
450
451 [test-14]
452 ExpectedResult = ServerFail
453 ServerAlert = UnknownCA
454
455
456 # ===========================================================
457
458 [15-server-auth-TLSv1.2]
459 ssl_conf = 15-server-auth-TLSv1.2-ssl
460
461 [15-server-auth-TLSv1.2-ssl]
462 server = 15-server-auth-TLSv1.2-server
463 client = 15-server-auth-TLSv1.2-client
464
465 [15-server-auth-TLSv1.2-server]
466 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
467 CipherString = DEFAULT
468 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
469 Protocol = TLSv1.2
470
471
472 [15-server-auth-TLSv1.2-client]
473 CipherString = DEFAULT
474 Protocol = TLSv1.2
475 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
476 VerifyMode = Peer
477
478
479 [test-15]
480 ExpectedResult = Success
481
482
483 # ===========================================================
484
485 [16-client-auth-TLSv1.2-request]
486 ssl_conf = 16-client-auth-TLSv1.2-request-ssl
487
488 [16-client-auth-TLSv1.2-request-ssl]
489 server = 16-client-auth-TLSv1.2-request-server
490 client = 16-client-auth-TLSv1.2-request-client
491
492 [16-client-auth-TLSv1.2-request-server]
493 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
494 CipherString = DEFAULT
495 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
496 Protocol = TLSv1.2
497 VerifyMode = Request
498
499
500 [16-client-auth-TLSv1.2-request-client]
501 CipherString = DEFAULT
502 Protocol = TLSv1.2
503 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
504 VerifyMode = Peer
505
506
507 [test-16]
508 ExpectedResult = Success
509
510
511 # ===========================================================
512
513 [17-client-auth-TLSv1.2-require-fail]
514 ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl
515
516 [17-client-auth-TLSv1.2-require-fail-ssl]
517 server = 17-client-auth-TLSv1.2-require-fail-server
518 client = 17-client-auth-TLSv1.2-require-fail-client
519
520 [17-client-auth-TLSv1.2-require-fail-server]
521 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
522 CipherString = DEFAULT
523 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
524 Protocol = TLSv1.2
525 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
526 VerifyMode = Require
527
528
529 [17-client-auth-TLSv1.2-require-fail-client]
530 CipherString = DEFAULT
531 Protocol = TLSv1.2
532 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
533 VerifyMode = Peer
534
535
536 [test-17]
537 ExpectedResult = ServerFail
538 ServerAlert = HandshakeFailure
539
540
541 # ===========================================================
542
543 [18-client-auth-TLSv1.2-require]
544 ssl_conf = 18-client-auth-TLSv1.2-require-ssl
545
546 [18-client-auth-TLSv1.2-require-ssl]
547 server = 18-client-auth-TLSv1.2-require-server
548 client = 18-client-auth-TLSv1.2-require-client
549
550 [18-client-auth-TLSv1.2-require-server]
551 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
552 CipherString = DEFAULT
553 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
554 Protocol = TLSv1.2
555 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
556 VerifyMode = Request
557
558
559 [18-client-auth-TLSv1.2-require-client]
560 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
561 CipherString = DEFAULT
562 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
563 Protocol = TLSv1.2
564 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
565 VerifyMode = Peer
566
567
568 [test-18]
569 ExpectedResult = Success
570
571
572 # ===========================================================
573
574 [19-client-auth-TLSv1.2-noroot]
575 ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl
576
577 [19-client-auth-TLSv1.2-noroot-ssl]
578 server = 19-client-auth-TLSv1.2-noroot-server
579 client = 19-client-auth-TLSv1.2-noroot-client
580
581 [19-client-auth-TLSv1.2-noroot-server]
582 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
583 CipherString = DEFAULT
584 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
585 Protocol = TLSv1.2
586 VerifyMode = Require
587
588
589 [19-client-auth-TLSv1.2-noroot-client]
590 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
591 CipherString = DEFAULT
592 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
593 Protocol = TLSv1.2
594 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
595 VerifyMode = Peer
596
597
598 [test-19]
599 ExpectedResult = ServerFail
600 ServerAlert = UnknownCA
601
602
Unnamed repository; edit this file 'description' to name the repository.