Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cb
[openssl.git] / test / ssl-tests / 04-client_auth.conf
1 # Generated with generate_ssl_tests.pl
2
3 num_tests = 36
4
5 test-0 = 0-server-auth-flex
6 test-1 = 1-client-auth-flex-request
7 test-2 = 2-client-auth-flex-require-fail
8 test-3 = 3-client-auth-flex-require
9 test-4 = 4-client-auth-flex-require-non-empty-names
10 test-5 = 5-client-auth-flex-noroot
11 test-6 = 6-server-auth-TLSv1
12 test-7 = 7-client-auth-TLSv1-request
13 test-8 = 8-client-auth-TLSv1-require-fail
14 test-9 = 9-client-auth-TLSv1-require
15 test-10 = 10-client-auth-TLSv1-require-non-empty-names
16 test-11 = 11-client-auth-TLSv1-noroot
17 test-12 = 12-server-auth-TLSv1.1
18 test-13 = 13-client-auth-TLSv1.1-request
19 test-14 = 14-client-auth-TLSv1.1-require-fail
20 test-15 = 15-client-auth-TLSv1.1-require
21 test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
22 test-17 = 17-client-auth-TLSv1.1-noroot
23 test-18 = 18-server-auth-TLSv1.2
24 test-19 = 19-client-auth-TLSv1.2-request
25 test-20 = 20-client-auth-TLSv1.2-require-fail
26 test-21 = 21-client-auth-TLSv1.2-require
27 test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
28 test-23 = 23-client-auth-TLSv1.2-noroot
29 test-24 = 24-server-auth-DTLSv1
30 test-25 = 25-client-auth-DTLSv1-request
31 test-26 = 26-client-auth-DTLSv1-require-fail
32 test-27 = 27-client-auth-DTLSv1-require
33 test-28 = 28-client-auth-DTLSv1-require-non-empty-names
34 test-29 = 29-client-auth-DTLSv1-noroot
35 test-30 = 30-server-auth-DTLSv1.2
36 test-31 = 31-client-auth-DTLSv1.2-request
37 test-32 = 32-client-auth-DTLSv1.2-require-fail
38 test-33 = 33-client-auth-DTLSv1.2-require
39 test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
40 test-35 = 35-client-auth-DTLSv1.2-noroot
41 # ===========================================================
42
43 [0-server-auth-flex]
44 ssl_conf = 0-server-auth-flex-ssl
45
46 [0-server-auth-flex-ssl]
47 server = 0-server-auth-flex-server
48 client = 0-server-auth-flex-client
49
50 [0-server-auth-flex-server]
51 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
52 CipherString = DEFAULT
53 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
54
55 [0-server-auth-flex-client]
56 CipherString = DEFAULT
57 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
58 VerifyMode = Peer
59
60 [test-0]
61 ExpectedResult = Success
62
63
64 # ===========================================================
65
66 [1-client-auth-flex-request]
67 ssl_conf = 1-client-auth-flex-request-ssl
68
69 [1-client-auth-flex-request-ssl]
70 server = 1-client-auth-flex-request-server
71 client = 1-client-auth-flex-request-client
72
73 [1-client-auth-flex-request-server]
74 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
75 CipherString = DEFAULT
76 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
77 VerifyMode = Request
78
79 [1-client-auth-flex-request-client]
80 CipherString = DEFAULT
81 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
82 VerifyMode = Peer
83
84 [test-1]
85 ExpectedResult = Success
86
87
88 # ===========================================================
89
90 [2-client-auth-flex-require-fail]
91 ssl_conf = 2-client-auth-flex-require-fail-ssl
92
93 [2-client-auth-flex-require-fail-ssl]
94 server = 2-client-auth-flex-require-fail-server
95 client = 2-client-auth-flex-require-fail-client
96
97 [2-client-auth-flex-require-fail-server]
98 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
99 CipherString = DEFAULT
100 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
101 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
102 VerifyMode = Require
103
104 [2-client-auth-flex-require-fail-client]
105 CipherString = DEFAULT
106 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
107 VerifyMode = Peer
108
109 [test-2]
110 ExpectedResult = ServerFail
111 ExpectedServerAlert = HandshakeFailure
112
113
114 # ===========================================================
115
116 [3-client-auth-flex-require]
117 ssl_conf = 3-client-auth-flex-require-ssl
118
119 [3-client-auth-flex-require-ssl]
120 server = 3-client-auth-flex-require-server
121 client = 3-client-auth-flex-require-client
122
123 [3-client-auth-flex-require-server]
124 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
125 CipherString = DEFAULT
126 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
127 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
128 VerifyMode = Request
129
130 [3-client-auth-flex-require-client]
131 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
132 CipherString = DEFAULT
133 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
134 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
135 VerifyMode = Peer
136
137 [test-3]
138 ExpectedClientCANames = empty
139 ExpectedClientCertType = RSA
140 ExpectedResult = Success
141
142
143 # ===========================================================
144
145 [4-client-auth-flex-require-non-empty-names]
146 ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
147
148 [4-client-auth-flex-require-non-empty-names-ssl]
149 server = 4-client-auth-flex-require-non-empty-names-server
150 client = 4-client-auth-flex-require-non-empty-names-client
151
152 [4-client-auth-flex-require-non-empty-names-server]
153 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
154 CipherString = DEFAULT
155 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
156 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158 VerifyMode = Request
159
160 [4-client-auth-flex-require-non-empty-names-client]
161 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162 CipherString = DEFAULT
163 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
164 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
165 VerifyMode = Peer
166
167 [test-4]
168 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
169 ExpectedClientCertType = RSA
170 ExpectedResult = Success
171
172
173 # ===========================================================
174
175 [5-client-auth-flex-noroot]
176 ssl_conf = 5-client-auth-flex-noroot-ssl
177
178 [5-client-auth-flex-noroot-ssl]
179 server = 5-client-auth-flex-noroot-server
180 client = 5-client-auth-flex-noroot-client
181
182 [5-client-auth-flex-noroot-server]
183 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
184 CipherString = DEFAULT
185 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
186 VerifyMode = Require
187
188 [5-client-auth-flex-noroot-client]
189 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
190 CipherString = DEFAULT
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
192 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
193 VerifyMode = Peer
194
195 [test-5]
196 ExpectedResult = ServerFail
197 ExpectedServerAlert = UnknownCA
198
199
200 # ===========================================================
201
202 [6-server-auth-TLSv1]
203 ssl_conf = 6-server-auth-TLSv1-ssl
204
205 [6-server-auth-TLSv1-ssl]
206 server = 6-server-auth-TLSv1-server
207 client = 6-server-auth-TLSv1-client
208
209 [6-server-auth-TLSv1-server]
210 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
211 CipherString = DEFAULT
212 MaxProtocol = TLSv1
213 MinProtocol = TLSv1
214 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
215
216 [6-server-auth-TLSv1-client]
217 CipherString = DEFAULT
218 MaxProtocol = TLSv1
219 MinProtocol = TLSv1
220 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
221 VerifyMode = Peer
222
223 [test-6]
224 ExpectedResult = Success
225
226
227 # ===========================================================
228
229 [7-client-auth-TLSv1-request]
230 ssl_conf = 7-client-auth-TLSv1-request-ssl
231
232 [7-client-auth-TLSv1-request-ssl]
233 server = 7-client-auth-TLSv1-request-server
234 client = 7-client-auth-TLSv1-request-client
235
236 [7-client-auth-TLSv1-request-server]
237 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
238 CipherString = DEFAULT
239 MaxProtocol = TLSv1
240 MinProtocol = TLSv1
241 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
242 VerifyMode = Request
243
244 [7-client-auth-TLSv1-request-client]
245 CipherString = DEFAULT
246 MaxProtocol = TLSv1
247 MinProtocol = TLSv1
248 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
249 VerifyMode = Peer
250
251 [test-7]
252 ExpectedResult = Success
253
254
255 # ===========================================================
256
257 [8-client-auth-TLSv1-require-fail]
258 ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
259
260 [8-client-auth-TLSv1-require-fail-ssl]
261 server = 8-client-auth-TLSv1-require-fail-server
262 client = 8-client-auth-TLSv1-require-fail-client
263
264 [8-client-auth-TLSv1-require-fail-server]
265 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
266 CipherString = DEFAULT
267 MaxProtocol = TLSv1
268 MinProtocol = TLSv1
269 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
270 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
271 VerifyMode = Require
272
273 [8-client-auth-TLSv1-require-fail-client]
274 CipherString = DEFAULT
275 MaxProtocol = TLSv1
276 MinProtocol = TLSv1
277 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
278 VerifyMode = Peer
279
280 [test-8]
281 ExpectedResult = ServerFail
282 ExpectedServerAlert = HandshakeFailure
283
284
285 # ===========================================================
286
287 [9-client-auth-TLSv1-require]
288 ssl_conf = 9-client-auth-TLSv1-require-ssl
289
290 [9-client-auth-TLSv1-require-ssl]
291 server = 9-client-auth-TLSv1-require-server
292 client = 9-client-auth-TLSv1-require-client
293
294 [9-client-auth-TLSv1-require-server]
295 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
296 CipherString = DEFAULT
297 MaxProtocol = TLSv1
298 MinProtocol = TLSv1
299 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
300 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
301 VerifyMode = Request
302
303 [9-client-auth-TLSv1-require-client]
304 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
305 CipherString = DEFAULT
306 MaxProtocol = TLSv1
307 MinProtocol = TLSv1
308 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
309 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
310 VerifyMode = Peer
311
312 [test-9]
313 ExpectedClientCANames = empty
314 ExpectedClientCertType = RSA
315 ExpectedResult = Success
316
317
318 # ===========================================================
319
320 [10-client-auth-TLSv1-require-non-empty-names]
321 ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
322
323 [10-client-auth-TLSv1-require-non-empty-names-ssl]
324 server = 10-client-auth-TLSv1-require-non-empty-names-server
325 client = 10-client-auth-TLSv1-require-non-empty-names-client
326
327 [10-client-auth-TLSv1-require-non-empty-names-server]
328 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
329 CipherString = DEFAULT
330 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
331 MaxProtocol = TLSv1
332 MinProtocol = TLSv1
333 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
334 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335 VerifyMode = Request
336
337 [10-client-auth-TLSv1-require-non-empty-names-client]
338 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
339 CipherString = DEFAULT
340 MaxProtocol = TLSv1
341 MinProtocol = TLSv1
342 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
343 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
344 VerifyMode = Peer
345
346 [test-10]
347 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
348 ExpectedClientCertType = RSA
349 ExpectedResult = Success
350
351
352 # ===========================================================
353
354 [11-client-auth-TLSv1-noroot]
355 ssl_conf = 11-client-auth-TLSv1-noroot-ssl
356
357 [11-client-auth-TLSv1-noroot-ssl]
358 server = 11-client-auth-TLSv1-noroot-server
359 client = 11-client-auth-TLSv1-noroot-client
360
361 [11-client-auth-TLSv1-noroot-server]
362 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
363 CipherString = DEFAULT
364 MaxProtocol = TLSv1
365 MinProtocol = TLSv1
366 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
367 VerifyMode = Require
368
369 [11-client-auth-TLSv1-noroot-client]
370 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
371 CipherString = DEFAULT
372 MaxProtocol = TLSv1
373 MinProtocol = TLSv1
374 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
375 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
376 VerifyMode = Peer
377
378 [test-11]
379 ExpectedResult = ServerFail
380 ExpectedServerAlert = UnknownCA
381
382
383 # ===========================================================
384
385 [12-server-auth-TLSv1.1]
386 ssl_conf = 12-server-auth-TLSv1.1-ssl
387
388 [12-server-auth-TLSv1.1-ssl]
389 server = 12-server-auth-TLSv1.1-server
390 client = 12-server-auth-TLSv1.1-client
391
392 [12-server-auth-TLSv1.1-server]
393 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394 CipherString = DEFAULT
395 MaxProtocol = TLSv1.1
396 MinProtocol = TLSv1.1
397 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
398
399 [12-server-auth-TLSv1.1-client]
400 CipherString = DEFAULT
401 MaxProtocol = TLSv1.1
402 MinProtocol = TLSv1.1
403 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
404 VerifyMode = Peer
405
406 [test-12]
407 ExpectedResult = Success
408
409
410 # ===========================================================
411
412 [13-client-auth-TLSv1.1-request]
413 ssl_conf = 13-client-auth-TLSv1.1-request-ssl
414
415 [13-client-auth-TLSv1.1-request-ssl]
416 server = 13-client-auth-TLSv1.1-request-server
417 client = 13-client-auth-TLSv1.1-request-client
418
419 [13-client-auth-TLSv1.1-request-server]
420 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421 CipherString = DEFAULT
422 MaxProtocol = TLSv1.1
423 MinProtocol = TLSv1.1
424 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
425 VerifyMode = Request
426
427 [13-client-auth-TLSv1.1-request-client]
428 CipherString = DEFAULT
429 MaxProtocol = TLSv1.1
430 MinProtocol = TLSv1.1
431 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
432 VerifyMode = Peer
433
434 [test-13]
435 ExpectedResult = Success
436
437
438 # ===========================================================
439
440 [14-client-auth-TLSv1.1-require-fail]
441 ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
442
443 [14-client-auth-TLSv1.1-require-fail-ssl]
444 server = 14-client-auth-TLSv1.1-require-fail-server
445 client = 14-client-auth-TLSv1.1-require-fail-client
446
447 [14-client-auth-TLSv1.1-require-fail-server]
448 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
449 CipherString = DEFAULT
450 MaxProtocol = TLSv1.1
451 MinProtocol = TLSv1.1
452 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
453 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
454 VerifyMode = Require
455
456 [14-client-auth-TLSv1.1-require-fail-client]
457 CipherString = DEFAULT
458 MaxProtocol = TLSv1.1
459 MinProtocol = TLSv1.1
460 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
461 VerifyMode = Peer
462
463 [test-14]
464 ExpectedResult = ServerFail
465 ExpectedServerAlert = HandshakeFailure
466
467
468 # ===========================================================
469
470 [15-client-auth-TLSv1.1-require]
471 ssl_conf = 15-client-auth-TLSv1.1-require-ssl
472
473 [15-client-auth-TLSv1.1-require-ssl]
474 server = 15-client-auth-TLSv1.1-require-server
475 client = 15-client-auth-TLSv1.1-require-client
476
477 [15-client-auth-TLSv1.1-require-server]
478 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
479 CipherString = DEFAULT
480 MaxProtocol = TLSv1.1
481 MinProtocol = TLSv1.1
482 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
483 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
484 VerifyMode = Request
485
486 [15-client-auth-TLSv1.1-require-client]
487 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
488 CipherString = DEFAULT
489 MaxProtocol = TLSv1.1
490 MinProtocol = TLSv1.1
491 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
492 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
493 VerifyMode = Peer
494
495 [test-15]
496 ExpectedClientCANames = empty
497 ExpectedClientCertType = RSA
498 ExpectedResult = Success
499
500
501 # ===========================================================
502
503 [16-client-auth-TLSv1.1-require-non-empty-names]
504 ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
505
506 [16-client-auth-TLSv1.1-require-non-empty-names-ssl]
507 server = 16-client-auth-TLSv1.1-require-non-empty-names-server
508 client = 16-client-auth-TLSv1.1-require-non-empty-names-client
509
510 [16-client-auth-TLSv1.1-require-non-empty-names-server]
511 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512 CipherString = DEFAULT
513 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
514 MaxProtocol = TLSv1.1
515 MinProtocol = TLSv1.1
516 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
517 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
518 VerifyMode = Request
519
520 [16-client-auth-TLSv1.1-require-non-empty-names-client]
521 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
522 CipherString = DEFAULT
523 MaxProtocol = TLSv1.1
524 MinProtocol = TLSv1.1
525 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
526 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
527 VerifyMode = Peer
528
529 [test-16]
530 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
531 ExpectedClientCertType = RSA
532 ExpectedResult = Success
533
534
535 # ===========================================================
536
537 [17-client-auth-TLSv1.1-noroot]
538 ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
539
540 [17-client-auth-TLSv1.1-noroot-ssl]
541 server = 17-client-auth-TLSv1.1-noroot-server
542 client = 17-client-auth-TLSv1.1-noroot-client
543
544 [17-client-auth-TLSv1.1-noroot-server]
545 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
546 CipherString = DEFAULT
547 MaxProtocol = TLSv1.1
548 MinProtocol = TLSv1.1
549 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
550 VerifyMode = Require
551
552 [17-client-auth-TLSv1.1-noroot-client]
553 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
554 CipherString = DEFAULT
555 MaxProtocol = TLSv1.1
556 MinProtocol = TLSv1.1
557 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
558 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
559 VerifyMode = Peer
560
561 [test-17]
562 ExpectedResult = ServerFail
563 ExpectedServerAlert = UnknownCA
564
565
566 # ===========================================================
567
568 [18-server-auth-TLSv1.2]
569 ssl_conf = 18-server-auth-TLSv1.2-ssl
570
571 [18-server-auth-TLSv1.2-ssl]
572 server = 18-server-auth-TLSv1.2-server
573 client = 18-server-auth-TLSv1.2-client
574
575 [18-server-auth-TLSv1.2-server]
576 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577 CipherString = DEFAULT
578 MaxProtocol = TLSv1.2
579 MinProtocol = TLSv1.2
580 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
581
582 [18-server-auth-TLSv1.2-client]
583 CipherString = DEFAULT
584 MaxProtocol = TLSv1.2
585 MinProtocol = TLSv1.2
586 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
587 VerifyMode = Peer
588
589 [test-18]
590 ExpectedResult = Success
591
592
593 # ===========================================================
594
595 [19-client-auth-TLSv1.2-request]
596 ssl_conf = 19-client-auth-TLSv1.2-request-ssl
597
598 [19-client-auth-TLSv1.2-request-ssl]
599 server = 19-client-auth-TLSv1.2-request-server
600 client = 19-client-auth-TLSv1.2-request-client
601
602 [19-client-auth-TLSv1.2-request-server]
603 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
604 CipherString = DEFAULT
605 MaxProtocol = TLSv1.2
606 MinProtocol = TLSv1.2
607 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
608 VerifyMode = Request
609
610 [19-client-auth-TLSv1.2-request-client]
611 CipherString = DEFAULT
612 MaxProtocol = TLSv1.2
613 MinProtocol = TLSv1.2
614 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
615 VerifyMode = Peer
616
617 [test-19]
618 ExpectedResult = Success
619
620
621 # ===========================================================
622
623 [20-client-auth-TLSv1.2-require-fail]
624 ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
625
626 [20-client-auth-TLSv1.2-require-fail-ssl]
627 server = 20-client-auth-TLSv1.2-require-fail-server
628 client = 20-client-auth-TLSv1.2-require-fail-client
629
630 [20-client-auth-TLSv1.2-require-fail-server]
631 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
632 CipherString = DEFAULT
633 MaxProtocol = TLSv1.2
634 MinProtocol = TLSv1.2
635 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
636 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
637 VerifyMode = Require
638
639 [20-client-auth-TLSv1.2-require-fail-client]
640 CipherString = DEFAULT
641 MaxProtocol = TLSv1.2
642 MinProtocol = TLSv1.2
643 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
644 VerifyMode = Peer
645
646 [test-20]
647 ExpectedResult = ServerFail
648 ExpectedServerAlert = HandshakeFailure
649
650
651 # ===========================================================
652
653 [21-client-auth-TLSv1.2-require]
654 ssl_conf = 21-client-auth-TLSv1.2-require-ssl
655
656 [21-client-auth-TLSv1.2-require-ssl]
657 server = 21-client-auth-TLSv1.2-require-server
658 client = 21-client-auth-TLSv1.2-require-client
659
660 [21-client-auth-TLSv1.2-require-server]
661 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
662 CipherString = DEFAULT
663 ClientSignatureAlgorithms = SHA256+RSA
664 MaxProtocol = TLSv1.2
665 MinProtocol = TLSv1.2
666 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
667 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
668 VerifyMode = Request
669
670 [21-client-auth-TLSv1.2-require-client]
671 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
672 CipherString = DEFAULT
673 MaxProtocol = TLSv1.2
674 MinProtocol = TLSv1.2
675 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
676 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
677 VerifyMode = Peer
678
679 [test-21]
680 ExpectedClientCANames = empty
681 ExpectedClientCertType = RSA
682 ExpectedClientSignHash = SHA256
683 ExpectedClientSignType = RSA
684 ExpectedResult = Success
685
686
687 # ===========================================================
688
689 [22-client-auth-TLSv1.2-require-non-empty-names]
690 ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
691
692 [22-client-auth-TLSv1.2-require-non-empty-names-ssl]
693 server = 22-client-auth-TLSv1.2-require-non-empty-names-server
694 client = 22-client-auth-TLSv1.2-require-non-empty-names-client
695
696 [22-client-auth-TLSv1.2-require-non-empty-names-server]
697 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
698 CipherString = DEFAULT
699 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
700 ClientSignatureAlgorithms = SHA256+RSA
701 MaxProtocol = TLSv1.2
702 MinProtocol = TLSv1.2
703 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
704 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
705 VerifyMode = Request
706
707 [22-client-auth-TLSv1.2-require-non-empty-names-client]
708 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
709 CipherString = DEFAULT
710 MaxProtocol = TLSv1.2
711 MinProtocol = TLSv1.2
712 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
713 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
714 VerifyMode = Peer
715
716 [test-22]
717 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
718 ExpectedClientCertType = RSA
719 ExpectedClientSignHash = SHA256
720 ExpectedClientSignType = RSA
721 ExpectedResult = Success
722
723
724 # ===========================================================
725
726 [23-client-auth-TLSv1.2-noroot]
727 ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
728
729 [23-client-auth-TLSv1.2-noroot-ssl]
730 server = 23-client-auth-TLSv1.2-noroot-server
731 client = 23-client-auth-TLSv1.2-noroot-client
732
733 [23-client-auth-TLSv1.2-noroot-server]
734 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
735 CipherString = DEFAULT
736 MaxProtocol = TLSv1.2
737 MinProtocol = TLSv1.2
738 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
739 VerifyMode = Require
740
741 [23-client-auth-TLSv1.2-noroot-client]
742 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
743 CipherString = DEFAULT
744 MaxProtocol = TLSv1.2
745 MinProtocol = TLSv1.2
746 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
747 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
748 VerifyMode = Peer
749
750 [test-23]
751 ExpectedResult = ServerFail
752 ExpectedServerAlert = UnknownCA
753
754
755 # ===========================================================
756
757 [24-server-auth-DTLSv1]
758 ssl_conf = 24-server-auth-DTLSv1-ssl
759
760 [24-server-auth-DTLSv1-ssl]
761 server = 24-server-auth-DTLSv1-server
762 client = 24-server-auth-DTLSv1-client
763
764 [24-server-auth-DTLSv1-server]
765 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
766 CipherString = DEFAULT
767 MaxProtocol = DTLSv1
768 MinProtocol = DTLSv1
769 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
770
771 [24-server-auth-DTLSv1-client]
772 CipherString = DEFAULT
773 MaxProtocol = DTLSv1
774 MinProtocol = DTLSv1
775 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
776 VerifyMode = Peer
777
778 [test-24]
779 ExpectedResult = Success
780 Method = DTLS
781
782
783 # ===========================================================
784
785 [25-client-auth-DTLSv1-request]
786 ssl_conf = 25-client-auth-DTLSv1-request-ssl
787
788 [25-client-auth-DTLSv1-request-ssl]
789 server = 25-client-auth-DTLSv1-request-server
790 client = 25-client-auth-DTLSv1-request-client
791
792 [25-client-auth-DTLSv1-request-server]
793 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
794 CipherString = DEFAULT
795 MaxProtocol = DTLSv1
796 MinProtocol = DTLSv1
797 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
798 VerifyMode = Request
799
800 [25-client-auth-DTLSv1-request-client]
801 CipherString = DEFAULT
802 MaxProtocol = DTLSv1
803 MinProtocol = DTLSv1
804 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
805 VerifyMode = Peer
806
807 [test-25]
808 ExpectedResult = Success
809 Method = DTLS
810
811
812 # ===========================================================
813
814 [26-client-auth-DTLSv1-require-fail]
815 ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
816
817 [26-client-auth-DTLSv1-require-fail-ssl]
818 server = 26-client-auth-DTLSv1-require-fail-server
819 client = 26-client-auth-DTLSv1-require-fail-client
820
821 [26-client-auth-DTLSv1-require-fail-server]
822 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
823 CipherString = DEFAULT
824 MaxProtocol = DTLSv1
825 MinProtocol = DTLSv1
826 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
827 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
828 VerifyMode = Require
829
830 [26-client-auth-DTLSv1-require-fail-client]
831 CipherString = DEFAULT
832 MaxProtocol = DTLSv1
833 MinProtocol = DTLSv1
834 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
835 VerifyMode = Peer
836
837 [test-26]
838 ExpectedResult = ServerFail
839 ExpectedServerAlert = HandshakeFailure
840 Method = DTLS
841
842
843 # ===========================================================
844
845 [27-client-auth-DTLSv1-require]
846 ssl_conf = 27-client-auth-DTLSv1-require-ssl
847
848 [27-client-auth-DTLSv1-require-ssl]
849 server = 27-client-auth-DTLSv1-require-server
850 client = 27-client-auth-DTLSv1-require-client
851
852 [27-client-auth-DTLSv1-require-server]
853 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
854 CipherString = DEFAULT
855 MaxProtocol = DTLSv1
856 MinProtocol = DTLSv1
857 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
858 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
859 VerifyMode = Request
860
861 [27-client-auth-DTLSv1-require-client]
862 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
863 CipherString = DEFAULT
864 MaxProtocol = DTLSv1
865 MinProtocol = DTLSv1
866 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
867 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
868 VerifyMode = Peer
869
870 [test-27]
871 ExpectedClientCANames = empty
872 ExpectedClientCertType = RSA
873 ExpectedResult = Success
874 Method = DTLS
875
876
877 # ===========================================================
878
879 [28-client-auth-DTLSv1-require-non-empty-names]
880 ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
881
882 [28-client-auth-DTLSv1-require-non-empty-names-ssl]
883 server = 28-client-auth-DTLSv1-require-non-empty-names-server
884 client = 28-client-auth-DTLSv1-require-non-empty-names-client
885
886 [28-client-auth-DTLSv1-require-non-empty-names-server]
887 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
888 CipherString = DEFAULT
889 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
890 MaxProtocol = DTLSv1
891 MinProtocol = DTLSv1
892 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
894 VerifyMode = Request
895
896 [28-client-auth-DTLSv1-require-non-empty-names-client]
897 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
898 CipherString = DEFAULT
899 MaxProtocol = DTLSv1
900 MinProtocol = DTLSv1
901 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
902 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
903 VerifyMode = Peer
904
905 [test-28]
906 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
907 ExpectedClientCertType = RSA
908 ExpectedResult = Success
909 Method = DTLS
910
911
912 # ===========================================================
913
914 [29-client-auth-DTLSv1-noroot]
915 ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
916
917 [29-client-auth-DTLSv1-noroot-ssl]
918 server = 29-client-auth-DTLSv1-noroot-server
919 client = 29-client-auth-DTLSv1-noroot-client
920
921 [29-client-auth-DTLSv1-noroot-server]
922 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
923 CipherString = DEFAULT
924 MaxProtocol = DTLSv1
925 MinProtocol = DTLSv1
926 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
927 VerifyMode = Require
928
929 [29-client-auth-DTLSv1-noroot-client]
930 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
931 CipherString = DEFAULT
932 MaxProtocol = DTLSv1
933 MinProtocol = DTLSv1
934 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
935 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
936 VerifyMode = Peer
937
938 [test-29]
939 ExpectedResult = ServerFail
940 ExpectedServerAlert = UnknownCA
941 Method = DTLS
942
943
944 # ===========================================================
945
946 [30-server-auth-DTLSv1.2]
947 ssl_conf = 30-server-auth-DTLSv1.2-ssl
948
949 [30-server-auth-DTLSv1.2-ssl]
950 server = 30-server-auth-DTLSv1.2-server
951 client = 30-server-auth-DTLSv1.2-client
952
953 [30-server-auth-DTLSv1.2-server]
954 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
955 CipherString = DEFAULT
956 MaxProtocol = DTLSv1.2
957 MinProtocol = DTLSv1.2
958 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
959
960 [30-server-auth-DTLSv1.2-client]
961 CipherString = DEFAULT
962 MaxProtocol = DTLSv1.2
963 MinProtocol = DTLSv1.2
964 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
965 VerifyMode = Peer
966
967 [test-30]
968 ExpectedResult = Success
969 Method = DTLS
970
971
972 # ===========================================================
973
974 [31-client-auth-DTLSv1.2-request]
975 ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
976
977 [31-client-auth-DTLSv1.2-request-ssl]
978 server = 31-client-auth-DTLSv1.2-request-server
979 client = 31-client-auth-DTLSv1.2-request-client
980
981 [31-client-auth-DTLSv1.2-request-server]
982 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
983 CipherString = DEFAULT
984 MaxProtocol = DTLSv1.2
985 MinProtocol = DTLSv1.2
986 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
987 VerifyMode = Request
988
989 [31-client-auth-DTLSv1.2-request-client]
990 CipherString = DEFAULT
991 MaxProtocol = DTLSv1.2
992 MinProtocol = DTLSv1.2
993 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
994 VerifyMode = Peer
995
996 [test-31]
997 ExpectedResult = Success
998 Method = DTLS
999
1000
1001 # ===========================================================
1002
1003 [32-client-auth-DTLSv1.2-require-fail]
1004 ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
1005
1006 [32-client-auth-DTLSv1.2-require-fail-ssl]
1007 server = 32-client-auth-DTLSv1.2-require-fail-server
1008 client = 32-client-auth-DTLSv1.2-require-fail-client
1009
1010 [32-client-auth-DTLSv1.2-require-fail-server]
1011 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1012 CipherString = DEFAULT
1013 MaxProtocol = DTLSv1.2
1014 MinProtocol = DTLSv1.2
1015 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1016 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1017 VerifyMode = Require
1018
1019 [32-client-auth-DTLSv1.2-require-fail-client]
1020 CipherString = DEFAULT
1021 MaxProtocol = DTLSv1.2
1022 MinProtocol = DTLSv1.2
1023 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1024 VerifyMode = Peer
1025
1026 [test-32]
1027 ExpectedResult = ServerFail
1028 ExpectedServerAlert = HandshakeFailure
1029 Method = DTLS
1030
1031
1032 # ===========================================================
1033
1034 [33-client-auth-DTLSv1.2-require]
1035 ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
1036
1037 [33-client-auth-DTLSv1.2-require-ssl]
1038 server = 33-client-auth-DTLSv1.2-require-server
1039 client = 33-client-auth-DTLSv1.2-require-client
1040
1041 [33-client-auth-DTLSv1.2-require-server]
1042 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1043 CipherString = DEFAULT
1044 MaxProtocol = DTLSv1.2
1045 MinProtocol = DTLSv1.2
1046 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1047 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1048 VerifyMode = Request
1049
1050 [33-client-auth-DTLSv1.2-require-client]
1051 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1052 CipherString = DEFAULT
1053 MaxProtocol = DTLSv1.2
1054 MinProtocol = DTLSv1.2
1055 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1056 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057 VerifyMode = Peer
1058
1059 [test-33]
1060 ExpectedClientCANames = empty
1061 ExpectedClientCertType = RSA
1062 ExpectedResult = Success
1063 Method = DTLS
1064
1065
1066 # ===========================================================
1067
1068 [34-client-auth-DTLSv1.2-require-non-empty-names]
1069 ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
1070
1071 [34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1072 server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
1073 client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
1074
1075 [34-client-auth-DTLSv1.2-require-non-empty-names-server]
1076 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1077 CipherString = DEFAULT
1078 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1079 MaxProtocol = DTLSv1.2
1080 MinProtocol = DTLSv1.2
1081 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1082 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1083 VerifyMode = Request
1084
1085 [34-client-auth-DTLSv1.2-require-non-empty-names-client]
1086 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1087 CipherString = DEFAULT
1088 MaxProtocol = DTLSv1.2
1089 MinProtocol = DTLSv1.2
1090 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1091 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1092 VerifyMode = Peer
1093
1094 [test-34]
1095 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1096 ExpectedClientCertType = RSA
1097 ExpectedResult = Success
1098 Method = DTLS
1099
1100
1101 # ===========================================================
1102
1103 [35-client-auth-DTLSv1.2-noroot]
1104 ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
1105
1106 [35-client-auth-DTLSv1.2-noroot-ssl]
1107 server = 35-client-auth-DTLSv1.2-noroot-server
1108 client = 35-client-auth-DTLSv1.2-noroot-client
1109
1110 [35-client-auth-DTLSv1.2-noroot-server]
1111 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1112 CipherString = DEFAULT
1113 MaxProtocol = DTLSv1.2
1114 MinProtocol = DTLSv1.2
1115 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1116 VerifyMode = Require
1117
1118 [35-client-auth-DTLSv1.2-noroot-client]
1119 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1120 CipherString = DEFAULT
1121 MaxProtocol = DTLSv1.2
1122 MinProtocol = DTLSv1.2
1123 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1124 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1125 VerifyMode = Peer
1126
1127 [test-35]
1128 ExpectedResult = ServerFail
1129 ExpectedServerAlert = UnknownCA
1130 Method = DTLS
1131
1132