Add tests for client and server signature type
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5 package ssltests;
6
7 use strict;
8 use warnings;
9
10 use OpenSSL::Test;
11 use OpenSSL::Test::Utils qw(anydisabled);
12
13 my $dir_sep = $^O ne "VMS" ? "/" : "";
14
15 my $server = {
16     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
17     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
18     # TODO(TLS1.3): add test cases for TLSv1.3
19     "MaxProtocol" => "TLSv1.2"
20 };
21
22 our @tests = (
23     {
24         name => "ECDSA CipherString Selection",
25         server => $server,
26         client => {
27             "CipherString" => "aECDSA",
28         },
29         test   => {
30             "ExpectedServerCertType" =>, "P-256",
31             "ExpectedServerSignType" =>, "EC",
32             "ExpectedResult" => "Success"
33         },
34     },
35     {
36         name => "RSA CipherString Selection",
37         server => $server,
38         client => {
39             "CipherString" => "aRSA",
40         },
41         test   => {
42             "ExpectedServerCertType" =>, "RSA",
43             "ExpectedServerSignType" =>, "RSA-PSS",
44             "ExpectedResult" => "Success"
45         },
46     },
47     {
48         name => "ECDSA CipherString Selection, no ECDSA certificate",
49         server => { },
50         client => {
51             "CipherString" => "aECDSA"
52         },
53         test   => {
54             "ExpectedResult" => "ServerFail"
55         },
56     },
57     {
58         name => "ECDSA Signature Algorithm Selection",
59         server => $server,
60         client => {
61             "SignatureAlgorithms" => "ECDSA+SHA256",
62         },
63         test   => {
64             "ExpectedServerCertType" => "P-256",
65             "ExpectedServerSignHash" => "SHA256",
66             "ExpectedServerSignType" => "EC",
67             "ExpectedResult" => "Success"
68         },
69     },
70     {
71         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
72         server => { },
73         client => {
74             "SignatureAlgorithms" => "ECDSA+SHA256",
75         },
76         test   => {
77             "ExpectedResult" => "ServerFail"
78         },
79     },
80     {
81         name => "RSA Signature Algorithm Selection",
82         server => $server,
83         client => {
84             "SignatureAlgorithms" => "RSA+SHA256",
85         },
86         test   => {
87             "ExpectedServerCertType" => "RSA",
88             "ExpectedServerSignHash" => "SHA256",
89             "ExpectedServerSignType" => "RSA",
90             "ExpectedResult" => "Success"
91         },
92     },
93     {
94         name => "RSA-PSS Signature Algorithm Selection",
95         server => $server,
96         client => {
97             "SignatureAlgorithms" => "RSA-PSS+SHA256",
98         },
99         test   => {
100             "ExpectedServerCertType" => "RSA",
101             "ExpectedServerSignHash" => "SHA256",
102             "ExpectedServerSignType" => "RSA-PSS",
103             "ExpectedResult" => "Success"
104         },
105     }
106 );