1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-server-auth-TLSv1.3
6 test-1 = 1-client-auth-TLSv1.3-request
7 test-2 = 2-client-auth-TLSv1.3-require-fail
8 test-3 = 3-client-auth-TLSv1.3-require
9 test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
10 test-5 = 5-client-auth-TLSv1.3-noroot
11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
19 # ===========================================================
21 [0-server-auth-TLSv1.3]
22 ssl_conf = 0-server-auth-TLSv1.3-ssl
24 [0-server-auth-TLSv1.3-ssl]
25 server = 0-server-auth-TLSv1.3-server
26 client = 0-server-auth-TLSv1.3-client
28 [0-server-auth-TLSv1.3-server]
29 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
30 CipherString = DEFAULT
33 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
35 [0-server-auth-TLSv1.3-client]
36 CipherString = DEFAULT
39 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
43 ExpectedResult = Success
46 # ===========================================================
48 [1-client-auth-TLSv1.3-request]
49 ssl_conf = 1-client-auth-TLSv1.3-request-ssl
51 [1-client-auth-TLSv1.3-request-ssl]
52 server = 1-client-auth-TLSv1.3-request-server
53 client = 1-client-auth-TLSv1.3-request-client
55 [1-client-auth-TLSv1.3-request-server]
56 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
57 CipherString = DEFAULT
60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63 [1-client-auth-TLSv1.3-request-client]
64 CipherString = DEFAULT
67 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
71 ExpectedResult = Success
74 # ===========================================================
76 [2-client-auth-TLSv1.3-require-fail]
77 ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
79 [2-client-auth-TLSv1.3-require-fail-ssl]
80 server = 2-client-auth-TLSv1.3-require-fail-server
81 client = 2-client-auth-TLSv1.3-require-fail-client
83 [2-client-auth-TLSv1.3-require-fail-server]
84 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
85 CipherString = DEFAULT
88 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
92 [2-client-auth-TLSv1.3-require-fail-client]
93 CipherString = DEFAULT
96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
100 ExpectedResult = ServerFail
101 ExpectedServerAlert = CertificateRequired
104 # ===========================================================
106 [3-client-auth-TLSv1.3-require]
107 ssl_conf = 3-client-auth-TLSv1.3-require-ssl
109 [3-client-auth-TLSv1.3-require-ssl]
110 server = 3-client-auth-TLSv1.3-require-server
111 client = 3-client-auth-TLSv1.3-require-client
113 [3-client-auth-TLSv1.3-require-server]
114 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115 CipherString = DEFAULT
116 ClientSignatureAlgorithms = PSS+SHA256
117 MaxProtocol = TLSv1.3
118 MinProtocol = TLSv1.3
119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
123 [3-client-auth-TLSv1.3-require-client]
124 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
125 CipherString = DEFAULT
126 MaxProtocol = TLSv1.3
127 MinProtocol = TLSv1.3
128 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
129 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
133 ExpectedClientCANames = empty
134 ExpectedClientCertType = RSA
135 ExpectedClientSignHash = SHA256
136 ExpectedClientSignType = RSA-PSS
137 ExpectedResult = Success
140 # ===========================================================
142 [4-client-auth-TLSv1.3-require-non-empty-names]
143 ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
145 [4-client-auth-TLSv1.3-require-non-empty-names-ssl]
146 server = 4-client-auth-TLSv1.3-require-non-empty-names-server
147 client = 4-client-auth-TLSv1.3-require-non-empty-names-client
149 [4-client-auth-TLSv1.3-require-non-empty-names-server]
150 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151 CipherString = DEFAULT
152 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153 ClientSignatureAlgorithms = PSS+SHA256
154 MaxProtocol = TLSv1.3
155 MinProtocol = TLSv1.3
156 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
160 [4-client-auth-TLSv1.3-require-non-empty-names-client]
161 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162 CipherString = DEFAULT
163 MaxProtocol = TLSv1.3
164 MinProtocol = TLSv1.3
165 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
166 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
170 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
171 ExpectedClientCertType = RSA
172 ExpectedClientSignHash = SHA256
173 ExpectedClientSignType = RSA-PSS
174 ExpectedResult = Success
177 # ===========================================================
179 [5-client-auth-TLSv1.3-noroot]
180 ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
182 [5-client-auth-TLSv1.3-noroot-ssl]
183 server = 5-client-auth-TLSv1.3-noroot-server
184 client = 5-client-auth-TLSv1.3-noroot-client
186 [5-client-auth-TLSv1.3-noroot-server]
187 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
188 CipherString = DEFAULT
189 MaxProtocol = TLSv1.3
190 MinProtocol = TLSv1.3
191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
194 [5-client-auth-TLSv1.3-noroot-client]
195 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
196 CipherString = DEFAULT
197 MaxProtocol = TLSv1.3
198 MinProtocol = TLSv1.3
199 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
204 ExpectedResult = ServerFail
205 ExpectedServerAlert = UnknownCA
208 # ===========================================================
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
213 [6-client-auth-TLSv1.3-request-post-handshake-ssl]
214 server = 6-client-auth-TLSv1.3-request-post-handshake-server
215 client = 6-client-auth-TLSv1.3-request-post-handshake-client
217 [6-client-auth-TLSv1.3-request-post-handshake-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT
220 MaxProtocol = TLSv1.3
221 MinProtocol = TLSv1.3
222 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223 VerifyMode = RequestPostHandshake
225 [6-client-auth-TLSv1.3-request-post-handshake-client]
226 CipherString = DEFAULT
227 MaxProtocol = TLSv1.3
228 MinProtocol = TLSv1.3
229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
233 ExpectedResult = ServerFail
234 HandshakeMode = PostHandshakeAuth
237 # ===========================================================
239 [7-client-auth-TLSv1.3-require-fail-post-handshake]
240 ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
242 [7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
243 server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
244 client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
246 [7-client-auth-TLSv1.3-require-fail-post-handshake-server]
247 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248 CipherString = DEFAULT
249 MaxProtocol = TLSv1.3
250 MinProtocol = TLSv1.3
251 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253 VerifyMode = RequirePostHandshake
255 [7-client-auth-TLSv1.3-require-fail-post-handshake-client]
256 CipherString = DEFAULT
257 MaxProtocol = TLSv1.3
258 MinProtocol = TLSv1.3
259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
263 ExpectedResult = ServerFail
264 HandshakeMode = PostHandshakeAuth
267 # ===========================================================
269 [8-client-auth-TLSv1.3-require-post-handshake]
270 ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
272 [8-client-auth-TLSv1.3-require-post-handshake-ssl]
273 server = 8-client-auth-TLSv1.3-require-post-handshake-server
274 client = 8-client-auth-TLSv1.3-require-post-handshake-client
276 [8-client-auth-TLSv1.3-require-post-handshake-server]
277 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
278 CipherString = DEFAULT
279 ClientSignatureAlgorithms = PSS+SHA256
280 MaxProtocol = TLSv1.3
281 MinProtocol = TLSv1.3
282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
284 VerifyMode = RequestPostHandshake
286 [8-client-auth-TLSv1.3-require-post-handshake-client]
287 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
288 CipherString = DEFAULT
289 MaxProtocol = TLSv1.3
290 MinProtocol = TLSv1.3
291 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
292 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
296 ExpectedClientCANames = empty
297 ExpectedClientCertType = RSA
298 ExpectedClientSignHash = SHA256
299 ExpectedClientSignType = RSA-PSS
300 ExpectedResult = Success
301 HandshakeMode = PostHandshakeAuth
302 client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
304 [8-client-auth-TLSv1.3-require-post-handshake-client-extra]
308 # ===========================================================
310 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
311 ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
313 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
314 server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
315 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
317 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
318 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
319 CipherString = DEFAULT
320 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
321 ClientSignatureAlgorithms = PSS+SHA256
322 MaxProtocol = TLSv1.3
323 MinProtocol = TLSv1.3
324 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
325 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
326 VerifyMode = RequestPostHandshake
328 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
329 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
330 CipherString = DEFAULT
331 MaxProtocol = TLSv1.3
332 MinProtocol = TLSv1.3
333 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
334 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
338 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
339 ExpectedClientCertType = RSA
340 ExpectedClientSignHash = SHA256
341 ExpectedClientSignType = RSA-PSS
342 ExpectedResult = Success
343 HandshakeMode = PostHandshakeAuth
344 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
346 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
350 # ===========================================================
352 [10-client-auth-TLSv1.3-noroot-post-handshake]
353 ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
355 [10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
356 server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
357 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
359 [10-client-auth-TLSv1.3-noroot-post-handshake-server]
360 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361 CipherString = DEFAULT
362 MaxProtocol = TLSv1.3
363 MinProtocol = TLSv1.3
364 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365 VerifyMode = RequirePostHandshake
367 [10-client-auth-TLSv1.3-noroot-post-handshake-client]
368 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
369 CipherString = DEFAULT
370 MaxProtocol = TLSv1.3
371 MinProtocol = TLSv1.3
372 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
373 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
377 ExpectedResult = ServerFail
378 ExpectedServerAlert = UnknownCA
379 HandshakeMode = PostHandshakeAuth
380 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
382 [10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
386 # ===========================================================
388 [11-client-auth-TLSv1.3-request-force-client-post-handshake]
389 ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
391 [11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
392 server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
393 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
395 [11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
396 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
397 CipherString = DEFAULT
398 MaxProtocol = TLSv1.3
399 MinProtocol = TLSv1.3
400 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
401 VerifyMode = RequestPostHandshake
403 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
404 CipherString = DEFAULT
405 MaxProtocol = TLSv1.3
406 MinProtocol = TLSv1.3
407 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
411 ExpectedResult = Success
412 HandshakeMode = PostHandshakeAuth
413 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
415 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
419 # ===========================================================
421 [12-client-auth-TLSv1.3-request-force-server-post-handshake]
422 ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
424 [12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
425 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
426 client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
428 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
429 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
430 CipherString = DEFAULT
431 MaxProtocol = TLSv1.3
432 MinProtocol = TLSv1.3
433 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
434 VerifyMode = RequestPostHandshake
436 [12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
437 CipherString = DEFAULT
438 MaxProtocol = TLSv1.3
439 MinProtocol = TLSv1.3
440 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
444 ExpectedResult = ClientFail
445 HandshakeMode = PostHandshakeAuth
446 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
448 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
452 # ===========================================================
454 [13-client-auth-TLSv1.3-request-force-both-post-handshake]
455 ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
457 [13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
458 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
459 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
461 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
462 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
463 CipherString = DEFAULT
464 MaxProtocol = TLSv1.3
465 MinProtocol = TLSv1.3
466 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
467 VerifyMode = RequestPostHandshake
469 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
470 CipherString = DEFAULT
471 MaxProtocol = TLSv1.3
472 MinProtocol = TLSv1.3
473 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
477 ExpectedResult = Success
478 HandshakeMode = PostHandshakeAuth
479 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
480 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
482 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
485 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]