- # Handshake with client authentication but without the root certificate.
- push @tests, {
- name => "client-auth-${protocol_name}-noroot",
- server => {
- "MinProtocol" => $protocol,
- "MaxProtocol" => $protocol,
- "VerifyMode" => "Require",
- },
- client => {
- "MinProtocol" => $protocol,
- "MaxProtocol" => $protocol,
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
- },
- test => {
- "ExpectedResult" => "ServerFail",
- "ExpectedServerAlert" => $caalert,
- },
- };
+ # Successful handshake with client authentication non-empty names
+ push @tests, {
+ name => "client-auth-${protocol_name}-require-non-empty-names"
+ .($sctp ? "-sctp" : ""),
+ server => {
+ "MinProtocol" => $protocol,
+ "MaxProtocol" => $protocol,
+ "ClientSignatureAlgorithms" => $clisigalgs,
+ "ClientCAFile" => test_pem("root-cert.pem"),
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "MinProtocol" => $protocol,
+ "MaxProtocol" => $protocol,
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => $clisigtype,
+ "ExpectedClientSignHash" => $clihash,
+ "ExpectedClientCANames" => test_pem("root-cert.pem"),
+ "Method" => $method,
+ },
+ };
+ $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+ # Handshake with client authentication but without the root certificate.
+ push @tests, {
+ name => "client-auth-${protocol_name}-noroot"
+ .($sctp ? "-sctp" : ""),
+ server => {
+ "MinProtocol" => $protocol,
+ "MaxProtocol" => $protocol,
+ "VerifyMode" => "Require",
+ },
+ client => {
+ "MinProtocol" => $protocol,
+ "MaxProtocol" => $protocol,
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => $caalert,
+ "Method" => $method,
+ },
+ };
+ $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+ }