X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssl-tests%2F20-cert-select.conf;h=69a80033fbcf1d1954479f711311b310aed9b0c8;hp=dbb339d211ef5fa4eb1058fc9f43e969d4c51eae;hb=97ea1e7f42eea97b117af08b3c1d29f6443850ab;hpb=edb8a5eb54ee54452a410a6072c584ee94ed3ebb diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index dbb339d211..69a80033fb 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,13 +1,29 @@ # Generated with generate_ssl_tests.pl -num_tests = 6 +num_tests = 22 test-0 = 0-ECDSA CipherString Selection -test-1 = 1-RSA CipherString Selection -test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate -test-3 = 3-ECDSA Signature Algorithm Selection -test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-5 = 5-RSA Signature Algorithm Selection +test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection +test-2 = 2-RSA CipherString Selection +test-3 = 3-RSA-PSS Certificate CipherString Selection +test-4 = 4-P-256 CipherString and Signature Algorithm Selection +test-5 = 5-Ed25519 CipherString and Curves Selection +test-6 = 6-ECDSA CipherString Selection, no ECDSA certificate +test-7 = 7-ECDSA Signature Algorithm Selection +test-8 = 8-ECDSA Signature Algorithm Selection SHA384 +test-9 = 9-ECDSA Signature Algorithm Selection SHA1 +test-10 = 10-ECDSA Signature Algorithm Selection compressed point +test-11 = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-12 = 12-RSA Signature Algorithm Selection +test-13 = 13-RSA-PSS Signature Algorithm Selection +test-14 = 14-RSA-PSS Certificate Signature Algorithm Selection +test-15 = 15-Only RSA-PSS Certificate +test-16 = 16-RSA-PSS Certificate, no PSS signature algorithms +test-17 = 17-Suite B P-256 Hash Algorithm Selection +test-18 = 18-Suite B P-384 Hash Algorithm Selection +test-19 = 19-TLS 1.2 Ed25519 Client Auth +test-20 = 20-Only RSA-PSS Certificate, TLS v1.1 +test-21 = 21-TLS 1.2 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -22,146 +38,654 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-ECDSA CipherString Selection-client] CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] ExpectedResult = Success +ExpectedServerCANames = empty ExpectedServerCertType = P-256 +ExpectedServerSignType = EC # =========================================================== -[1-RSA CipherString Selection] -ssl_conf = 1-RSA CipherString Selection-ssl +[1-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 1-Ed25519 CipherString and Signature Algorithm Selection-ssl -[1-RSA CipherString Selection-ssl] -server = 1-RSA CipherString Selection-server -client = 1-RSA CipherString Selection-client +[1-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 1-Ed25519 CipherString and Signature Algorithm Selection-server +client = 1-Ed25519 CipherString and Signature Algorithm Selection-client -[1-RSA CipherString Selection-server] +[1-Ed25519 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-RSA CipherString Selection-client] -CipherString = aRSA +[1-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[2-RSA CipherString Selection] +ssl_conf = 2-RSA CipherString Selection-ssl + +[2-RSA CipherString Selection-ssl] +server = 2-RSA CipherString Selection-server +client = 2-RSA CipherString Selection-client + +[2-RSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-RSA CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = Success ExpectedServerCertType = RSA +ExpectedServerSignType = RSA-PSS # =========================================================== -[2-ECDSA CipherString Selection, no ECDSA certificate] -ssl_conf = 2-ECDSA CipherString Selection, no ECDSA certificate-ssl +[3-RSA-PSS Certificate CipherString Selection] +ssl_conf = 3-RSA-PSS Certificate CipherString Selection-ssl -[2-ECDSA CipherString Selection, no ECDSA certificate-ssl] -server = 2-ECDSA CipherString Selection, no ECDSA certificate-server -client = 2-ECDSA CipherString Selection, no ECDSA certificate-client +[3-RSA-PSS Certificate CipherString Selection-ssl] +server = 3-RSA-PSS Certificate CipherString Selection-server +client = 3-RSA-PSS Certificate CipherString Selection-client -[2-ECDSA CipherString Selection, no ECDSA certificate-server] +[3-RSA-PSS Certificate CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-ECDSA CipherString Selection, no ECDSA certificate-client] +[3-RSA-PSS Certificate CipherString Selection-client] +CipherString = aRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[4-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl + +[4-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 4-P-256 CipherString and Signature Algorithm Selection-server +client = 4-P-256 CipherString and Signature Algorithm Selection-client + +[4-P-256 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-P-256 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-2] +[test-4] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[5-Ed25519 CipherString and Curves Selection] +ssl_conf = 5-Ed25519 CipherString and Curves Selection-ssl + +[5-Ed25519 CipherString and Curves Selection-ssl] +server = 5-Ed25519 CipherString and Curves Selection-server +client = 5-Ed25519 CipherString and Curves Selection-client + +[5-Ed25519 CipherString and Curves Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-Ed25519 CipherString and Curves Selection-client] +CipherString = aECDSA +Curves = X25519 +MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[6-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 6-ECDSA CipherString Selection, no ECDSA certificate-ssl + +[6-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 6-ECDSA CipherString Selection, no ECDSA certificate-server +client = 6-ECDSA CipherString Selection, no ECDSA certificate-client + +[6-ECDSA CipherString Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-ECDSA CipherString Selection, no ECDSA certificate-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] ExpectedResult = ServerFail # =========================================================== -[3-ECDSA Signature Algorithm Selection] -ssl_conf = 3-ECDSA Signature Algorithm Selection-ssl +[7-ECDSA Signature Algorithm Selection] +ssl_conf = 7-ECDSA Signature Algorithm Selection-ssl -[3-ECDSA Signature Algorithm Selection-ssl] -server = 3-ECDSA Signature Algorithm Selection-server -client = 3-ECDSA Signature Algorithm Selection-client +[7-ECDSA Signature Algorithm Selection-ssl] +server = 7-ECDSA Signature Algorithm Selection-server +client = 7-ECDSA Signature Algorithm Selection-client -[3-ECDSA Signature Algorithm Selection-server] +[7-ECDSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-ECDSA Signature Algorithm Selection-client] +[7-ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-3] +[test-7] ExpectedResult = Success ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC # =========================================================== -[4-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl +[8-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 8-ECDSA Signature Algorithm Selection SHA384-ssl -[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate-client +[8-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 8-ECDSA Signature Algorithm Selection SHA384-server +client = 8-ECDSA Signature Algorithm Selection SHA384-client -[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +[8-ECDSA Signature Algorithm Selection SHA384-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[4-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +[8-ECDSA Signature Algorithm Selection SHA384-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[9-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 9-ECDSA Signature Algorithm Selection SHA1-ssl + +[9-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 9-ECDSA Signature Algorithm Selection SHA1-server +client = 9-ECDSA Signature Algorithm Selection SHA1-client + +[9-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + +# =========================================================== + +[10-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 10-ECDSA Signature Algorithm Selection compressed point-ssl + +[10-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 10-ECDSA Signature Algorithm Selection compressed point-server +client = 10-ECDSA Signature Algorithm Selection compressed point-client + +[10-ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-4] +[test-10] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[11-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] ExpectedResult = ServerFail # =========================================================== -[5-RSA Signature Algorithm Selection] -ssl_conf = 5-RSA Signature Algorithm Selection-ssl +[12-RSA Signature Algorithm Selection] +ssl_conf = 12-RSA Signature Algorithm Selection-ssl -[5-RSA Signature Algorithm Selection-ssl] -server = 5-RSA Signature Algorithm Selection-server -client = 5-RSA Signature Algorithm Selection-client +[12-RSA Signature Algorithm Selection-ssl] +server = 12-RSA Signature Algorithm Selection-server +client = 12-RSA Signature Algorithm Selection-client -[5-RSA Signature Algorithm Selection-server] +[12-RSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-RSA Signature Algorithm Selection-client] +[12-RSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-12] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA + + +# =========================================================== + +[13-RSA-PSS Signature Algorithm Selection] +ssl_conf = 13-RSA-PSS Signature Algorithm Selection-ssl + +[13-RSA-PSS Signature Algorithm Selection-ssl] +server = 13-RSA-PSS Signature Algorithm Selection-server +client = 13-RSA-PSS Signature Algorithm Selection-client + +[13-RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] ExpectedResult = Success ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[14-RSA-PSS Certificate Signature Algorithm Selection] +ssl_conf = 14-RSA-PSS Certificate Signature Algorithm Selection-ssl + +[14-RSA-PSS Certificate Signature Algorithm Selection-ssl] +server = 14-RSA-PSS Certificate Signature Algorithm Selection-server +client = 14-RSA-PSS Certificate Signature Algorithm Selection-client + +[14-RSA-PSS Certificate Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-RSA-PSS Certificate Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[15-Only RSA-PSS Certificate] +ssl_conf = 15-Only RSA-PSS Certificate-ssl + +[15-Only RSA-PSS Certificate-ssl] +server = 15-Only RSA-PSS Certificate-server +client = 15-Only RSA-PSS Certificate-client + +[15-Only RSA-PSS Certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[15-Only RSA-PSS Certificate-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerCertType = RSA-PSS +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[16-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 16-RSA-PSS Certificate, no PSS signature algorithms-ssl + +[16-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 16-RSA-PSS Certificate, no PSS signature algorithms-server +client = 16-RSA-PSS Certificate, no PSS signature algorithms-client + +[16-RSA-PSS Certificate, no PSS signature algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[16-RSA-PSS Certificate, no PSS signature algorithms-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ServerFail + + +# =========================================================== + +[17-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 17-Suite B P-256 Hash Algorithm Selection-ssl + +[17-Suite B P-256 Hash Algorithm Selection-ssl] +server = 17-Suite B P-256 Hash Algorithm Selection-server +client = 17-Suite B P-256 Hash Algorithm Selection-client + +[17-Suite B P-256 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-Suite B P-256 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[18-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 18-Suite B P-384 Hash Algorithm Selection-ssl + +[18-Suite B P-384 Hash Algorithm Selection-ssl] +server = 18-Suite B P-384 Hash Algorithm Selection-server +client = 18-Suite B P-384 Hash Algorithm Selection-client + +[18-Suite B P-384 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-Suite B P-384 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +ExpectedServerCertType = P-384 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[19-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl + +[19-TLS 1.2 Ed25519 Client Auth-ssl] +server = 19-TLS 1.2 Ed25519 Client Auth-server +client = 19-TLS 1.2 Ed25519 Client Auth-client + +[19-TLS 1.2 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[19-TLS 1.2 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[20-Only RSA-PSS Certificate, TLS v1.1] +ssl_conf = 20-Only RSA-PSS Certificate, TLS v1.1-ssl + +[20-Only RSA-PSS Certificate, TLS v1.1-ssl] +server = 20-Only RSA-PSS Certificate, TLS v1.1-server +client = 20-Only RSA-PSS Certificate, TLS v1.1-client + +[20-Only RSA-PSS Certificate, TLS v1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[20-Only RSA-PSS Certificate, TLS v1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ServerFail + + +# =========================================================== + +[21-TLS 1.2 DSA Certificate Test] +ssl_conf = 21-TLS 1.2 DSA Certificate Test-ssl + +[21-TLS 1.2 DSA Certificate Test-ssl] +server = 21-TLS 1.2 DSA Certificate Test-server +client = 21-TLS 1.2 DSA Certificate Test-client + +[21-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[21-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedResult = Success