Add certificate_authorities tests client to server.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 31 Mar 2017 22:06:15 +0000 (23:06 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 3 Apr 2017 22:47:22 +0000 (23:47 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 31 Mar 2017 22:06:15 +0000 (23:06 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 3 Apr 2017 22:47:22 +0000 (23:47 +0100)
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf

index e787efc5f06c85630c916a55bcc3bac35546ec1a..20154bbe8c577f8929b3efd8ccf5ace9ddc74945 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -34,11 +34,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  
  [0-ECDSA CipherString Selection-client]
  CipherString = aECDSA
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  VerifyMode = Peer
  
  [test-0]
  ExpectedResult = Success
+ExpectedServerCANames = empty
  ExpectedServerCertType = P-256
  ExpectedServerSignType = EC
  
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in

index 1d92e68d25196d655559985e891be10dd2b4f7e0..aadae27a48ca99ee35cb6a5e716da2a5ab379252 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -21,10 +21,13 @@ our @tests = (
          server => $server,
          client => {
              "CipherString" => "aECDSA",
+            "RequestCAFile" => test_pem("root-cert.pem"),
          },
          test   => {
              "ExpectedServerCertType" =>, "P-256",
              "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
              "ExpectedResult" => "Success"
          },
      },
@@ -214,6 +217,7 @@ my @tests_tls_1_3 = (
              "ExpectedServerCertType" => "P-256",
              "ExpectedServerSignHash" => "SHA256",
              "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => "empty",
              "ExpectedResult" => "Success"
          },
      },
@@ -247,11 +251,13 @@ my @tests_tls_1_3 = (
          server => $server_tls_1_3,
          client => {
              "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
          },
          test   => {
              "ExpectedServerCertType" => "P-256",
              "ExpectedServerSignHash" => "SHA256",
              "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => test_pem("root-cert.pem"),
              "ExpectedResult" => "Success"
          },
      },
@@ -325,7 +331,7 @@ my @tests_tls_1_3 = (
          server => {
              "ClientSignatureAlgorithms" => "PSS+SHA256",
              "VerifyCAFile" => test_pem("root-cert.pem"),
-            "ClientCAFile" => test_pem("root-cert.pem"),
+            "RequestCAFile" => test_pem("root-cert.pem"),
              "VerifyMode" => "Require"
          },
          client => $client_tls_1_3,
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 31 Mar 2017 22:06:15 +0000 (23:06 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 3 Apr 2017 22:47:22 +0000 (23:47 +0100)
test/ssl-tests/20-cert-select.conf		patch \| blob \| history
test/ssl-tests/20-cert-select.conf.in		patch \| blob \| history