Add client auth TLS 1.3 certificate selection tests

author Dr. Stephen Henson <steve@openssl.org>

Wed, 15 Feb 2017 22:16:09 +0000 (22:16 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 16 Feb 2017 16:43:44 +0000 (16:43 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 15 Feb 2017 22:16:09 +0000 (22:16 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 16 Feb 2017 16:43:44 +0000 (16:43 +0000)
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in

index 2036d2c9a382142fa0a2ec658bc66900b78016d9..3d36a0ea1f63ab8466a9e94b46df592d77fd0780 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -11,9 +11,11 @@ use OpenSSL::Test::Utils;
  
  my $dir_sep = $^O ne "VMS" ? "/" : "";
  
+my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
+
  my $server = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
      "MaxProtocol" => "TLSv1.2"
  };
  
@@ -122,8 +124,17 @@ our @tests = (
  
  
  my $server_tls_1_3 = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $client_tls_1_3 = {
+    "RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
+    "RSA.PrivateKey" => "${cert_dir}ee-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
      "MinProtocol" => "TLSv1.3",
      "MaxProtocol" => "TLSv1.3"
  };
@@ -203,7 +214,37 @@ my @tests_tls_1_3 = (
              "ExpectedServerSignType" => "RSA-PSS",
              "ExpectedResult" => "Success"
          },
-    }
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "P-256",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
  );
  
  push @tests, @tests_tls_1_3 unless disabled("tls1_3");
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 15 Feb 2017 22:16:09 +0000 (22:16 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 16 Feb 2017 16:43:44 +0000 (16:43 +0000)