diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-02-15 22:16:09 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-02-16 16:43:44 +0000 |
commit | 86de658a84a379ad9e7b8b93bb66adb8e218f4c8 (patch) | |
tree | db985af2d56c7aa16ccddb569d9e9d08bb639e88 | |
parent | b4cb7eb7df2982e4f8d5a175e5c43d601ca7e727 (diff) | |
download | openssl-86de658a84a379ad9e7b8b93bb66adb8e218f4c8.tar.gz |
Add client auth TLS 1.3 certificate selection tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
-rw-r--r-- | test/ssl-tests/20-cert-select.conf.in | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 2036d2c9a3..3d36a0ea1f 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -11,9 +11,11 @@ use OpenSSL::Test::Utils; my $dir_sep = $^O ne "VMS" ? "/" : ""; +my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}"; + my $server = { - "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", - "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", + "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem", + "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem", "MaxProtocol" => "TLSv1.2" }; @@ -122,8 +124,17 @@ our @tests = ( my $server_tls_1_3 = { - "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", - "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", + "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem", + "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem", + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" +}; + +my $client_tls_1_3 = { + "RSA.Certificate" => "${cert_dir}ee-client-chain.pem", + "RSA.PrivateKey" => "${cert_dir}ee-key.pem", + "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem", + "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem", "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3" }; @@ -203,7 +214,37 @@ my @tests_tls_1_3 = ( "ExpectedServerSignType" => "RSA-PSS", "ExpectedResult" => "Success" }, - } + }, + { + name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "PSS+SHA256", + "VerifyCAFile" => "${cert_dir}root-cert.pem", + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "RSA-PSS", + "ExpectedResult" => "Success" + }, + }, + { + name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection", + server => { + "ClientSignatureAlgorithms" => "ECDSA+SHA256", + "VerifyCAFile" => "${cert_dir}root-cert.pem", + "VerifyMode" => "Require" + }, + client => $client_tls_1_3, + test => { + "ExpectedClientCertType" => "P-256", + "ExpectedClientSignHash" => "SHA256", + "ExpectedClientSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, ); push @tests, @tests_tls_1_3 unless disabled("tls1_3"); |