04-client_auth.cnf 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266
  1. # Generated with generate_ssl_tests.pl
  2. num_tests = 40
  3. test-0 = 0-server-auth-flex
  4. test-1 = 1-client-auth-flex-request
  5. test-2 = 2-client-auth-flex-require-fail
  6. test-3 = 3-client-auth-flex-require
  7. test-4 = 4-client-auth-flex-rsa-pss
  8. test-5 = 5-client-auth-flex-rsa-pss-bad
  9. test-6 = 6-client-auth-flex-require-non-empty-names
  10. test-7 = 7-client-auth-flex-noroot
  11. test-8 = 8-server-auth-TLSv1
  12. test-9 = 9-client-auth-TLSv1-request
  13. test-10 = 10-client-auth-TLSv1-require-fail
  14. test-11 = 11-client-auth-TLSv1-require
  15. test-12 = 12-client-auth-TLSv1-require-non-empty-names
  16. test-13 = 13-client-auth-TLSv1-noroot
  17. test-14 = 14-server-auth-TLSv1.1
  18. test-15 = 15-client-auth-TLSv1.1-request
  19. test-16 = 16-client-auth-TLSv1.1-require-fail
  20. test-17 = 17-client-auth-TLSv1.1-require
  21. test-18 = 18-client-auth-TLSv1.1-require-non-empty-names
  22. test-19 = 19-client-auth-TLSv1.1-noroot
  23. test-20 = 20-server-auth-TLSv1.2
  24. test-21 = 21-client-auth-TLSv1.2-request
  25. test-22 = 22-client-auth-TLSv1.2-require-fail
  26. test-23 = 23-client-auth-TLSv1.2-require
  27. test-24 = 24-client-auth-TLSv1.2-rsa-pss
  28. test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad
  29. test-26 = 26-client-auth-TLSv1.2-require-non-empty-names
  30. test-27 = 27-client-auth-TLSv1.2-noroot
  31. test-28 = 28-server-auth-DTLSv1
  32. test-29 = 29-client-auth-DTLSv1-request
  33. test-30 = 30-client-auth-DTLSv1-require-fail
  34. test-31 = 31-client-auth-DTLSv1-require
  35. test-32 = 32-client-auth-DTLSv1-require-non-empty-names
  36. test-33 = 33-client-auth-DTLSv1-noroot
  37. test-34 = 34-server-auth-DTLSv1.2
  38. test-35 = 35-client-auth-DTLSv1.2-request
  39. test-36 = 36-client-auth-DTLSv1.2-require-fail
  40. test-37 = 37-client-auth-DTLSv1.2-require
  41. test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names
  42. test-39 = 39-client-auth-DTLSv1.2-noroot
  43. # ===========================================================
  44. [0-server-auth-flex]
  45. ssl_conf = 0-server-auth-flex-ssl
  46. [0-server-auth-flex-ssl]
  47. server = 0-server-auth-flex-server
  48. client = 0-server-auth-flex-client
  49. [0-server-auth-flex-server]
  50. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  51. CipherString = DEFAULT:@SECLEVEL=0
  52. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  53. [0-server-auth-flex-client]
  54. CipherString = DEFAULT:@SECLEVEL=0
  55. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  56. VerifyMode = Peer
  57. [test-0]
  58. ExpectedResult = Success
  59. # ===========================================================
  60. [1-client-auth-flex-request]
  61. ssl_conf = 1-client-auth-flex-request-ssl
  62. [1-client-auth-flex-request-ssl]
  63. server = 1-client-auth-flex-request-server
  64. client = 1-client-auth-flex-request-client
  65. [1-client-auth-flex-request-server]
  66. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  67. CipherString = DEFAULT:@SECLEVEL=0
  68. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  69. VerifyMode = Request
  70. [1-client-auth-flex-request-client]
  71. CipherString = DEFAULT:@SECLEVEL=0
  72. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  73. VerifyMode = Peer
  74. [test-1]
  75. ExpectedResult = Success
  76. # ===========================================================
  77. [2-client-auth-flex-require-fail]
  78. ssl_conf = 2-client-auth-flex-require-fail-ssl
  79. [2-client-auth-flex-require-fail-ssl]
  80. server = 2-client-auth-flex-require-fail-server
  81. client = 2-client-auth-flex-require-fail-client
  82. [2-client-auth-flex-require-fail-server]
  83. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  84. CipherString = DEFAULT:@SECLEVEL=0
  85. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  86. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  87. VerifyMode = Require
  88. [2-client-auth-flex-require-fail-client]
  89. CipherString = DEFAULT:@SECLEVEL=0
  90. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  91. VerifyMode = Peer
  92. [test-2]
  93. ExpectedResult = ServerFail
  94. ExpectedServerAlert = CertificateRequired
  95. # ===========================================================
  96. [3-client-auth-flex-require]
  97. ssl_conf = 3-client-auth-flex-require-ssl
  98. [3-client-auth-flex-require-ssl]
  99. server = 3-client-auth-flex-require-server
  100. client = 3-client-auth-flex-require-client
  101. [3-client-auth-flex-require-server]
  102. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  103. CipherString = DEFAULT:@SECLEVEL=0
  104. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  105. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  106. VerifyMode = Request
  107. [3-client-auth-flex-require-client]
  108. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  109. CipherString = DEFAULT:@SECLEVEL=0
  110. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  111. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  112. VerifyMode = Peer
  113. [test-3]
  114. ExpectedClientCANames = empty
  115. ExpectedClientCertType = RSA
  116. ExpectedResult = Success
  117. # ===========================================================
  118. [4-client-auth-flex-rsa-pss]
  119. ssl_conf = 4-client-auth-flex-rsa-pss-ssl
  120. [4-client-auth-flex-rsa-pss-ssl]
  121. server = 4-client-auth-flex-rsa-pss-server
  122. client = 4-client-auth-flex-rsa-pss-client
  123. [4-client-auth-flex-rsa-pss-server]
  124. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  125. CipherString = DEFAULT:@SECLEVEL=0
  126. ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  127. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  128. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  129. VerifyMode = Require
  130. [4-client-auth-flex-rsa-pss-client]
  131. Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
  132. CipherString = DEFAULT:@SECLEVEL=0
  133. Options = StrictCertCheck
  134. PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
  135. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  136. VerifyMode = Peer
  137. [test-4]
  138. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  139. ExpectedClientCertType = RSA-PSS
  140. ExpectedResult = Success
  141. # ===========================================================
  142. [5-client-auth-flex-rsa-pss-bad]
  143. ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl
  144. [5-client-auth-flex-rsa-pss-bad-ssl]
  145. server = 5-client-auth-flex-rsa-pss-bad-server
  146. client = 5-client-auth-flex-rsa-pss-bad-client
  147. [5-client-auth-flex-rsa-pss-bad-server]
  148. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  149. CipherString = DEFAULT:@SECLEVEL=0
  150. ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
  151. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  152. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
  153. VerifyMode = Require
  154. [5-client-auth-flex-rsa-pss-bad-client]
  155. Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
  156. CipherString = DEFAULT:@SECLEVEL=0
  157. Options = StrictCertCheck
  158. PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
  159. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  160. VerifyMode = Peer
  161. [test-5]
  162. ExpectedResult = ServerFail
  163. ExpectedServerAlert = CertificateRequired
  164. # ===========================================================
  165. [6-client-auth-flex-require-non-empty-names]
  166. ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl
  167. [6-client-auth-flex-require-non-empty-names-ssl]
  168. server = 6-client-auth-flex-require-non-empty-names-server
  169. client = 6-client-auth-flex-require-non-empty-names-client
  170. [6-client-auth-flex-require-non-empty-names-server]
  171. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  172. CipherString = DEFAULT:@SECLEVEL=0
  173. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  174. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  175. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  176. VerifyMode = Request
  177. [6-client-auth-flex-require-non-empty-names-client]
  178. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  179. CipherString = DEFAULT:@SECLEVEL=0
  180. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  181. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  182. VerifyMode = Peer
  183. [test-6]
  184. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  185. ExpectedClientCertType = RSA
  186. ExpectedResult = Success
  187. # ===========================================================
  188. [7-client-auth-flex-noroot]
  189. ssl_conf = 7-client-auth-flex-noroot-ssl
  190. [7-client-auth-flex-noroot-ssl]
  191. server = 7-client-auth-flex-noroot-server
  192. client = 7-client-auth-flex-noroot-client
  193. [7-client-auth-flex-noroot-server]
  194. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  195. CipherString = DEFAULT:@SECLEVEL=0
  196. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  197. VerifyMode = Require
  198. [7-client-auth-flex-noroot-client]
  199. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  200. CipherString = DEFAULT:@SECLEVEL=0
  201. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  202. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  203. VerifyMode = Peer
  204. [test-7]
  205. ExpectedResult = ServerFail
  206. ExpectedServerAlert = UnknownCA
  207. # ===========================================================
  208. [8-server-auth-TLSv1]
  209. ssl_conf = 8-server-auth-TLSv1-ssl
  210. [8-server-auth-TLSv1-ssl]
  211. server = 8-server-auth-TLSv1-server
  212. client = 8-server-auth-TLSv1-client
  213. [8-server-auth-TLSv1-server]
  214. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  215. CipherString = DEFAULT:@SECLEVEL=0
  216. MaxProtocol = TLSv1
  217. MinProtocol = TLSv1
  218. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  219. [8-server-auth-TLSv1-client]
  220. CipherString = DEFAULT:@SECLEVEL=0
  221. MaxProtocol = TLSv1
  222. MinProtocol = TLSv1
  223. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  224. VerifyMode = Peer
  225. [test-8]
  226. ExpectedResult = Success
  227. # ===========================================================
  228. [9-client-auth-TLSv1-request]
  229. ssl_conf = 9-client-auth-TLSv1-request-ssl
  230. [9-client-auth-TLSv1-request-ssl]
  231. server = 9-client-auth-TLSv1-request-server
  232. client = 9-client-auth-TLSv1-request-client
  233. [9-client-auth-TLSv1-request-server]
  234. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  235. CipherString = DEFAULT:@SECLEVEL=0
  236. MaxProtocol = TLSv1
  237. MinProtocol = TLSv1
  238. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  239. VerifyMode = Request
  240. [9-client-auth-TLSv1-request-client]
  241. CipherString = DEFAULT:@SECLEVEL=0
  242. MaxProtocol = TLSv1
  243. MinProtocol = TLSv1
  244. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  245. VerifyMode = Peer
  246. [test-9]
  247. ExpectedResult = Success
  248. # ===========================================================
  249. [10-client-auth-TLSv1-require-fail]
  250. ssl_conf = 10-client-auth-TLSv1-require-fail-ssl
  251. [10-client-auth-TLSv1-require-fail-ssl]
  252. server = 10-client-auth-TLSv1-require-fail-server
  253. client = 10-client-auth-TLSv1-require-fail-client
  254. [10-client-auth-TLSv1-require-fail-server]
  255. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  256. CipherString = DEFAULT:@SECLEVEL=0
  257. MaxProtocol = TLSv1
  258. MinProtocol = TLSv1
  259. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  260. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  261. VerifyMode = Require
  262. [10-client-auth-TLSv1-require-fail-client]
  263. CipherString = DEFAULT:@SECLEVEL=0
  264. MaxProtocol = TLSv1
  265. MinProtocol = TLSv1
  266. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  267. VerifyMode = Peer
  268. [test-10]
  269. ExpectedResult = ServerFail
  270. ExpectedServerAlert = HandshakeFailure
  271. # ===========================================================
  272. [11-client-auth-TLSv1-require]
  273. ssl_conf = 11-client-auth-TLSv1-require-ssl
  274. [11-client-auth-TLSv1-require-ssl]
  275. server = 11-client-auth-TLSv1-require-server
  276. client = 11-client-auth-TLSv1-require-client
  277. [11-client-auth-TLSv1-require-server]
  278. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  279. CipherString = DEFAULT:@SECLEVEL=0
  280. MaxProtocol = TLSv1
  281. MinProtocol = TLSv1
  282. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  283. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  284. VerifyMode = Request
  285. [11-client-auth-TLSv1-require-client]
  286. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  287. CipherString = DEFAULT:@SECLEVEL=0
  288. MaxProtocol = TLSv1
  289. MinProtocol = TLSv1
  290. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  291. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  292. VerifyMode = Peer
  293. [test-11]
  294. ExpectedClientCANames = empty
  295. ExpectedClientCertType = RSA
  296. ExpectedResult = Success
  297. # ===========================================================
  298. [12-client-auth-TLSv1-require-non-empty-names]
  299. ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl
  300. [12-client-auth-TLSv1-require-non-empty-names-ssl]
  301. server = 12-client-auth-TLSv1-require-non-empty-names-server
  302. client = 12-client-auth-TLSv1-require-non-empty-names-client
  303. [12-client-auth-TLSv1-require-non-empty-names-server]
  304. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  305. CipherString = DEFAULT:@SECLEVEL=0
  306. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  307. MaxProtocol = TLSv1
  308. MinProtocol = TLSv1
  309. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  310. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  311. VerifyMode = Request
  312. [12-client-auth-TLSv1-require-non-empty-names-client]
  313. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  314. CipherString = DEFAULT:@SECLEVEL=0
  315. MaxProtocol = TLSv1
  316. MinProtocol = TLSv1
  317. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  318. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  319. VerifyMode = Peer
  320. [test-12]
  321. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  322. ExpectedClientCertType = RSA
  323. ExpectedResult = Success
  324. # ===========================================================
  325. [13-client-auth-TLSv1-noroot]
  326. ssl_conf = 13-client-auth-TLSv1-noroot-ssl
  327. [13-client-auth-TLSv1-noroot-ssl]
  328. server = 13-client-auth-TLSv1-noroot-server
  329. client = 13-client-auth-TLSv1-noroot-client
  330. [13-client-auth-TLSv1-noroot-server]
  331. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  332. CipherString = DEFAULT:@SECLEVEL=0
  333. MaxProtocol = TLSv1
  334. MinProtocol = TLSv1
  335. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  336. VerifyMode = Require
  337. [13-client-auth-TLSv1-noroot-client]
  338. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  339. CipherString = DEFAULT:@SECLEVEL=0
  340. MaxProtocol = TLSv1
  341. MinProtocol = TLSv1
  342. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  343. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  344. VerifyMode = Peer
  345. [test-13]
  346. ExpectedResult = ServerFail
  347. ExpectedServerAlert = UnknownCA
  348. # ===========================================================
  349. [14-server-auth-TLSv1.1]
  350. ssl_conf = 14-server-auth-TLSv1.1-ssl
  351. [14-server-auth-TLSv1.1-ssl]
  352. server = 14-server-auth-TLSv1.1-server
  353. client = 14-server-auth-TLSv1.1-client
  354. [14-server-auth-TLSv1.1-server]
  355. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  356. CipherString = DEFAULT:@SECLEVEL=0
  357. MaxProtocol = TLSv1.1
  358. MinProtocol = TLSv1.1
  359. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  360. [14-server-auth-TLSv1.1-client]
  361. CipherString = DEFAULT:@SECLEVEL=0
  362. MaxProtocol = TLSv1.1
  363. MinProtocol = TLSv1.1
  364. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  365. VerifyMode = Peer
  366. [test-14]
  367. ExpectedResult = Success
  368. # ===========================================================
  369. [15-client-auth-TLSv1.1-request]
  370. ssl_conf = 15-client-auth-TLSv1.1-request-ssl
  371. [15-client-auth-TLSv1.1-request-ssl]
  372. server = 15-client-auth-TLSv1.1-request-server
  373. client = 15-client-auth-TLSv1.1-request-client
  374. [15-client-auth-TLSv1.1-request-server]
  375. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  376. CipherString = DEFAULT:@SECLEVEL=0
  377. MaxProtocol = TLSv1.1
  378. MinProtocol = TLSv1.1
  379. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  380. VerifyMode = Request
  381. [15-client-auth-TLSv1.1-request-client]
  382. CipherString = DEFAULT:@SECLEVEL=0
  383. MaxProtocol = TLSv1.1
  384. MinProtocol = TLSv1.1
  385. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  386. VerifyMode = Peer
  387. [test-15]
  388. ExpectedResult = Success
  389. # ===========================================================
  390. [16-client-auth-TLSv1.1-require-fail]
  391. ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl
  392. [16-client-auth-TLSv1.1-require-fail-ssl]
  393. server = 16-client-auth-TLSv1.1-require-fail-server
  394. client = 16-client-auth-TLSv1.1-require-fail-client
  395. [16-client-auth-TLSv1.1-require-fail-server]
  396. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  397. CipherString = DEFAULT:@SECLEVEL=0
  398. MaxProtocol = TLSv1.1
  399. MinProtocol = TLSv1.1
  400. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  401. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  402. VerifyMode = Require
  403. [16-client-auth-TLSv1.1-require-fail-client]
  404. CipherString = DEFAULT:@SECLEVEL=0
  405. MaxProtocol = TLSv1.1
  406. MinProtocol = TLSv1.1
  407. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  408. VerifyMode = Peer
  409. [test-16]
  410. ExpectedResult = ServerFail
  411. ExpectedServerAlert = HandshakeFailure
  412. # ===========================================================
  413. [17-client-auth-TLSv1.1-require]
  414. ssl_conf = 17-client-auth-TLSv1.1-require-ssl
  415. [17-client-auth-TLSv1.1-require-ssl]
  416. server = 17-client-auth-TLSv1.1-require-server
  417. client = 17-client-auth-TLSv1.1-require-client
  418. [17-client-auth-TLSv1.1-require-server]
  419. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  420. CipherString = DEFAULT:@SECLEVEL=0
  421. MaxProtocol = TLSv1.1
  422. MinProtocol = TLSv1.1
  423. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  424. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  425. VerifyMode = Request
  426. [17-client-auth-TLSv1.1-require-client]
  427. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  428. CipherString = DEFAULT:@SECLEVEL=0
  429. MaxProtocol = TLSv1.1
  430. MinProtocol = TLSv1.1
  431. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  432. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  433. VerifyMode = Peer
  434. [test-17]
  435. ExpectedClientCANames = empty
  436. ExpectedClientCertType = RSA
  437. ExpectedResult = Success
  438. # ===========================================================
  439. [18-client-auth-TLSv1.1-require-non-empty-names]
  440. ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl
  441. [18-client-auth-TLSv1.1-require-non-empty-names-ssl]
  442. server = 18-client-auth-TLSv1.1-require-non-empty-names-server
  443. client = 18-client-auth-TLSv1.1-require-non-empty-names-client
  444. [18-client-auth-TLSv1.1-require-non-empty-names-server]
  445. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  446. CipherString = DEFAULT:@SECLEVEL=0
  447. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  448. MaxProtocol = TLSv1.1
  449. MinProtocol = TLSv1.1
  450. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  451. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  452. VerifyMode = Request
  453. [18-client-auth-TLSv1.1-require-non-empty-names-client]
  454. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  455. CipherString = DEFAULT:@SECLEVEL=0
  456. MaxProtocol = TLSv1.1
  457. MinProtocol = TLSv1.1
  458. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  459. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  460. VerifyMode = Peer
  461. [test-18]
  462. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  463. ExpectedClientCertType = RSA
  464. ExpectedResult = Success
  465. # ===========================================================
  466. [19-client-auth-TLSv1.1-noroot]
  467. ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl
  468. [19-client-auth-TLSv1.1-noroot-ssl]
  469. server = 19-client-auth-TLSv1.1-noroot-server
  470. client = 19-client-auth-TLSv1.1-noroot-client
  471. [19-client-auth-TLSv1.1-noroot-server]
  472. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  473. CipherString = DEFAULT:@SECLEVEL=0
  474. MaxProtocol = TLSv1.1
  475. MinProtocol = TLSv1.1
  476. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  477. VerifyMode = Require
  478. [19-client-auth-TLSv1.1-noroot-client]
  479. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  480. CipherString = DEFAULT:@SECLEVEL=0
  481. MaxProtocol = TLSv1.1
  482. MinProtocol = TLSv1.1
  483. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  484. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  485. VerifyMode = Peer
  486. [test-19]
  487. ExpectedResult = ServerFail
  488. ExpectedServerAlert = UnknownCA
  489. # ===========================================================
  490. [20-server-auth-TLSv1.2]
  491. ssl_conf = 20-server-auth-TLSv1.2-ssl
  492. [20-server-auth-TLSv1.2-ssl]
  493. server = 20-server-auth-TLSv1.2-server
  494. client = 20-server-auth-TLSv1.2-client
  495. [20-server-auth-TLSv1.2-server]
  496. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  497. CipherString = DEFAULT:@SECLEVEL=0
  498. MaxProtocol = TLSv1.2
  499. MinProtocol = TLSv1.2
  500. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  501. [20-server-auth-TLSv1.2-client]
  502. CipherString = DEFAULT:@SECLEVEL=0
  503. MaxProtocol = TLSv1.2
  504. MinProtocol = TLSv1.2
  505. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  506. VerifyMode = Peer
  507. [test-20]
  508. ExpectedResult = Success
  509. # ===========================================================
  510. [21-client-auth-TLSv1.2-request]
  511. ssl_conf = 21-client-auth-TLSv1.2-request-ssl
  512. [21-client-auth-TLSv1.2-request-ssl]
  513. server = 21-client-auth-TLSv1.2-request-server
  514. client = 21-client-auth-TLSv1.2-request-client
  515. [21-client-auth-TLSv1.2-request-server]
  516. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  517. CipherString = DEFAULT:@SECLEVEL=0
  518. MaxProtocol = TLSv1.2
  519. MinProtocol = TLSv1.2
  520. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  521. VerifyMode = Request
  522. [21-client-auth-TLSv1.2-request-client]
  523. CipherString = DEFAULT:@SECLEVEL=0
  524. MaxProtocol = TLSv1.2
  525. MinProtocol = TLSv1.2
  526. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  527. VerifyMode = Peer
  528. [test-21]
  529. ExpectedResult = Success
  530. # ===========================================================
  531. [22-client-auth-TLSv1.2-require-fail]
  532. ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl
  533. [22-client-auth-TLSv1.2-require-fail-ssl]
  534. server = 22-client-auth-TLSv1.2-require-fail-server
  535. client = 22-client-auth-TLSv1.2-require-fail-client
  536. [22-client-auth-TLSv1.2-require-fail-server]
  537. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  538. CipherString = DEFAULT:@SECLEVEL=0
  539. MaxProtocol = TLSv1.2
  540. MinProtocol = TLSv1.2
  541. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  542. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  543. VerifyMode = Require
  544. [22-client-auth-TLSv1.2-require-fail-client]
  545. CipherString = DEFAULT:@SECLEVEL=0
  546. MaxProtocol = TLSv1.2
  547. MinProtocol = TLSv1.2
  548. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  549. VerifyMode = Peer
  550. [test-22]
  551. ExpectedResult = ServerFail
  552. ExpectedServerAlert = HandshakeFailure
  553. # ===========================================================
  554. [23-client-auth-TLSv1.2-require]
  555. ssl_conf = 23-client-auth-TLSv1.2-require-ssl
  556. [23-client-auth-TLSv1.2-require-ssl]
  557. server = 23-client-auth-TLSv1.2-require-server
  558. client = 23-client-auth-TLSv1.2-require-client
  559. [23-client-auth-TLSv1.2-require-server]
  560. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  561. CipherString = DEFAULT:@SECLEVEL=0
  562. ClientSignatureAlgorithms = SHA256+RSA
  563. MaxProtocol = TLSv1.2
  564. MinProtocol = TLSv1.2
  565. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  566. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  567. VerifyMode = Request
  568. [23-client-auth-TLSv1.2-require-client]
  569. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  570. CipherString = DEFAULT:@SECLEVEL=0
  571. MaxProtocol = TLSv1.2
  572. MinProtocol = TLSv1.2
  573. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  574. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  575. VerifyMode = Peer
  576. [test-23]
  577. ExpectedClientCANames = empty
  578. ExpectedClientCertType = RSA
  579. ExpectedClientSignHash = SHA256
  580. ExpectedClientSignType = RSA
  581. ExpectedResult = Success
  582. # ===========================================================
  583. [24-client-auth-TLSv1.2-rsa-pss]
  584. ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl
  585. [24-client-auth-TLSv1.2-rsa-pss-ssl]
  586. server = 24-client-auth-TLSv1.2-rsa-pss-server
  587. client = 24-client-auth-TLSv1.2-rsa-pss-client
  588. [24-client-auth-TLSv1.2-rsa-pss-server]
  589. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  590. CipherString = DEFAULT:@SECLEVEL=0
  591. ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  592. MaxProtocol = TLSv1.2
  593. MinProtocol = TLSv1.2
  594. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  595. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  596. VerifyMode = Require
  597. [24-client-auth-TLSv1.2-rsa-pss-client]
  598. Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
  599. CipherString = DEFAULT:@SECLEVEL=0
  600. MaxProtocol = TLSv1.2
  601. MinProtocol = TLSv1.2
  602. Options = StrictCertCheck
  603. PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
  604. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  605. VerifyMode = Peer
  606. [test-24]
  607. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  608. ExpectedClientCertType = RSA-PSS
  609. ExpectedResult = Success
  610. # ===========================================================
  611. [25-client-auth-TLSv1.2-rsa-pss-bad]
  612. ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl
  613. [25-client-auth-TLSv1.2-rsa-pss-bad-ssl]
  614. server = 25-client-auth-TLSv1.2-rsa-pss-bad-server
  615. client = 25-client-auth-TLSv1.2-rsa-pss-bad-client
  616. [25-client-auth-TLSv1.2-rsa-pss-bad-server]
  617. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  618. CipherString = DEFAULT:@SECLEVEL=0
  619. ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
  620. MaxProtocol = TLSv1.2
  621. MinProtocol = TLSv1.2
  622. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  623. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
  624. VerifyMode = Require
  625. [25-client-auth-TLSv1.2-rsa-pss-bad-client]
  626. Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
  627. CipherString = DEFAULT:@SECLEVEL=0
  628. MaxProtocol = TLSv1.2
  629. MinProtocol = TLSv1.2
  630. Options = StrictCertCheck
  631. PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
  632. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  633. VerifyMode = Peer
  634. [test-25]
  635. ExpectedResult = ServerFail
  636. ExpectedServerAlert = HandshakeFailure
  637. # ===========================================================
  638. [26-client-auth-TLSv1.2-require-non-empty-names]
  639. ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl
  640. [26-client-auth-TLSv1.2-require-non-empty-names-ssl]
  641. server = 26-client-auth-TLSv1.2-require-non-empty-names-server
  642. client = 26-client-auth-TLSv1.2-require-non-empty-names-client
  643. [26-client-auth-TLSv1.2-require-non-empty-names-server]
  644. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  645. CipherString = DEFAULT:@SECLEVEL=0
  646. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  647. ClientSignatureAlgorithms = SHA256+RSA
  648. MaxProtocol = TLSv1.2
  649. MinProtocol = TLSv1.2
  650. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  651. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  652. VerifyMode = Request
  653. [26-client-auth-TLSv1.2-require-non-empty-names-client]
  654. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  655. CipherString = DEFAULT:@SECLEVEL=0
  656. MaxProtocol = TLSv1.2
  657. MinProtocol = TLSv1.2
  658. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  659. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  660. VerifyMode = Peer
  661. [test-26]
  662. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  663. ExpectedClientCertType = RSA
  664. ExpectedClientSignHash = SHA256
  665. ExpectedClientSignType = RSA
  666. ExpectedResult = Success
  667. # ===========================================================
  668. [27-client-auth-TLSv1.2-noroot]
  669. ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl
  670. [27-client-auth-TLSv1.2-noroot-ssl]
  671. server = 27-client-auth-TLSv1.2-noroot-server
  672. client = 27-client-auth-TLSv1.2-noroot-client
  673. [27-client-auth-TLSv1.2-noroot-server]
  674. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  675. CipherString = DEFAULT:@SECLEVEL=0
  676. MaxProtocol = TLSv1.2
  677. MinProtocol = TLSv1.2
  678. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  679. VerifyMode = Require
  680. [27-client-auth-TLSv1.2-noroot-client]
  681. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  682. CipherString = DEFAULT:@SECLEVEL=0
  683. MaxProtocol = TLSv1.2
  684. MinProtocol = TLSv1.2
  685. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  686. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  687. VerifyMode = Peer
  688. [test-27]
  689. ExpectedResult = ServerFail
  690. ExpectedServerAlert = UnknownCA
  691. # ===========================================================
  692. [28-server-auth-DTLSv1]
  693. ssl_conf = 28-server-auth-DTLSv1-ssl
  694. [28-server-auth-DTLSv1-ssl]
  695. server = 28-server-auth-DTLSv1-server
  696. client = 28-server-auth-DTLSv1-client
  697. [28-server-auth-DTLSv1-server]
  698. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  699. CipherString = DEFAULT:@SECLEVEL=0
  700. MaxProtocol = DTLSv1
  701. MinProtocol = DTLSv1
  702. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  703. [28-server-auth-DTLSv1-client]
  704. CipherString = DEFAULT:@SECLEVEL=0
  705. MaxProtocol = DTLSv1
  706. MinProtocol = DTLSv1
  707. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  708. VerifyMode = Peer
  709. [test-28]
  710. ExpectedResult = Success
  711. Method = DTLS
  712. # ===========================================================
  713. [29-client-auth-DTLSv1-request]
  714. ssl_conf = 29-client-auth-DTLSv1-request-ssl
  715. [29-client-auth-DTLSv1-request-ssl]
  716. server = 29-client-auth-DTLSv1-request-server
  717. client = 29-client-auth-DTLSv1-request-client
  718. [29-client-auth-DTLSv1-request-server]
  719. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  720. CipherString = DEFAULT:@SECLEVEL=0
  721. MaxProtocol = DTLSv1
  722. MinProtocol = DTLSv1
  723. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  724. VerifyMode = Request
  725. [29-client-auth-DTLSv1-request-client]
  726. CipherString = DEFAULT:@SECLEVEL=0
  727. MaxProtocol = DTLSv1
  728. MinProtocol = DTLSv1
  729. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  730. VerifyMode = Peer
  731. [test-29]
  732. ExpectedResult = Success
  733. Method = DTLS
  734. # ===========================================================
  735. [30-client-auth-DTLSv1-require-fail]
  736. ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl
  737. [30-client-auth-DTLSv1-require-fail-ssl]
  738. server = 30-client-auth-DTLSv1-require-fail-server
  739. client = 30-client-auth-DTLSv1-require-fail-client
  740. [30-client-auth-DTLSv1-require-fail-server]
  741. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  742. CipherString = DEFAULT:@SECLEVEL=0
  743. MaxProtocol = DTLSv1
  744. MinProtocol = DTLSv1
  745. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  746. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  747. VerifyMode = Require
  748. [30-client-auth-DTLSv1-require-fail-client]
  749. CipherString = DEFAULT:@SECLEVEL=0
  750. MaxProtocol = DTLSv1
  751. MinProtocol = DTLSv1
  752. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  753. VerifyMode = Peer
  754. [test-30]
  755. ExpectedResult = ServerFail
  756. ExpectedServerAlert = HandshakeFailure
  757. Method = DTLS
  758. # ===========================================================
  759. [31-client-auth-DTLSv1-require]
  760. ssl_conf = 31-client-auth-DTLSv1-require-ssl
  761. [31-client-auth-DTLSv1-require-ssl]
  762. server = 31-client-auth-DTLSv1-require-server
  763. client = 31-client-auth-DTLSv1-require-client
  764. [31-client-auth-DTLSv1-require-server]
  765. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  766. CipherString = DEFAULT:@SECLEVEL=0
  767. MaxProtocol = DTLSv1
  768. MinProtocol = DTLSv1
  769. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  770. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  771. VerifyMode = Request
  772. [31-client-auth-DTLSv1-require-client]
  773. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  774. CipherString = DEFAULT:@SECLEVEL=0
  775. MaxProtocol = DTLSv1
  776. MinProtocol = DTLSv1
  777. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  778. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  779. VerifyMode = Peer
  780. [test-31]
  781. ExpectedClientCANames = empty
  782. ExpectedClientCertType = RSA
  783. ExpectedResult = Success
  784. Method = DTLS
  785. # ===========================================================
  786. [32-client-auth-DTLSv1-require-non-empty-names]
  787. ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl
  788. [32-client-auth-DTLSv1-require-non-empty-names-ssl]
  789. server = 32-client-auth-DTLSv1-require-non-empty-names-server
  790. client = 32-client-auth-DTLSv1-require-non-empty-names-client
  791. [32-client-auth-DTLSv1-require-non-empty-names-server]
  792. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  793. CipherString = DEFAULT:@SECLEVEL=0
  794. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  795. MaxProtocol = DTLSv1
  796. MinProtocol = DTLSv1
  797. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  798. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  799. VerifyMode = Request
  800. [32-client-auth-DTLSv1-require-non-empty-names-client]
  801. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  802. CipherString = DEFAULT:@SECLEVEL=0
  803. MaxProtocol = DTLSv1
  804. MinProtocol = DTLSv1
  805. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  806. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  807. VerifyMode = Peer
  808. [test-32]
  809. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  810. ExpectedClientCertType = RSA
  811. ExpectedResult = Success
  812. Method = DTLS
  813. # ===========================================================
  814. [33-client-auth-DTLSv1-noroot]
  815. ssl_conf = 33-client-auth-DTLSv1-noroot-ssl
  816. [33-client-auth-DTLSv1-noroot-ssl]
  817. server = 33-client-auth-DTLSv1-noroot-server
  818. client = 33-client-auth-DTLSv1-noroot-client
  819. [33-client-auth-DTLSv1-noroot-server]
  820. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  821. CipherString = DEFAULT:@SECLEVEL=0
  822. MaxProtocol = DTLSv1
  823. MinProtocol = DTLSv1
  824. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  825. VerifyMode = Require
  826. [33-client-auth-DTLSv1-noroot-client]
  827. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  828. CipherString = DEFAULT:@SECLEVEL=0
  829. MaxProtocol = DTLSv1
  830. MinProtocol = DTLSv1
  831. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  832. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  833. VerifyMode = Peer
  834. [test-33]
  835. ExpectedResult = ServerFail
  836. ExpectedServerAlert = UnknownCA
  837. Method = DTLS
  838. # ===========================================================
  839. [34-server-auth-DTLSv1.2]
  840. ssl_conf = 34-server-auth-DTLSv1.2-ssl
  841. [34-server-auth-DTLSv1.2-ssl]
  842. server = 34-server-auth-DTLSv1.2-server
  843. client = 34-server-auth-DTLSv1.2-client
  844. [34-server-auth-DTLSv1.2-server]
  845. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  846. CipherString = DEFAULT:@SECLEVEL=0
  847. MaxProtocol = DTLSv1.2
  848. MinProtocol = DTLSv1.2
  849. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  850. [34-server-auth-DTLSv1.2-client]
  851. CipherString = DEFAULT:@SECLEVEL=0
  852. MaxProtocol = DTLSv1.2
  853. MinProtocol = DTLSv1.2
  854. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  855. VerifyMode = Peer
  856. [test-34]
  857. ExpectedResult = Success
  858. Method = DTLS
  859. # ===========================================================
  860. [35-client-auth-DTLSv1.2-request]
  861. ssl_conf = 35-client-auth-DTLSv1.2-request-ssl
  862. [35-client-auth-DTLSv1.2-request-ssl]
  863. server = 35-client-auth-DTLSv1.2-request-server
  864. client = 35-client-auth-DTLSv1.2-request-client
  865. [35-client-auth-DTLSv1.2-request-server]
  866. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  867. CipherString = DEFAULT:@SECLEVEL=0
  868. MaxProtocol = DTLSv1.2
  869. MinProtocol = DTLSv1.2
  870. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  871. VerifyMode = Request
  872. [35-client-auth-DTLSv1.2-request-client]
  873. CipherString = DEFAULT:@SECLEVEL=0
  874. MaxProtocol = DTLSv1.2
  875. MinProtocol = DTLSv1.2
  876. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  877. VerifyMode = Peer
  878. [test-35]
  879. ExpectedResult = Success
  880. Method = DTLS
  881. # ===========================================================
  882. [36-client-auth-DTLSv1.2-require-fail]
  883. ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl
  884. [36-client-auth-DTLSv1.2-require-fail-ssl]
  885. server = 36-client-auth-DTLSv1.2-require-fail-server
  886. client = 36-client-auth-DTLSv1.2-require-fail-client
  887. [36-client-auth-DTLSv1.2-require-fail-server]
  888. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  889. CipherString = DEFAULT:@SECLEVEL=0
  890. MaxProtocol = DTLSv1.2
  891. MinProtocol = DTLSv1.2
  892. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  893. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  894. VerifyMode = Require
  895. [36-client-auth-DTLSv1.2-require-fail-client]
  896. CipherString = DEFAULT:@SECLEVEL=0
  897. MaxProtocol = DTLSv1.2
  898. MinProtocol = DTLSv1.2
  899. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  900. VerifyMode = Peer
  901. [test-36]
  902. ExpectedResult = ServerFail
  903. ExpectedServerAlert = HandshakeFailure
  904. Method = DTLS
  905. # ===========================================================
  906. [37-client-auth-DTLSv1.2-require]
  907. ssl_conf = 37-client-auth-DTLSv1.2-require-ssl
  908. [37-client-auth-DTLSv1.2-require-ssl]
  909. server = 37-client-auth-DTLSv1.2-require-server
  910. client = 37-client-auth-DTLSv1.2-require-client
  911. [37-client-auth-DTLSv1.2-require-server]
  912. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  913. CipherString = DEFAULT:@SECLEVEL=0
  914. MaxProtocol = DTLSv1.2
  915. MinProtocol = DTLSv1.2
  916. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  917. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  918. VerifyMode = Request
  919. [37-client-auth-DTLSv1.2-require-client]
  920. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  921. CipherString = DEFAULT:@SECLEVEL=0
  922. MaxProtocol = DTLSv1.2
  923. MinProtocol = DTLSv1.2
  924. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  925. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  926. VerifyMode = Peer
  927. [test-37]
  928. ExpectedClientCANames = empty
  929. ExpectedClientCertType = RSA
  930. ExpectedResult = Success
  931. Method = DTLS
  932. # ===========================================================
  933. [38-client-auth-DTLSv1.2-require-non-empty-names]
  934. ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl
  935. [38-client-auth-DTLSv1.2-require-non-empty-names-ssl]
  936. server = 38-client-auth-DTLSv1.2-require-non-empty-names-server
  937. client = 38-client-auth-DTLSv1.2-require-non-empty-names-client
  938. [38-client-auth-DTLSv1.2-require-non-empty-names-server]
  939. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  940. CipherString = DEFAULT:@SECLEVEL=0
  941. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  942. MaxProtocol = DTLSv1.2
  943. MinProtocol = DTLSv1.2
  944. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  945. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  946. VerifyMode = Request
  947. [38-client-auth-DTLSv1.2-require-non-empty-names-client]
  948. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  949. CipherString = DEFAULT:@SECLEVEL=0
  950. MaxProtocol = DTLSv1.2
  951. MinProtocol = DTLSv1.2
  952. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  953. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  954. VerifyMode = Peer
  955. [test-38]
  956. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  957. ExpectedClientCertType = RSA
  958. ExpectedResult = Success
  959. Method = DTLS
  960. # ===========================================================
  961. [39-client-auth-DTLSv1.2-noroot]
  962. ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl
  963. [39-client-auth-DTLSv1.2-noroot-ssl]
  964. server = 39-client-auth-DTLSv1.2-noroot-server
  965. client = 39-client-auth-DTLSv1.2-noroot-client
  966. [39-client-auth-DTLSv1.2-noroot-server]
  967. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  968. CipherString = DEFAULT:@SECLEVEL=0
  969. MaxProtocol = DTLSv1.2
  970. MinProtocol = DTLSv1.2
  971. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  972. VerifyMode = Require
  973. [39-client-auth-DTLSv1.2-noroot-client]
  974. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  975. CipherString = DEFAULT:@SECLEVEL=0
  976. MaxProtocol = DTLSv1.2
  977. MinProtocol = DTLSv1.2
  978. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  979. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  980. VerifyMode = Peer
  981. [test-39]
  982. ExpectedResult = ServerFail
  983. ExpectedServerAlert = UnknownCA
  984. Method = DTLS