04-client_auth.cnf 32 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132
  1. # Generated with generate_ssl_tests.pl
  2. num_tests = 36
  3. test-0 = 0-server-auth-flex
  4. test-1 = 1-client-auth-flex-request
  5. test-2 = 2-client-auth-flex-require-fail
  6. test-3 = 3-client-auth-flex-require
  7. test-4 = 4-client-auth-flex-require-non-empty-names
  8. test-5 = 5-client-auth-flex-noroot
  9. test-6 = 6-server-auth-TLSv1
  10. test-7 = 7-client-auth-TLSv1-request
  11. test-8 = 8-client-auth-TLSv1-require-fail
  12. test-9 = 9-client-auth-TLSv1-require
  13. test-10 = 10-client-auth-TLSv1-require-non-empty-names
  14. test-11 = 11-client-auth-TLSv1-noroot
  15. test-12 = 12-server-auth-TLSv1.1
  16. test-13 = 13-client-auth-TLSv1.1-request
  17. test-14 = 14-client-auth-TLSv1.1-require-fail
  18. test-15 = 15-client-auth-TLSv1.1-require
  19. test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
  20. test-17 = 17-client-auth-TLSv1.1-noroot
  21. test-18 = 18-server-auth-TLSv1.2
  22. test-19 = 19-client-auth-TLSv1.2-request
  23. test-20 = 20-client-auth-TLSv1.2-require-fail
  24. test-21 = 21-client-auth-TLSv1.2-require
  25. test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
  26. test-23 = 23-client-auth-TLSv1.2-noroot
  27. test-24 = 24-server-auth-DTLSv1
  28. test-25 = 25-client-auth-DTLSv1-request
  29. test-26 = 26-client-auth-DTLSv1-require-fail
  30. test-27 = 27-client-auth-DTLSv1-require
  31. test-28 = 28-client-auth-DTLSv1-require-non-empty-names
  32. test-29 = 29-client-auth-DTLSv1-noroot
  33. test-30 = 30-server-auth-DTLSv1.2
  34. test-31 = 31-client-auth-DTLSv1.2-request
  35. test-32 = 32-client-auth-DTLSv1.2-require-fail
  36. test-33 = 33-client-auth-DTLSv1.2-require
  37. test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
  38. test-35 = 35-client-auth-DTLSv1.2-noroot
  39. # ===========================================================
  40. [0-server-auth-flex]
  41. ssl_conf = 0-server-auth-flex-ssl
  42. [0-server-auth-flex-ssl]
  43. server = 0-server-auth-flex-server
  44. client = 0-server-auth-flex-client
  45. [0-server-auth-flex-server]
  46. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  47. CipherString = DEFAULT:@SECLEVEL=0
  48. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  49. [0-server-auth-flex-client]
  50. CipherString = DEFAULT:@SECLEVEL=0
  51. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  52. VerifyMode = Peer
  53. [test-0]
  54. ExpectedResult = Success
  55. # ===========================================================
  56. [1-client-auth-flex-request]
  57. ssl_conf = 1-client-auth-flex-request-ssl
  58. [1-client-auth-flex-request-ssl]
  59. server = 1-client-auth-flex-request-server
  60. client = 1-client-auth-flex-request-client
  61. [1-client-auth-flex-request-server]
  62. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  63. CipherString = DEFAULT:@SECLEVEL=0
  64. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  65. VerifyMode = Request
  66. [1-client-auth-flex-request-client]
  67. CipherString = DEFAULT:@SECLEVEL=0
  68. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  69. VerifyMode = Peer
  70. [test-1]
  71. ExpectedResult = Success
  72. # ===========================================================
  73. [2-client-auth-flex-require-fail]
  74. ssl_conf = 2-client-auth-flex-require-fail-ssl
  75. [2-client-auth-flex-require-fail-ssl]
  76. server = 2-client-auth-flex-require-fail-server
  77. client = 2-client-auth-flex-require-fail-client
  78. [2-client-auth-flex-require-fail-server]
  79. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  80. CipherString = DEFAULT:@SECLEVEL=0
  81. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  82. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  83. VerifyMode = Require
  84. [2-client-auth-flex-require-fail-client]
  85. CipherString = DEFAULT:@SECLEVEL=0
  86. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  87. VerifyMode = Peer
  88. [test-2]
  89. ExpectedResult = ServerFail
  90. ExpectedServerAlert = CertificateRequired
  91. # ===========================================================
  92. [3-client-auth-flex-require]
  93. ssl_conf = 3-client-auth-flex-require-ssl
  94. [3-client-auth-flex-require-ssl]
  95. server = 3-client-auth-flex-require-server
  96. client = 3-client-auth-flex-require-client
  97. [3-client-auth-flex-require-server]
  98. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  99. CipherString = DEFAULT:@SECLEVEL=0
  100. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  101. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  102. VerifyMode = Request
  103. [3-client-auth-flex-require-client]
  104. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  105. CipherString = DEFAULT:@SECLEVEL=0
  106. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  107. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  108. VerifyMode = Peer
  109. [test-3]
  110. ExpectedClientCANames = empty
  111. ExpectedClientCertType = RSA
  112. ExpectedResult = Success
  113. # ===========================================================
  114. [4-client-auth-flex-require-non-empty-names]
  115. ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
  116. [4-client-auth-flex-require-non-empty-names-ssl]
  117. server = 4-client-auth-flex-require-non-empty-names-server
  118. client = 4-client-auth-flex-require-non-empty-names-client
  119. [4-client-auth-flex-require-non-empty-names-server]
  120. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  121. CipherString = DEFAULT:@SECLEVEL=0
  122. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  123. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  124. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  125. VerifyMode = Request
  126. [4-client-auth-flex-require-non-empty-names-client]
  127. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  128. CipherString = DEFAULT:@SECLEVEL=0
  129. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  130. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  131. VerifyMode = Peer
  132. [test-4]
  133. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  134. ExpectedClientCertType = RSA
  135. ExpectedResult = Success
  136. # ===========================================================
  137. [5-client-auth-flex-noroot]
  138. ssl_conf = 5-client-auth-flex-noroot-ssl
  139. [5-client-auth-flex-noroot-ssl]
  140. server = 5-client-auth-flex-noroot-server
  141. client = 5-client-auth-flex-noroot-client
  142. [5-client-auth-flex-noroot-server]
  143. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  144. CipherString = DEFAULT:@SECLEVEL=0
  145. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  146. VerifyMode = Require
  147. [5-client-auth-flex-noroot-client]
  148. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  149. CipherString = DEFAULT:@SECLEVEL=0
  150. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  151. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  152. VerifyMode = Peer
  153. [test-5]
  154. ExpectedResult = ServerFail
  155. ExpectedServerAlert = UnknownCA
  156. # ===========================================================
  157. [6-server-auth-TLSv1]
  158. ssl_conf = 6-server-auth-TLSv1-ssl
  159. [6-server-auth-TLSv1-ssl]
  160. server = 6-server-auth-TLSv1-server
  161. client = 6-server-auth-TLSv1-client
  162. [6-server-auth-TLSv1-server]
  163. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  164. CipherString = DEFAULT:@SECLEVEL=0
  165. MaxProtocol = TLSv1
  166. MinProtocol = TLSv1
  167. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  168. [6-server-auth-TLSv1-client]
  169. CipherString = DEFAULT:@SECLEVEL=0
  170. MaxProtocol = TLSv1
  171. MinProtocol = TLSv1
  172. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  173. VerifyMode = Peer
  174. [test-6]
  175. ExpectedResult = Success
  176. # ===========================================================
  177. [7-client-auth-TLSv1-request]
  178. ssl_conf = 7-client-auth-TLSv1-request-ssl
  179. [7-client-auth-TLSv1-request-ssl]
  180. server = 7-client-auth-TLSv1-request-server
  181. client = 7-client-auth-TLSv1-request-client
  182. [7-client-auth-TLSv1-request-server]
  183. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  184. CipherString = DEFAULT:@SECLEVEL=0
  185. MaxProtocol = TLSv1
  186. MinProtocol = TLSv1
  187. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  188. VerifyMode = Request
  189. [7-client-auth-TLSv1-request-client]
  190. CipherString = DEFAULT:@SECLEVEL=0
  191. MaxProtocol = TLSv1
  192. MinProtocol = TLSv1
  193. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  194. VerifyMode = Peer
  195. [test-7]
  196. ExpectedResult = Success
  197. # ===========================================================
  198. [8-client-auth-TLSv1-require-fail]
  199. ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
  200. [8-client-auth-TLSv1-require-fail-ssl]
  201. server = 8-client-auth-TLSv1-require-fail-server
  202. client = 8-client-auth-TLSv1-require-fail-client
  203. [8-client-auth-TLSv1-require-fail-server]
  204. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  205. CipherString = DEFAULT:@SECLEVEL=0
  206. MaxProtocol = TLSv1
  207. MinProtocol = TLSv1
  208. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  209. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  210. VerifyMode = Require
  211. [8-client-auth-TLSv1-require-fail-client]
  212. CipherString = DEFAULT:@SECLEVEL=0
  213. MaxProtocol = TLSv1
  214. MinProtocol = TLSv1
  215. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  216. VerifyMode = Peer
  217. [test-8]
  218. ExpectedResult = ServerFail
  219. ExpectedServerAlert = HandshakeFailure
  220. # ===========================================================
  221. [9-client-auth-TLSv1-require]
  222. ssl_conf = 9-client-auth-TLSv1-require-ssl
  223. [9-client-auth-TLSv1-require-ssl]
  224. server = 9-client-auth-TLSv1-require-server
  225. client = 9-client-auth-TLSv1-require-client
  226. [9-client-auth-TLSv1-require-server]
  227. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  228. CipherString = DEFAULT:@SECLEVEL=0
  229. MaxProtocol = TLSv1
  230. MinProtocol = TLSv1
  231. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  232. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  233. VerifyMode = Request
  234. [9-client-auth-TLSv1-require-client]
  235. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  236. CipherString = DEFAULT:@SECLEVEL=0
  237. MaxProtocol = TLSv1
  238. MinProtocol = TLSv1
  239. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  240. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  241. VerifyMode = Peer
  242. [test-9]
  243. ExpectedClientCANames = empty
  244. ExpectedClientCertType = RSA
  245. ExpectedResult = Success
  246. # ===========================================================
  247. [10-client-auth-TLSv1-require-non-empty-names]
  248. ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
  249. [10-client-auth-TLSv1-require-non-empty-names-ssl]
  250. server = 10-client-auth-TLSv1-require-non-empty-names-server
  251. client = 10-client-auth-TLSv1-require-non-empty-names-client
  252. [10-client-auth-TLSv1-require-non-empty-names-server]
  253. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  254. CipherString = DEFAULT:@SECLEVEL=0
  255. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  256. MaxProtocol = TLSv1
  257. MinProtocol = TLSv1
  258. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  259. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  260. VerifyMode = Request
  261. [10-client-auth-TLSv1-require-non-empty-names-client]
  262. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  263. CipherString = DEFAULT:@SECLEVEL=0
  264. MaxProtocol = TLSv1
  265. MinProtocol = TLSv1
  266. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  267. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  268. VerifyMode = Peer
  269. [test-10]
  270. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  271. ExpectedClientCertType = RSA
  272. ExpectedResult = Success
  273. # ===========================================================
  274. [11-client-auth-TLSv1-noroot]
  275. ssl_conf = 11-client-auth-TLSv1-noroot-ssl
  276. [11-client-auth-TLSv1-noroot-ssl]
  277. server = 11-client-auth-TLSv1-noroot-server
  278. client = 11-client-auth-TLSv1-noroot-client
  279. [11-client-auth-TLSv1-noroot-server]
  280. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  281. CipherString = DEFAULT:@SECLEVEL=0
  282. MaxProtocol = TLSv1
  283. MinProtocol = TLSv1
  284. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  285. VerifyMode = Require
  286. [11-client-auth-TLSv1-noroot-client]
  287. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  288. CipherString = DEFAULT:@SECLEVEL=0
  289. MaxProtocol = TLSv1
  290. MinProtocol = TLSv1
  291. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  292. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  293. VerifyMode = Peer
  294. [test-11]
  295. ExpectedResult = ServerFail
  296. ExpectedServerAlert = UnknownCA
  297. # ===========================================================
  298. [12-server-auth-TLSv1.1]
  299. ssl_conf = 12-server-auth-TLSv1.1-ssl
  300. [12-server-auth-TLSv1.1-ssl]
  301. server = 12-server-auth-TLSv1.1-server
  302. client = 12-server-auth-TLSv1.1-client
  303. [12-server-auth-TLSv1.1-server]
  304. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  305. CipherString = DEFAULT:@SECLEVEL=0
  306. MaxProtocol = TLSv1.1
  307. MinProtocol = TLSv1.1
  308. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  309. [12-server-auth-TLSv1.1-client]
  310. CipherString = DEFAULT:@SECLEVEL=0
  311. MaxProtocol = TLSv1.1
  312. MinProtocol = TLSv1.1
  313. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  314. VerifyMode = Peer
  315. [test-12]
  316. ExpectedResult = Success
  317. # ===========================================================
  318. [13-client-auth-TLSv1.1-request]
  319. ssl_conf = 13-client-auth-TLSv1.1-request-ssl
  320. [13-client-auth-TLSv1.1-request-ssl]
  321. server = 13-client-auth-TLSv1.1-request-server
  322. client = 13-client-auth-TLSv1.1-request-client
  323. [13-client-auth-TLSv1.1-request-server]
  324. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  325. CipherString = DEFAULT:@SECLEVEL=0
  326. MaxProtocol = TLSv1.1
  327. MinProtocol = TLSv1.1
  328. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  329. VerifyMode = Request
  330. [13-client-auth-TLSv1.1-request-client]
  331. CipherString = DEFAULT:@SECLEVEL=0
  332. MaxProtocol = TLSv1.1
  333. MinProtocol = TLSv1.1
  334. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  335. VerifyMode = Peer
  336. [test-13]
  337. ExpectedResult = Success
  338. # ===========================================================
  339. [14-client-auth-TLSv1.1-require-fail]
  340. ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
  341. [14-client-auth-TLSv1.1-require-fail-ssl]
  342. server = 14-client-auth-TLSv1.1-require-fail-server
  343. client = 14-client-auth-TLSv1.1-require-fail-client
  344. [14-client-auth-TLSv1.1-require-fail-server]
  345. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  346. CipherString = DEFAULT:@SECLEVEL=0
  347. MaxProtocol = TLSv1.1
  348. MinProtocol = TLSv1.1
  349. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  350. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  351. VerifyMode = Require
  352. [14-client-auth-TLSv1.1-require-fail-client]
  353. CipherString = DEFAULT:@SECLEVEL=0
  354. MaxProtocol = TLSv1.1
  355. MinProtocol = TLSv1.1
  356. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  357. VerifyMode = Peer
  358. [test-14]
  359. ExpectedResult = ServerFail
  360. ExpectedServerAlert = HandshakeFailure
  361. # ===========================================================
  362. [15-client-auth-TLSv1.1-require]
  363. ssl_conf = 15-client-auth-TLSv1.1-require-ssl
  364. [15-client-auth-TLSv1.1-require-ssl]
  365. server = 15-client-auth-TLSv1.1-require-server
  366. client = 15-client-auth-TLSv1.1-require-client
  367. [15-client-auth-TLSv1.1-require-server]
  368. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  369. CipherString = DEFAULT:@SECLEVEL=0
  370. MaxProtocol = TLSv1.1
  371. MinProtocol = TLSv1.1
  372. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  373. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  374. VerifyMode = Request
  375. [15-client-auth-TLSv1.1-require-client]
  376. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  377. CipherString = DEFAULT:@SECLEVEL=0
  378. MaxProtocol = TLSv1.1
  379. MinProtocol = TLSv1.1
  380. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  381. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  382. VerifyMode = Peer
  383. [test-15]
  384. ExpectedClientCANames = empty
  385. ExpectedClientCertType = RSA
  386. ExpectedResult = Success
  387. # ===========================================================
  388. [16-client-auth-TLSv1.1-require-non-empty-names]
  389. ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
  390. [16-client-auth-TLSv1.1-require-non-empty-names-ssl]
  391. server = 16-client-auth-TLSv1.1-require-non-empty-names-server
  392. client = 16-client-auth-TLSv1.1-require-non-empty-names-client
  393. [16-client-auth-TLSv1.1-require-non-empty-names-server]
  394. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  395. CipherString = DEFAULT:@SECLEVEL=0
  396. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  397. MaxProtocol = TLSv1.1
  398. MinProtocol = TLSv1.1
  399. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  400. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  401. VerifyMode = Request
  402. [16-client-auth-TLSv1.1-require-non-empty-names-client]
  403. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  404. CipherString = DEFAULT:@SECLEVEL=0
  405. MaxProtocol = TLSv1.1
  406. MinProtocol = TLSv1.1
  407. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  408. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  409. VerifyMode = Peer
  410. [test-16]
  411. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  412. ExpectedClientCertType = RSA
  413. ExpectedResult = Success
  414. # ===========================================================
  415. [17-client-auth-TLSv1.1-noroot]
  416. ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
  417. [17-client-auth-TLSv1.1-noroot-ssl]
  418. server = 17-client-auth-TLSv1.1-noroot-server
  419. client = 17-client-auth-TLSv1.1-noroot-client
  420. [17-client-auth-TLSv1.1-noroot-server]
  421. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  422. CipherString = DEFAULT:@SECLEVEL=0
  423. MaxProtocol = TLSv1.1
  424. MinProtocol = TLSv1.1
  425. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  426. VerifyMode = Require
  427. [17-client-auth-TLSv1.1-noroot-client]
  428. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  429. CipherString = DEFAULT:@SECLEVEL=0
  430. MaxProtocol = TLSv1.1
  431. MinProtocol = TLSv1.1
  432. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  433. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  434. VerifyMode = Peer
  435. [test-17]
  436. ExpectedResult = ServerFail
  437. ExpectedServerAlert = UnknownCA
  438. # ===========================================================
  439. [18-server-auth-TLSv1.2]
  440. ssl_conf = 18-server-auth-TLSv1.2-ssl
  441. [18-server-auth-TLSv1.2-ssl]
  442. server = 18-server-auth-TLSv1.2-server
  443. client = 18-server-auth-TLSv1.2-client
  444. [18-server-auth-TLSv1.2-server]
  445. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  446. CipherString = DEFAULT:@SECLEVEL=0
  447. MaxProtocol = TLSv1.2
  448. MinProtocol = TLSv1.2
  449. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  450. [18-server-auth-TLSv1.2-client]
  451. CipherString = DEFAULT:@SECLEVEL=0
  452. MaxProtocol = TLSv1.2
  453. MinProtocol = TLSv1.2
  454. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  455. VerifyMode = Peer
  456. [test-18]
  457. ExpectedResult = Success
  458. # ===========================================================
  459. [19-client-auth-TLSv1.2-request]
  460. ssl_conf = 19-client-auth-TLSv1.2-request-ssl
  461. [19-client-auth-TLSv1.2-request-ssl]
  462. server = 19-client-auth-TLSv1.2-request-server
  463. client = 19-client-auth-TLSv1.2-request-client
  464. [19-client-auth-TLSv1.2-request-server]
  465. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  466. CipherString = DEFAULT:@SECLEVEL=0
  467. MaxProtocol = TLSv1.2
  468. MinProtocol = TLSv1.2
  469. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  470. VerifyMode = Request
  471. [19-client-auth-TLSv1.2-request-client]
  472. CipherString = DEFAULT:@SECLEVEL=0
  473. MaxProtocol = TLSv1.2
  474. MinProtocol = TLSv1.2
  475. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  476. VerifyMode = Peer
  477. [test-19]
  478. ExpectedResult = Success
  479. # ===========================================================
  480. [20-client-auth-TLSv1.2-require-fail]
  481. ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
  482. [20-client-auth-TLSv1.2-require-fail-ssl]
  483. server = 20-client-auth-TLSv1.2-require-fail-server
  484. client = 20-client-auth-TLSv1.2-require-fail-client
  485. [20-client-auth-TLSv1.2-require-fail-server]
  486. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  487. CipherString = DEFAULT:@SECLEVEL=0
  488. MaxProtocol = TLSv1.2
  489. MinProtocol = TLSv1.2
  490. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  491. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  492. VerifyMode = Require
  493. [20-client-auth-TLSv1.2-require-fail-client]
  494. CipherString = DEFAULT:@SECLEVEL=0
  495. MaxProtocol = TLSv1.2
  496. MinProtocol = TLSv1.2
  497. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  498. VerifyMode = Peer
  499. [test-20]
  500. ExpectedResult = ServerFail
  501. ExpectedServerAlert = HandshakeFailure
  502. # ===========================================================
  503. [21-client-auth-TLSv1.2-require]
  504. ssl_conf = 21-client-auth-TLSv1.2-require-ssl
  505. [21-client-auth-TLSv1.2-require-ssl]
  506. server = 21-client-auth-TLSv1.2-require-server
  507. client = 21-client-auth-TLSv1.2-require-client
  508. [21-client-auth-TLSv1.2-require-server]
  509. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  510. CipherString = DEFAULT:@SECLEVEL=0
  511. ClientSignatureAlgorithms = SHA256+RSA
  512. MaxProtocol = TLSv1.2
  513. MinProtocol = TLSv1.2
  514. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  515. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  516. VerifyMode = Request
  517. [21-client-auth-TLSv1.2-require-client]
  518. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  519. CipherString = DEFAULT:@SECLEVEL=0
  520. MaxProtocol = TLSv1.2
  521. MinProtocol = TLSv1.2
  522. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  523. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  524. VerifyMode = Peer
  525. [test-21]
  526. ExpectedClientCANames = empty
  527. ExpectedClientCertType = RSA
  528. ExpectedClientSignHash = SHA256
  529. ExpectedClientSignType = RSA
  530. ExpectedResult = Success
  531. # ===========================================================
  532. [22-client-auth-TLSv1.2-require-non-empty-names]
  533. ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
  534. [22-client-auth-TLSv1.2-require-non-empty-names-ssl]
  535. server = 22-client-auth-TLSv1.2-require-non-empty-names-server
  536. client = 22-client-auth-TLSv1.2-require-non-empty-names-client
  537. [22-client-auth-TLSv1.2-require-non-empty-names-server]
  538. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  539. CipherString = DEFAULT:@SECLEVEL=0
  540. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  541. ClientSignatureAlgorithms = SHA256+RSA
  542. MaxProtocol = TLSv1.2
  543. MinProtocol = TLSv1.2
  544. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  545. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  546. VerifyMode = Request
  547. [22-client-auth-TLSv1.2-require-non-empty-names-client]
  548. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  549. CipherString = DEFAULT:@SECLEVEL=0
  550. MaxProtocol = TLSv1.2
  551. MinProtocol = TLSv1.2
  552. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  553. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  554. VerifyMode = Peer
  555. [test-22]
  556. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  557. ExpectedClientCertType = RSA
  558. ExpectedClientSignHash = SHA256
  559. ExpectedClientSignType = RSA
  560. ExpectedResult = Success
  561. # ===========================================================
  562. [23-client-auth-TLSv1.2-noroot]
  563. ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
  564. [23-client-auth-TLSv1.2-noroot-ssl]
  565. server = 23-client-auth-TLSv1.2-noroot-server
  566. client = 23-client-auth-TLSv1.2-noroot-client
  567. [23-client-auth-TLSv1.2-noroot-server]
  568. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  569. CipherString = DEFAULT:@SECLEVEL=0
  570. MaxProtocol = TLSv1.2
  571. MinProtocol = TLSv1.2
  572. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  573. VerifyMode = Require
  574. [23-client-auth-TLSv1.2-noroot-client]
  575. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  576. CipherString = DEFAULT:@SECLEVEL=0
  577. MaxProtocol = TLSv1.2
  578. MinProtocol = TLSv1.2
  579. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  580. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  581. VerifyMode = Peer
  582. [test-23]
  583. ExpectedResult = ServerFail
  584. ExpectedServerAlert = UnknownCA
  585. # ===========================================================
  586. [24-server-auth-DTLSv1]
  587. ssl_conf = 24-server-auth-DTLSv1-ssl
  588. [24-server-auth-DTLSv1-ssl]
  589. server = 24-server-auth-DTLSv1-server
  590. client = 24-server-auth-DTLSv1-client
  591. [24-server-auth-DTLSv1-server]
  592. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  593. CipherString = DEFAULT:@SECLEVEL=0
  594. MaxProtocol = DTLSv1
  595. MinProtocol = DTLSv1
  596. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  597. [24-server-auth-DTLSv1-client]
  598. CipherString = DEFAULT:@SECLEVEL=0
  599. MaxProtocol = DTLSv1
  600. MinProtocol = DTLSv1
  601. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  602. VerifyMode = Peer
  603. [test-24]
  604. ExpectedResult = Success
  605. Method = DTLS
  606. # ===========================================================
  607. [25-client-auth-DTLSv1-request]
  608. ssl_conf = 25-client-auth-DTLSv1-request-ssl
  609. [25-client-auth-DTLSv1-request-ssl]
  610. server = 25-client-auth-DTLSv1-request-server
  611. client = 25-client-auth-DTLSv1-request-client
  612. [25-client-auth-DTLSv1-request-server]
  613. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  614. CipherString = DEFAULT:@SECLEVEL=0
  615. MaxProtocol = DTLSv1
  616. MinProtocol = DTLSv1
  617. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  618. VerifyMode = Request
  619. [25-client-auth-DTLSv1-request-client]
  620. CipherString = DEFAULT:@SECLEVEL=0
  621. MaxProtocol = DTLSv1
  622. MinProtocol = DTLSv1
  623. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  624. VerifyMode = Peer
  625. [test-25]
  626. ExpectedResult = Success
  627. Method = DTLS
  628. # ===========================================================
  629. [26-client-auth-DTLSv1-require-fail]
  630. ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
  631. [26-client-auth-DTLSv1-require-fail-ssl]
  632. server = 26-client-auth-DTLSv1-require-fail-server
  633. client = 26-client-auth-DTLSv1-require-fail-client
  634. [26-client-auth-DTLSv1-require-fail-server]
  635. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  636. CipherString = DEFAULT:@SECLEVEL=0
  637. MaxProtocol = DTLSv1
  638. MinProtocol = DTLSv1
  639. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  640. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  641. VerifyMode = Require
  642. [26-client-auth-DTLSv1-require-fail-client]
  643. CipherString = DEFAULT:@SECLEVEL=0
  644. MaxProtocol = DTLSv1
  645. MinProtocol = DTLSv1
  646. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  647. VerifyMode = Peer
  648. [test-26]
  649. ExpectedResult = ServerFail
  650. ExpectedServerAlert = HandshakeFailure
  651. Method = DTLS
  652. # ===========================================================
  653. [27-client-auth-DTLSv1-require]
  654. ssl_conf = 27-client-auth-DTLSv1-require-ssl
  655. [27-client-auth-DTLSv1-require-ssl]
  656. server = 27-client-auth-DTLSv1-require-server
  657. client = 27-client-auth-DTLSv1-require-client
  658. [27-client-auth-DTLSv1-require-server]
  659. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  660. CipherString = DEFAULT:@SECLEVEL=0
  661. MaxProtocol = DTLSv1
  662. MinProtocol = DTLSv1
  663. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  664. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  665. VerifyMode = Request
  666. [27-client-auth-DTLSv1-require-client]
  667. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  668. CipherString = DEFAULT:@SECLEVEL=0
  669. MaxProtocol = DTLSv1
  670. MinProtocol = DTLSv1
  671. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  672. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  673. VerifyMode = Peer
  674. [test-27]
  675. ExpectedClientCANames = empty
  676. ExpectedClientCertType = RSA
  677. ExpectedResult = Success
  678. Method = DTLS
  679. # ===========================================================
  680. [28-client-auth-DTLSv1-require-non-empty-names]
  681. ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
  682. [28-client-auth-DTLSv1-require-non-empty-names-ssl]
  683. server = 28-client-auth-DTLSv1-require-non-empty-names-server
  684. client = 28-client-auth-DTLSv1-require-non-empty-names-client
  685. [28-client-auth-DTLSv1-require-non-empty-names-server]
  686. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  687. CipherString = DEFAULT:@SECLEVEL=0
  688. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  689. MaxProtocol = DTLSv1
  690. MinProtocol = DTLSv1
  691. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  692. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  693. VerifyMode = Request
  694. [28-client-auth-DTLSv1-require-non-empty-names-client]
  695. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  696. CipherString = DEFAULT:@SECLEVEL=0
  697. MaxProtocol = DTLSv1
  698. MinProtocol = DTLSv1
  699. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  700. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  701. VerifyMode = Peer
  702. [test-28]
  703. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  704. ExpectedClientCertType = RSA
  705. ExpectedResult = Success
  706. Method = DTLS
  707. # ===========================================================
  708. [29-client-auth-DTLSv1-noroot]
  709. ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
  710. [29-client-auth-DTLSv1-noroot-ssl]
  711. server = 29-client-auth-DTLSv1-noroot-server
  712. client = 29-client-auth-DTLSv1-noroot-client
  713. [29-client-auth-DTLSv1-noroot-server]
  714. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  715. CipherString = DEFAULT:@SECLEVEL=0
  716. MaxProtocol = DTLSv1
  717. MinProtocol = DTLSv1
  718. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  719. VerifyMode = Require
  720. [29-client-auth-DTLSv1-noroot-client]
  721. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  722. CipherString = DEFAULT:@SECLEVEL=0
  723. MaxProtocol = DTLSv1
  724. MinProtocol = DTLSv1
  725. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  726. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  727. VerifyMode = Peer
  728. [test-29]
  729. ExpectedResult = ServerFail
  730. ExpectedServerAlert = UnknownCA
  731. Method = DTLS
  732. # ===========================================================
  733. [30-server-auth-DTLSv1.2]
  734. ssl_conf = 30-server-auth-DTLSv1.2-ssl
  735. [30-server-auth-DTLSv1.2-ssl]
  736. server = 30-server-auth-DTLSv1.2-server
  737. client = 30-server-auth-DTLSv1.2-client
  738. [30-server-auth-DTLSv1.2-server]
  739. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  740. CipherString = DEFAULT:@SECLEVEL=0
  741. MaxProtocol = DTLSv1.2
  742. MinProtocol = DTLSv1.2
  743. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  744. [30-server-auth-DTLSv1.2-client]
  745. CipherString = DEFAULT:@SECLEVEL=0
  746. MaxProtocol = DTLSv1.2
  747. MinProtocol = DTLSv1.2
  748. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  749. VerifyMode = Peer
  750. [test-30]
  751. ExpectedResult = Success
  752. Method = DTLS
  753. # ===========================================================
  754. [31-client-auth-DTLSv1.2-request]
  755. ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
  756. [31-client-auth-DTLSv1.2-request-ssl]
  757. server = 31-client-auth-DTLSv1.2-request-server
  758. client = 31-client-auth-DTLSv1.2-request-client
  759. [31-client-auth-DTLSv1.2-request-server]
  760. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  761. CipherString = DEFAULT:@SECLEVEL=0
  762. MaxProtocol = DTLSv1.2
  763. MinProtocol = DTLSv1.2
  764. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  765. VerifyMode = Request
  766. [31-client-auth-DTLSv1.2-request-client]
  767. CipherString = DEFAULT:@SECLEVEL=0
  768. MaxProtocol = DTLSv1.2
  769. MinProtocol = DTLSv1.2
  770. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  771. VerifyMode = Peer
  772. [test-31]
  773. ExpectedResult = Success
  774. Method = DTLS
  775. # ===========================================================
  776. [32-client-auth-DTLSv1.2-require-fail]
  777. ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
  778. [32-client-auth-DTLSv1.2-require-fail-ssl]
  779. server = 32-client-auth-DTLSv1.2-require-fail-server
  780. client = 32-client-auth-DTLSv1.2-require-fail-client
  781. [32-client-auth-DTLSv1.2-require-fail-server]
  782. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  783. CipherString = DEFAULT:@SECLEVEL=0
  784. MaxProtocol = DTLSv1.2
  785. MinProtocol = DTLSv1.2
  786. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  787. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  788. VerifyMode = Require
  789. [32-client-auth-DTLSv1.2-require-fail-client]
  790. CipherString = DEFAULT:@SECLEVEL=0
  791. MaxProtocol = DTLSv1.2
  792. MinProtocol = DTLSv1.2
  793. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  794. VerifyMode = Peer
  795. [test-32]
  796. ExpectedResult = ServerFail
  797. ExpectedServerAlert = HandshakeFailure
  798. Method = DTLS
  799. # ===========================================================
  800. [33-client-auth-DTLSv1.2-require]
  801. ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
  802. [33-client-auth-DTLSv1.2-require-ssl]
  803. server = 33-client-auth-DTLSv1.2-require-server
  804. client = 33-client-auth-DTLSv1.2-require-client
  805. [33-client-auth-DTLSv1.2-require-server]
  806. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  807. CipherString = DEFAULT:@SECLEVEL=0
  808. MaxProtocol = DTLSv1.2
  809. MinProtocol = DTLSv1.2
  810. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  811. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  812. VerifyMode = Request
  813. [33-client-auth-DTLSv1.2-require-client]
  814. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  815. CipherString = DEFAULT:@SECLEVEL=0
  816. MaxProtocol = DTLSv1.2
  817. MinProtocol = DTLSv1.2
  818. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  819. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  820. VerifyMode = Peer
  821. [test-33]
  822. ExpectedClientCANames = empty
  823. ExpectedClientCertType = RSA
  824. ExpectedResult = Success
  825. Method = DTLS
  826. # ===========================================================
  827. [34-client-auth-DTLSv1.2-require-non-empty-names]
  828. ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
  829. [34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
  830. server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
  831. client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
  832. [34-client-auth-DTLSv1.2-require-non-empty-names-server]
  833. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  834. CipherString = DEFAULT:@SECLEVEL=0
  835. ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  836. MaxProtocol = DTLSv1.2
  837. MinProtocol = DTLSv1.2
  838. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  839. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  840. VerifyMode = Request
  841. [34-client-auth-DTLSv1.2-require-non-empty-names-client]
  842. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  843. CipherString = DEFAULT:@SECLEVEL=0
  844. MaxProtocol = DTLSv1.2
  845. MinProtocol = DTLSv1.2
  846. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  847. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  848. VerifyMode = Peer
  849. [test-34]
  850. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  851. ExpectedClientCertType = RSA
  852. ExpectedResult = Success
  853. Method = DTLS
  854. # ===========================================================
  855. [35-client-auth-DTLSv1.2-noroot]
  856. ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
  857. [35-client-auth-DTLSv1.2-noroot-ssl]
  858. server = 35-client-auth-DTLSv1.2-noroot-server
  859. client = 35-client-auth-DTLSv1.2-noroot-client
  860. [35-client-auth-DTLSv1.2-noroot-server]
  861. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  862. CipherString = DEFAULT:@SECLEVEL=0
  863. MaxProtocol = DTLSv1.2
  864. MinProtocol = DTLSv1.2
  865. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  866. VerifyMode = Require
  867. [35-client-auth-DTLSv1.2-noroot-client]
  868. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  869. CipherString = DEFAULT:@SECLEVEL=0
  870. MaxProtocol = DTLSv1.2
  871. MinProtocol = DTLSv1.2
  872. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  873. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  874. VerifyMode = Peer
  875. [test-35]
  876. ExpectedResult = ServerFail
  877. ExpectedServerAlert = UnknownCA
  878. Method = DTLS