|
@@ -166,6 +166,88 @@
|
|
|
-C
|
|
|
|
|
|
|
|
|
+# Test will use alternate chain where chain contains extra cert
|
|
|
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 3
|
|
|
+-l DHE-RSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/server-key.pem
|
|
|
+-c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-V
|
|
|
+
|
|
|
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 3
|
|
|
+-l DHE-RSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/client-key.pem
|
|
|
+-c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-C
|
|
|
+
|
|
|
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 3
|
|
|
+-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/server-key.pem
|
|
|
+-c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-V
|
|
|
+
|
|
|
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 3
|
|
|
+-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/client-key.pem
|
|
|
+-c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-C
|
|
|
+
|
|
|
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+-v 3
|
|
|
+-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-ecc-cert.pem
|
|
|
+-k ./certs/ecc-key.pem
|
|
|
+-c ./certs/intermediate/server-chain-alt-ecc.pem
|
|
|
+-V
|
|
|
+
|
|
|
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+-v 3
|
|
|
+-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-ecc-cert.pem
|
|
|
+-k ./certs/ecc-client-key.pem
|
|
|
+-c ./certs/intermediate/client-chain-alt-ecc.pem
|
|
|
+-C
|
|
|
+
|
|
|
+# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 4
|
|
|
+-l TLS13-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/server-key.pem
|
|
|
+-c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-V
|
|
|
+
|
|
|
+# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+-v 4
|
|
|
+-l TLS13-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-cert.pem
|
|
|
+-k ./certs/client-key.pem
|
|
|
+-c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-C
|
|
|
+
|
|
|
+# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+-v 4
|
|
|
+-l TLS13-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-ecc-cert.pem
|
|
|
+-k ./certs/ecc-key.pem
|
|
|
+-c ./certs/intermediate/server-chain-alt-ecc.pem
|
|
|
+-V
|
|
|
+
|
|
|
+# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+-v 4
|
|
|
+-l TLS13-AES128-GCM-SHA256
|
|
|
+-A ./certs/ca-ecc-cert.pem
|
|
|
+-k ./certs/ecc-client-key.pem
|
|
|
+-c ./certs/intermediate/client-chain-alt-ecc.pem
|
|
|
+-C
|
|
|
+
|
|
|
+
|
|
|
# Test will load intermediate2 CA as trusted and present full chain (where intermediate CA is not trusted)
|
|
|
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 3
|
|
@@ -248,83 +330,89 @@
|
|
|
-C
|
|
|
|
|
|
|
|
|
-# Test will use alternate chain where chain contains extra cert
|
|
|
-# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# Test will load intermediate2 CA as trusted and present full chain (where intermediate CA is not trusted)
|
|
|
+# These tests use the verify callback, but pass the preverify as result in myVerify callback
|
|
|
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l DHE-RSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/server-key.pem
|
|
|
--c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-c ./certs/intermediate/server-chain.pem
|
|
|
-V
|
|
|
|
|
|
-# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l DHE-RSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/client-key.pem
|
|
|
--c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-c ./certs/intermediate/client-chain.pem
|
|
|
-C
|
|
|
+-H verifyInfo
|
|
|
|
|
|
-# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/server-key.pem
|
|
|
--c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-c ./certs/intermediate/server-chain.pem
|
|
|
-V
|
|
|
|
|
|
-# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/client-key.pem
|
|
|
--c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-c ./certs/intermediate/client-chain.pem
|
|
|
-C
|
|
|
+-H verifyInfo
|
|
|
|
|
|
-# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-ecc-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-ecc-cert.pem
|
|
|
-k ./certs/ecc-key.pem
|
|
|
--c ./certs/intermediate/server-chain-alt-ecc.pem
|
|
|
+-c ./certs/intermediate/server-chain-ecc.pem
|
|
|
-V
|
|
|
|
|
|
-# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain
|
|
|
-v 3
|
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-ecc-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-ecc-cert.pem
|
|
|
-k ./certs/ecc-client-key.pem
|
|
|
--c ./certs/intermediate/client-chain-alt-ecc.pem
|
|
|
+-c ./certs/intermediate/client-chain-ecc.pem
|
|
|
-C
|
|
|
+-H verifyInfo
|
|
|
|
|
|
-# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 4
|
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/server-key.pem
|
|
|
--c ./certs/intermediate/server-chain-alt.pem
|
|
|
+-c ./certs/intermediate/server-chain.pem
|
|
|
-V
|
|
|
|
|
|
-# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain
|
|
|
+# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain
|
|
|
-v 4
|
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-cert.pem
|
|
|
-k ./certs/client-key.pem
|
|
|
--c ./certs/intermediate/client-chain-alt.pem
|
|
|
+-c ./certs/intermediate/client-chain.pem
|
|
|
-C
|
|
|
+-H verifyInfo
|
|
|
|
|
|
-# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain
|
|
|
-v 4
|
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-ecc-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-ecc-cert.pem
|
|
|
-k ./certs/ecc-key.pem
|
|
|
--c ./certs/intermediate/server-chain-alt-ecc.pem
|
|
|
+-c ./certs/intermediate/server-chain-ecc.pem
|
|
|
-V
|
|
|
|
|
|
-# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain
|
|
|
+# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain
|
|
|
-v 4
|
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
--A ./certs/ca-ecc-cert.pem
|
|
|
+-A ./certs/intermediate/ca-int2-ecc-cert.pem
|
|
|
-k ./certs/ecc-client-key.pem
|
|
|
--c ./certs/intermediate/client-chain-alt-ecc.pem
|
|
|
+-c ./certs/intermediate/client-chain-ecc.pem
|
|
|
-C
|
|
|
+-H verifyInfo
|