wolfssl/tests/test-fails.conf

# server bad certificate common name has null
# DG: Have not found a way to properly encode null in common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badcnnull.pem
-d

# client bad certificate common name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badcnnull.pem
-m
-x

# server bad certificate alternate name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badaltnull.pem
-d

# client bad certificate alternate name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltnull.pem
-m
-x

# server nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badcn.pem
-d

# client nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badcn.pem
-m
-x

# server nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badaltname.pem
-d

# client nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltname.pem
-m
-x

# server RSA no signer error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256

# client RSA no signer error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/client-cert.pem

# server ECC no signer error
#-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem

# client ECC no signer error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/client-ecc-cert.pem

# server RSA bad sig error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem

# client RSA bad sig error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256

# server ECC bad sig error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem

# client ECC bad sig error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256

# server missing CN from alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-garbage.pem

# client missing CN from alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-garbage.pem
-m

# Verify Callback Failure Tests
# no error going into callback, return error
# server
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail

# client verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail

# server verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail

# client
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail

# server
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail

# client verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail

# server verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail

# client
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail

# error going into callback, return error
# server
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem
-k ./certs/server-key.pem
-H verifyFail

# client verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail

# server
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem
-k ./certs/ecc-key.pem
-H verifyFail

# client verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail

# server send alert on no mutual authentication
-v 3
-F
-H verifyFail

# client send alert on no mutual authentication
-v 3
-x
-H verifyFail

# server TLSv1.3 fail on no client certificate
# server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d
-v 4
-l TLS13-AES128-GCM-SHA256

# client TLSv1.3 no client certificate
-v 4
-l TLS13-AES128-GCM-SHA256
-x