test-fails.conf 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
  1. # server bad certificate common name has null
  2. # DG: Have not found a way to properly encode null in common name
  3. -v 3
  4. -l ECDHE-RSA-AES128-GCM-SHA256
  5. -k ./certs/server-key.pem
  6. -c ./certs/test/server-badcnnull.pem
  7. -d
  8. # client bad certificate common name has null
  9. -v 3
  10. -l ECDHE-RSA-AES128-GCM-SHA256
  11. -h localhost
  12. -A ./certs/test/server-badcnnull.pem
  13. -m
  14. -x
  15. # server bad certificate alternate name has null
  16. -v 3
  17. -l ECDHE-RSA-AES128-GCM-SHA256
  18. -k ./certs/server-key.pem
  19. -c ./certs/test/server-badaltnull.pem
  20. -d
  21. # client bad certificate alternate name has null
  22. -v 3
  23. -l ECDHE-RSA-AES128-GCM-SHA256
  24. -h localhost
  25. -A ./certs/test/server-badaltnull.pem
  26. -m
  27. -x
  28. # server nomatch common name
  29. -v 3
  30. -l ECDHE-RSA-AES128-GCM-SHA256
  31. -k ./certs/server-key.pem
  32. -c ./certs/test/server-badcn.pem
  33. -d
  34. # client nomatch common name
  35. -v 3
  36. -l ECDHE-RSA-AES128-GCM-SHA256
  37. -h localhost
  38. -A ./certs/test/server-badcn.pem
  39. -m
  40. -x
  41. # server nomatch alternate name
  42. -v 3
  43. -l ECDHE-RSA-AES128-GCM-SHA256
  44. -k ./certs/server-key.pem
  45. -c ./certs/test/server-badaltname.pem
  46. -d
  47. # client nomatch alternate name
  48. -v 3
  49. -l ECDHE-RSA-AES128-GCM-SHA256
  50. -h localhost
  51. -A ./certs/test/server-badaltname.pem
  52. -m
  53. -x
  54. # server RSA no signer error
  55. -v 3
  56. -l ECDHE-RSA-AES128-GCM-SHA256
  57. # client RSA no signer error
  58. -v 3
  59. -l ECDHE-RSA-AES128-GCM-SHA256
  60. -A ./certs/client-cert.pem
  61. # server ECC no signer error
  62. #-v 3
  63. -l ECDHE-ECDSA-AES128-GCM-SHA256
  64. -c ./certs/server-ecc.pem
  65. -k ./certs/ecc-key.pem
  66. # client ECC no signer error
  67. -v 3
  68. -l ECDHE-ECDSA-AES128-GCM-SHA256
  69. -A ./certs/client-ecc-cert.pem
  70. # server RSA bad sig error
  71. -v 3
  72. -l ECDHE-RSA-AES128-GCM-SHA256
  73. -c ./certs/test/server-cert-rsa-badsig.pem
  74. # client RSA bad sig error
  75. -v 3
  76. -l ECDHE-RSA-AES128-GCM-SHA256
  77. # server ECC bad sig error
  78. -v 3
  79. -l ECDHE-ECDSA-AES128-GCM-SHA256
  80. -c ./certs/test/server-cert-ecc-badsig.pem
  81. # client ECC bad sig error
  82. -v 3
  83. -l ECDHE-ECDSA-AES128-GCM-SHA256
  84. # server missing CN from alternate names list
  85. -v 3
  86. -l ECDHE-RSA-AES128-GCM-SHA256
  87. -c ./certs/test/server-garbage.pem
  88. # client missing CN from alternate names list
  89. -v 3
  90. -l ECDHE-RSA-AES128-GCM-SHA256
  91. -h localhost
  92. -A ./certs/test/server-garbage.pem
  93. -m
  94. # Verify Callback Failure Tests
  95. # no error going into callback, return error
  96. # server
  97. -v 3
  98. -l ECDHE-RSA-AES128-GCM-SHA256
  99. -H verifyFail
  100. # client verify should fail
  101. -v 3
  102. -l ECDHE-RSA-AES128-GCM-SHA256
  103. -H verifyFail
  104. # server verify should fail
  105. -v 3
  106. -l ECDHE-RSA-AES128-GCM-SHA256
  107. -H verifyFail
  108. # client
  109. -v 3
  110. -l ECDHE-RSA-AES128-GCM-SHA256
  111. -H verifyFail
  112. # server
  113. -v 3
  114. -l ECDHE-ECDSA-AES128-GCM-SHA256
  115. -H verifyFail
  116. # client verify should fail
  117. -v 3
  118. -l ECDHE-ECDSA-AES128-GCM-SHA256
  119. -H verifyFail
  120. # server verify should fail
  121. -v 3
  122. -l ECDHE-ECDSA-AES128-GCM-SHA256
  123. -H verifyFail
  124. # client
  125. -v 3
  126. -l ECDHE-ECDSA-AES128-GCM-SHA256
  127. -H verifyFail
  128. # error going into callback, return error
  129. # server
  130. -v 3
  131. -l ECDHE-RSA-AES128-GCM-SHA256
  132. -c ./certs/test/server-cert-rsa-badsig.pem
  133. -k ./certs/server-key.pem
  134. -H verifyFail
  135. # client verify should fail
  136. -v 3
  137. -l ECDHE-RSA-AES128-GCM-SHA256
  138. -H verifyFail
  139. # server
  140. -v 3
  141. -l ECDHE-ECDSA-AES128-GCM-SHA256
  142. -c ./certs/test/server-cert-ecc-badsig.pem
  143. -k ./certs/ecc-key.pem
  144. -H verifyFail
  145. # client verify should fail
  146. -v 3
  147. -l ECDHE-ECDSA-AES128-GCM-SHA256
  148. -H verifyFail
  149. # server send alert on no mutual authentication
  150. -v 3
  151. -F
  152. -H verifyFail
  153. # client send alert on no mutual authentication
  154. -v 3
  155. -x
  156. -H verifyFail
  157. # server TLSv1.3 fail on no client certificate
  158. # server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d
  159. -v 4
  160. -l TLS13-AES128-GCM-SHA256
  161. # client TLSv1.3 no client certificate
  162. -v 4
  163. -l TLS13-AES128-GCM-SHA256
  164. -x