1
0

test-chains.conf 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
  1. # Tests will use complete chain with intermediate CA for testing
  2. # The tests with chains have the CRL checking disabled
  3. # CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted
  4. # For these tests we are loading root and sending intermediate and peer certs
  5. # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
  6. -v 3
  7. -l DHE-RSA-AES128-GCM-SHA256
  8. -A ./certs/ca-cert.pem
  9. -k ./certs/server-key.pem
  10. -c ./certs/intermediate/server-chain.pem
  11. -V
  12. # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
  13. -v 3
  14. -l DHE-RSA-AES128-GCM-SHA256
  15. -A ./certs/ca-cert.pem
  16. -k ./certs/client-key.pem
  17. -c ./certs/intermediate/client-chain.pem
  18. -C
  19. # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
  20. -v 3
  21. -l ECDHE-RSA-AES128-GCM-SHA256
  22. -A ./certs/ca-cert.pem
  23. -k ./certs/server-key.pem
  24. -c ./certs/intermediate/server-chain.pem
  25. -V
  26. # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
  27. -v 3
  28. -l ECDHE-RSA-AES128-GCM-SHA256
  29. -A ./certs/ca-cert.pem
  30. -k ./certs/client-key.pem
  31. -c ./certs/intermediate/client-chain.pem
  32. -C
  33. # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
  34. -v 3
  35. -l ECDHE-ECDSA-AES128-GCM-SHA256
  36. -A ./certs/ca-ecc-cert.pem
  37. -k ./certs/ecc-key.pem
  38. -c ./certs/intermediate/server-chain-ecc.pem
  39. -V
  40. # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
  41. -v 3
  42. -l ECDHE-ECDSA-AES128-GCM-SHA256
  43. -A ./certs/ca-ecc-cert.pem
  44. -k ./certs/ecc-client-key.pem
  45. -c ./certs/intermediate/client-chain-ecc.pem
  46. -C
  47. # server TLSv1.2 pathLen constraint test
  48. -v 3
  49. -l ECDHE-RSA-AES128-GCM-SHA256
  50. -k ./certs/test-pathlen/chainA-entity-key.pem
  51. -c ./certs/test-pathlen/chainA-assembled.pem
  52. -V
  53. # client TLSv1.2 pathLen constraint test
  54. -v 3
  55. -l ECDHE-RSA-AES128-GCM-SHA256
  56. -C
  57. # server TLSv1.2 pathLen constraint test
  58. -v 3
  59. -l ECDHE-RSA-AES128-GCM-SHA256
  60. -k ./certs/test-pathlen/chainB-entity-key.pem
  61. -c ./certs/test-pathlen/chainB-assembled.pem
  62. -V
  63. # client TLSv1.2 pathLen constraint test
  64. -v 3
  65. -l ECDHE-RSA-AES128-GCM-SHA256
  66. -C
  67. # server TLSv1.2 pathLen constraint test
  68. -v 3
  69. -l ECDHE-RSA-AES128-GCM-SHA256
  70. -k ./certs/test-pathlen/chainC-entity-key.pem
  71. -c ./certs/test-pathlen/chainC-assembled.pem
  72. -V
  73. # client TLSv1.2 pathLen constraint test
  74. -v 3
  75. -l ECDHE-RSA-AES128-GCM-SHA256
  76. -C
  77. # server TLSv1.2 pathLen constraint test
  78. -v 3
  79. -l ECDHE-RSA-AES128-GCM-SHA256
  80. -k ./certs/test-pathlen/chainD-entity-key.pem
  81. -c ./certs/test-pathlen/chainD-assembled.pem
  82. -V
  83. # client TLSv1.2 pathLen constraint test
  84. -v 3
  85. -l ECDHE-RSA-AES128-GCM-SHA256
  86. -C
  87. # server TLSv1.2 pathLen constraint test
  88. -v 3
  89. -l ECDHE-RSA-AES128-GCM-SHA256
  90. -k ./certs/test-pathlen/chainE-entity-key.pem
  91. -c ./certs/test-pathlen/chainE-assembled.pem
  92. -H exitWithRet
  93. -V
  94. # client TLSv1.2 pathLen constraint test
  95. -v 3
  96. -l ECDHE-RSA-AES128-GCM-SHA256
  97. -H exitWithRet
  98. -C
  99. # server TLSv1.2 pathLen constraint test
  100. -v 3
  101. -l ECDHE-RSA-AES128-GCM-SHA256
  102. -k ./certs/test-pathlen/chainF-entity-key.pem
  103. -c ./certs/test-pathlen/chainF-assembled.pem
  104. -H exitWithRet
  105. -V
  106. # client TLSv1.2 pathLen constraint test
  107. -v 3
  108. -l ECDHE-RSA-AES128-GCM-SHA256
  109. -H exitWithRet
  110. -C
  111. # server TLSv1.2 pathLen constraint test
  112. -v 3
  113. -l ECDHE-RSA-AES128-GCM-SHA256
  114. -k ./certs/test-pathlen/chainG-entity-key.pem
  115. -c ./certs/test-pathlen/chainG-assembled.pem
  116. -V
  117. # client TLSv1.2 pathLen constraint test
  118. -v 3
  119. -l ECDHE-RSA-AES128-GCM-SHA256
  120. -C
  121. # server TLSv1.2 pathLen constraint test
  122. -v 3
  123. -l ECDHE-RSA-AES128-GCM-SHA256
  124. -k ./certs/test-pathlen/chainH-entity-key.pem
  125. -c ./certs/test-pathlen/chainH-assembled.pem
  126. -H exitWithRet
  127. -V
  128. # client TLSv1.2 pathLen constraint test
  129. -v 3
  130. -l ECDHE-RSA-AES128-GCM-SHA256
  131. -H exitWithRet
  132. -C
  133. # server TLSv1.2 pathLen constraint test
  134. -v 3
  135. -l ECDHE-RSA-AES128-GCM-SHA256
  136. -k ./certs/test-pathlen/chainI-entity-key.pem
  137. -c ./certs/test-pathlen/chainI-assembled.pem
  138. -V
  139. # client TLSv1.2 pathLen constraint test
  140. -v 3
  141. -l ECDHE-RSA-AES128-GCM-SHA256
  142. -C
  143. # server TLSv1.2 pathLen constraint test
  144. -v 3
  145. -l ECDHE-RSA-AES128-GCM-SHA256
  146. -k ./certs/test-pathlen/chainJ-entity-key.pem
  147. -c ./certs/test-pathlen/chainJ-assembled.pem
  148. -H exitWithRet
  149. -V
  150. # client TLSv1.2 pathLen constraint test
  151. -v 3
  152. -l ECDHE-RSA-AES128-GCM-SHA256
  153. -H exitWithRet
  154. -C
  155. # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
  156. -v 4
  157. -l TLS13-AES128-GCM-SHA256
  158. -A ./certs/ca-cert.pem
  159. -k ./certs/server-key.pem
  160. -c ./certs/intermediate/server-chain.pem
  161. -V
  162. # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
  163. -v 4
  164. -l TLS13-AES128-GCM-SHA256
  165. -A ./certs/ca-cert.pem
  166. -k ./certs/client-key.pem
  167. -c ./certs/intermediate/client-chain.pem
  168. -C
  169. # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
  170. -v 4
  171. -l TLS13-AES128-GCM-SHA256
  172. -A ./certs/ca-ecc-cert.pem
  173. -k ./certs/ecc-key.pem
  174. -c ./certs/intermediate/server-chain-ecc.pem
  175. -V
  176. # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
  177. -v 4
  178. -l TLS13-AES128-GCM-SHA256
  179. -A ./certs/ca-ecc-cert.pem
  180. -k ./certs/ecc-client-key.pem
  181. -c ./certs/intermediate/client-chain-ecc.pem
  182. -C
  183. # Test will load intermediate CA as trusted and only present the peer cert (partial chain)
  184. # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
  185. -v 3
  186. -l DHE-RSA-AES128-GCM-SHA256
  187. -A ./certs/intermediate/ca-int2-cert.pem
  188. -k ./certs/server-key.pem
  189. -c ./certs/intermediate/server-int-cert.pem
  190. -V
  191. # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
  192. -v 3
  193. -l DHE-RSA-AES128-GCM-SHA256
  194. -A ./certs/intermediate/ca-int2-cert.pem
  195. -k ./certs/client-key.pem
  196. -c ./certs/intermediate/client-int-cert.pem
  197. -C
  198. # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
  199. -v 3
  200. -l ECDHE-RSA-AES128-GCM-SHA256
  201. -A ./certs/intermediate/ca-int2-cert.pem
  202. -k ./certs/server-key.pem
  203. -c ./certs/intermediate/server-int-cert.pem
  204. -V
  205. # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
  206. -v 3
  207. -l ECDHE-RSA-AES128-GCM-SHA256
  208. -A ./certs/intermediate/ca-int2-cert.pem
  209. -k ./certs/client-key.pem
  210. -c ./certs/intermediate/client-int-cert.pem
  211. -C
  212. # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
  213. -v 3
  214. -l ECDHE-ECDSA-AES128-GCM-SHA256
  215. -A ./certs/intermediate/ca-int2-ecc-cert.pem
  216. -k ./certs/ecc-key.pem
  217. -c ./certs/intermediate/server-int-ecc-cert.pem
  218. -V
  219. # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
  220. -v 3
  221. -l ECDHE-ECDSA-AES128-GCM-SHA256
  222. -A ./certs/intermediate/ca-int2-ecc-cert.pem
  223. -k ./certs/ecc-client-key.pem
  224. -c ./certs/intermediate/client-int-ecc-cert.pem
  225. -C
  226. # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
  227. -v 4
  228. -l TLS13-AES128-GCM-SHA256
  229. -A ./certs/intermediate/ca-int2-cert.pem
  230. -k ./certs/server-key.pem
  231. -c ./certs/intermediate/server-int-cert.pem
  232. -V
  233. # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
  234. -v 4
  235. -l TLS13-AES128-GCM-SHA256
  236. -A ./certs/intermediate/ca-int2-cert.pem
  237. -k ./certs/client-key.pem
  238. -c ./certs/intermediate/client-int-cert.pem
  239. -C
  240. # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
  241. -v 4
  242. -l TLS13-AES128-GCM-SHA256
  243. -A ./certs/intermediate/ca-int2-ecc-cert.pem
  244. -k ./certs/ecc-key.pem
  245. -c ./certs/intermediate/server-int-ecc-cert.pem
  246. -V
  247. # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
  248. -v 4
  249. -l TLS13-AES128-GCM-SHA256
  250. -A ./certs/intermediate/ca-int2-ecc-cert.pem
  251. -k ./certs/ecc-client-key.pem
  252. -c ./certs/intermediate/client-int-ecc-cert.pem
  253. -C
  254. # Test will use alternate chain where chain contains extra cert
  255. # These tests should fail
  256. # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
  257. -v 3
  258. -l DHE-RSA-AES128-GCM-SHA256
  259. -A ./certs/ca-cert.pem
  260. -k ./certs/server-key.pem
  261. -c ./certs/intermediate/server-chain-alt.pem
  262. -H exitWithRet
  263. -V
  264. # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
  265. -v 3
  266. -l DHE-RSA-AES128-GCM-SHA256
  267. -A ./certs/ca-cert.pem
  268. -k ./certs/client-key.pem
  269. -c ./certs/intermediate/client-chain-alt.pem
  270. -H exitWithRet
  271. -C
  272. # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
  273. -v 3
  274. -l ECDHE-RSA-AES128-GCM-SHA256
  275. -A ./certs/ca-cert.pem
  276. -k ./certs/server-key.pem
  277. -c ./certs/intermediate/server-chain-alt.pem
  278. -H exitWithRet
  279. -V
  280. # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
  281. -v 3
  282. -l ECDHE-RSA-AES128-GCM-SHA256
  283. -A ./certs/ca-cert.pem
  284. -k ./certs/client-key.pem
  285. -c ./certs/intermediate/client-chain-alt.pem
  286. -H exitWithRet
  287. -C
  288. # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
  289. -v 3
  290. -l ECDHE-ECDSA-AES128-GCM-SHA256
  291. -A ./certs/ca-ecc-cert.pem
  292. -k ./certs/ecc-key.pem
  293. -c ./certs/intermediate/server-chain-alt-ecc.pem
  294. -H exitWithRet
  295. -V
  296. # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
  297. -v 3
  298. -l ECDHE-ECDSA-AES128-GCM-SHA256
  299. -A ./certs/ca-ecc-cert.pem
  300. -k ./certs/ecc-client-key.pem
  301. -c ./certs/intermediate/client-chain-alt-ecc.pem
  302. -H exitWithRet
  303. -C
  304. # server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
  305. -v 4
  306. -l TLS13-AES128-GCM-SHA256
  307. -A ./certs/ca-cert.pem
  308. -k ./certs/server-key.pem
  309. -c ./certs/intermediate/server-chain-alt.pem
  310. -H exitWithRet
  311. -V
  312. # client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
  313. -v 4
  314. -l TLS13-AES128-GCM-SHA256
  315. -A ./certs/ca-cert.pem
  316. -k ./certs/client-key.pem
  317. -c ./certs/intermediate/client-chain-alt.pem
  318. -H exitWithRet
  319. -C
  320. # server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
  321. -v 4
  322. -l TLS13-AES128-GCM-SHA256
  323. -A ./certs/ca-ecc-cert.pem
  324. -k ./certs/ecc-key.pem
  325. -c ./certs/intermediate/server-chain-alt-ecc.pem
  326. -H exitWithRet
  327. -V
  328. # client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
  329. -v 4
  330. -l TLS13-AES128-GCM-SHA256
  331. -A ./certs/ca-ecc-cert.pem
  332. -k ./certs/ecc-client-key.pem
  333. -c ./certs/intermediate/client-chain-alt-ecc.pem
  334. -H exitWithRet
  335. -C