summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in')
-rw-r--r--deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in302
1 files changed, 302 insertions, 0 deletions
diff --git a/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in
new file mode 100644
index 0000000000..018dd825be
--- /dev/null
+++ b/deps/openssl/openssl/test/ssl-tests/26-tls13_client_auth.conf.in
@@ -0,0 +1,302 @@
+# -*- mode: perl; -*-
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test TLSv1.3 certificate authentication
+## Similar to 04-client_auth.conf.in output, but specific for
+## TLSv1.3 and post-handshake authentication
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+ {
+ name => "server-auth-TLSv1.3",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-request",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require-fail",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "Require",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "CertificateRequired",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "ClientSignatureAlgorithms" => "PSS+SHA256",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => "RSA-PSS",
+ "ExpectedClientSignHash" => "SHA256",
+ "ExpectedClientCANames" => "empty"
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require-non-empty-names",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "ClientSignatureAlgorithms" => "PSS+SHA256",
+ "ClientCAFile" => test_pem("root-cert.pem"),
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "Request",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => "RSA-PSS",
+ "ExpectedClientSignHash" => "SHA256",
+ "ExpectedClientCANames" => test_pem("root-cert.pem"),
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-noroot",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "Require",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "UnknownCA",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-request-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "RequestPostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "HandshakeMode" => "PostHandshakeAuth",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require-fail-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "RequirePostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "HandshakeMode" => "PostHandshakeAuth",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "ClientSignatureAlgorithms" => "PSS+SHA256",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "RequestPostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ extra => {
+ "EnablePHA" => "Yes",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "HandshakeMode" => "PostHandshakeAuth",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => "RSA-PSS",
+ "ExpectedClientSignHash" => "SHA256",
+ "ExpectedClientCANames" => "empty"
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "ClientSignatureAlgorithms" => "PSS+SHA256",
+ "ClientCAFile" => test_pem("root-cert.pem"),
+ "VerifyCAFile" => test_pem("root-cert.pem"),
+ "VerifyMode" => "RequestPostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ extra => {
+ "EnablePHA" => "Yes",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "HandshakeMode" => "PostHandshakeAuth",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => "RSA-PSS",
+ "ExpectedClientSignHash" => "SHA256",
+ "ExpectedClientCANames" => test_pem("root-cert.pem"),
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-noroot-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "RequirePostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ extra => {
+ "EnablePHA" => "Yes",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "HandshakeMode" => "PostHandshakeAuth",
+ "ExpectedServerAlert" => "UnknownCA",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-request-force-client-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "RequestPostHandshake",
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ extra => {
+ "EnablePHA" => "Yes",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "HandshakeMode" => "PostHandshakeAuth",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-request-force-server-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "RequestPostHandshake",
+ extra => {
+ "ForcePHA" => "Yes",
+ },
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ },
+ test => {
+ "ExpectedResult" => "ClientFail",
+ "HandshakeMode" => "PostHandshakeAuth",
+ },
+ },
+ {
+ name => "client-auth-TLSv1.3-request-force-both-post-handshake",
+ server => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ "VerifyMode" => "RequestPostHandshake",
+ extra => {
+ "ForcePHA" => "Yes",
+ },
+ },
+ client => {
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3",
+ extra => {
+ "EnablePHA" => "Yes",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ "HandshakeMode" => "PostHandshakeAuth",
+ },
+ },
+);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-13 14:01:05 +0000