Codebase list openssl / b2c4909
Add a test for RSA key exchange with both RSA and RSA-PSS certs Check that we use an RSA certificate if an RSA key exchange ciphersuite is being used and we have both RSA and RSA-PSS certificates configured. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7099) Matt Caswell 5 years ago
2 changed file(s) with 494 addition(s) and 411 deletion(s). Raw diff Collapse all Expand all
+464
-411
test/ssl-tests/20-cert-select.conf less more
00 # Generated with generate_ssl_tests.pl
11
2 num_tests = 47
2 num_tests = 49
33
44 test-0 = 0-ECDSA CipherString Selection
55 test-1 = 1-ECDSA CipherString Selection
2323 test-19 = 19-RSA-PSS Certificate Unified Signature Algorithm Selection
2424 test-20 = 20-Only RSA-PSS Certificate
2525 test-21 = 21-RSA-PSS Certificate, no PSS signature algorithms
26 test-22 = 22-Suite B P-256 Hash Algorithm Selection
27 test-23 = 23-Suite B P-384 Hash Algorithm Selection
28 test-24 = 24-TLS 1.2 Ed25519 Client Auth
29 test-25 = 25-TLS 1.2 Ed448 Client Auth
30 test-26 = 26-Only RSA-PSS Certificate, TLS v1.1
31 test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection
32 test-28 = 28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
33 test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
34 test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
35 test-31 = 31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
36 test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
37 test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection, no PSS
38 test-34 = 34-TLS 1.3 RSA-PSS Signature Algorithm Selection
39 test-35 = 35-TLS 1.3 Ed25519 Signature Algorithm Selection
40 test-36 = 36-TLS 1.3 Ed448 Signature Algorithm Selection
41 test-37 = 37-TLS 1.3 Ed25519 CipherString and Groups Selection
42 test-38 = 38-TLS 1.3 Ed448 CipherString and Groups Selection
43 test-39 = 39-TLS 1.3 RSA Client Auth Signature Algorithm Selection
44 test-40 = 40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
45 test-41 = 41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
46 test-42 = 42-TLS 1.3 Ed25519 Client Auth
47 test-43 = 43-TLS 1.3 Ed448 Client Auth
48 test-44 = 44-TLS 1.2 DSA Certificate Test
49 test-45 = 45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
50 test-46 = 46-TLS 1.3 DSA Certificate Test
26 test-22 = 22-RSA key exchange with all RSA certificate types
27 test-23 = 23-RSA key exchange with only RSA-PSS certificate
28 test-24 = 24-Suite B P-256 Hash Algorithm Selection
29 test-25 = 25-Suite B P-384 Hash Algorithm Selection
30 test-26 = 26-TLS 1.2 Ed25519 Client Auth
31 test-27 = 27-TLS 1.2 Ed448 Client Auth
32 test-28 = 28-Only RSA-PSS Certificate, TLS v1.1
33 test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection
34 test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
35 test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
36 test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
37 test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
38 test-34 = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
39 test-35 = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS
40 test-36 = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection
41 test-37 = 37-TLS 1.3 Ed25519 Signature Algorithm Selection
42 test-38 = 38-TLS 1.3 Ed448 Signature Algorithm Selection
43 test-39 = 39-TLS 1.3 Ed25519 CipherString and Groups Selection
44 test-40 = 40-TLS 1.3 Ed448 CipherString and Groups Selection
45 test-41 = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection
46 test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
47 test-43 = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
48 test-44 = 44-TLS 1.3 Ed25519 Client Auth
49 test-45 = 45-TLS 1.3 Ed448 Client Auth
50 test-46 = 46-TLS 1.2 DSA Certificate Test
51 test-47 = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
52 test-48 = 48-TLS 1.3 DSA Certificate Test
5153 # ===========================================================
5254
5355 [0-ECDSA CipherString Selection]
765767
766768 # ===========================================================
767769
768 [22-Suite B P-256 Hash Algorithm Selection]
769 ssl_conf = 22-Suite B P-256 Hash Algorithm Selection-ssl
770
771 [22-Suite B P-256 Hash Algorithm Selection-ssl]
772 server = 22-Suite B P-256 Hash Algorithm Selection-server
773 client = 22-Suite B P-256 Hash Algorithm Selection-client
774
775 [22-Suite B P-256 Hash Algorithm Selection-server]
770 [22-RSA key exchange with all RSA certificate types]
771 ssl_conf = 22-RSA key exchange with all RSA certificate types-ssl
772
773 [22-RSA key exchange with all RSA certificate types-ssl]
774 server = 22-RSA key exchange with all RSA certificate types-server
775 client = 22-RSA key exchange with all RSA certificate types-client
776
777 [22-RSA key exchange with all RSA certificate types-server]
778 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
779 CipherString = DEFAULT
780 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
781 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
782 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
783
784 [22-RSA key exchange with all RSA certificate types-client]
785 CipherString = kRSA
786 MaxProtocol = TLSv1.2
787 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
788 VerifyMode = Peer
789
790 [test-22]
791 ExpectedResult = Success
792 ExpectedServerCertType = RSA
793
794
795 # ===========================================================
796
797 [23-RSA key exchange with only RSA-PSS certificate]
798 ssl_conf = 23-RSA key exchange with only RSA-PSS certificate-ssl
799
800 [23-RSA key exchange with only RSA-PSS certificate-ssl]
801 server = 23-RSA key exchange with only RSA-PSS certificate-server
802 client = 23-RSA key exchange with only RSA-PSS certificate-client
803
804 [23-RSA key exchange with only RSA-PSS certificate-server]
805 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
806 CipherString = DEFAULT
807 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
808
809 [23-RSA key exchange with only RSA-PSS certificate-client]
810 CipherString = kRSA
811 MaxProtocol = TLSv1.2
812 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
813 VerifyMode = Peer
814
815 [test-23]
816 ExpectedResult = ServerFail
817
818
819 # ===========================================================
820
821 [24-Suite B P-256 Hash Algorithm Selection]
822 ssl_conf = 24-Suite B P-256 Hash Algorithm Selection-ssl
823
824 [24-Suite B P-256 Hash Algorithm Selection-ssl]
825 server = 24-Suite B P-256 Hash Algorithm Selection-server
826 client = 24-Suite B P-256 Hash Algorithm Selection-client
827
828 [24-Suite B P-256 Hash Algorithm Selection-server]
776829 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
777830 CipherString = SUITEB128
778831 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
780833 MaxProtocol = TLSv1.2
781834 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
782835
783 [22-Suite B P-256 Hash Algorithm Selection-client]
836 [24-Suite B P-256 Hash Algorithm Selection-client]
784837 CipherString = DEFAULT
785838 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
786839 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
787840 VerifyMode = Peer
788841
789 [test-22]
842 [test-24]
790843 ExpectedResult = Success
791844 ExpectedServerCertType = P-256
792845 ExpectedServerSignHash = SHA256
795848
796849 # ===========================================================
797850
798 [23-Suite B P-384 Hash Algorithm Selection]
799 ssl_conf = 23-Suite B P-384 Hash Algorithm Selection-ssl
800
801 [23-Suite B P-384 Hash Algorithm Selection-ssl]
802 server = 23-Suite B P-384 Hash Algorithm Selection-server
803 client = 23-Suite B P-384 Hash Algorithm Selection-client
804
805 [23-Suite B P-384 Hash Algorithm Selection-server]
851 [25-Suite B P-384 Hash Algorithm Selection]
852 ssl_conf = 25-Suite B P-384 Hash Algorithm Selection-ssl
853
854 [25-Suite B P-384 Hash Algorithm Selection-ssl]
855 server = 25-Suite B P-384 Hash Algorithm Selection-server
856 client = 25-Suite B P-384 Hash Algorithm Selection-client
857
858 [25-Suite B P-384 Hash Algorithm Selection-server]
806859 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
807860 CipherString = SUITEB128
808861 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
810863 MaxProtocol = TLSv1.2
811864 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
812865
813 [23-Suite B P-384 Hash Algorithm Selection-client]
866 [25-Suite B P-384 Hash Algorithm Selection-client]
814867 CipherString = DEFAULT
815868 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
816869 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
817870 VerifyMode = Peer
818871
819 [test-23]
872 [test-25]
820873 ExpectedResult = Success
821874 ExpectedServerCertType = P-384
822875 ExpectedServerSignHash = SHA384
825878
826879 # ===========================================================
827880
828 [24-TLS 1.2 Ed25519 Client Auth]
829 ssl_conf = 24-TLS 1.2 Ed25519 Client Auth-ssl
830
831 [24-TLS 1.2 Ed25519 Client Auth-ssl]
832 server = 24-TLS 1.2 Ed25519 Client Auth-server
833 client = 24-TLS 1.2 Ed25519 Client Auth-client
834
835 [24-TLS 1.2 Ed25519 Client Auth-server]
881 [26-TLS 1.2 Ed25519 Client Auth]
882 ssl_conf = 26-TLS 1.2 Ed25519 Client Auth-ssl
883
884 [26-TLS 1.2 Ed25519 Client Auth-ssl]
885 server = 26-TLS 1.2 Ed25519 Client Auth-server
886 client = 26-TLS 1.2 Ed25519 Client Auth-client
887
888 [26-TLS 1.2 Ed25519 Client Auth-server]
836889 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
837890 CipherString = DEFAULT
838891 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
839892 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
840893 VerifyMode = Require
841894
842 [24-TLS 1.2 Ed25519 Client Auth-client]
895 [26-TLS 1.2 Ed25519 Client Auth-client]
843896 CipherString = DEFAULT
844897 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
845898 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
848901 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
849902 VerifyMode = Peer
850903
851 [test-24]
904 [test-26]
852905 ExpectedClientCertType = Ed25519
853906 ExpectedClientSignType = Ed25519
854907 ExpectedResult = Success
856909
857910 # ===========================================================
858911
859 [25-TLS 1.2 Ed448 Client Auth]
860 ssl_conf = 25-TLS 1.2 Ed448 Client Auth-ssl
861
862 [25-TLS 1.2 Ed448 Client Auth-ssl]
863 server = 25-TLS 1.2 Ed448 Client Auth-server
864 client = 25-TLS 1.2 Ed448 Client Auth-client
865
866 [25-TLS 1.2 Ed448 Client Auth-server]
912 [27-TLS 1.2 Ed448 Client Auth]
913 ssl_conf = 27-TLS 1.2 Ed448 Client Auth-ssl
914
915 [27-TLS 1.2 Ed448 Client Auth-ssl]
916 server = 27-TLS 1.2 Ed448 Client Auth-server
917 client = 27-TLS 1.2 Ed448 Client Auth-client
918
919 [27-TLS 1.2 Ed448 Client Auth-server]
867920 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
868921 CipherString = DEFAULT
869922 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
870923 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
871924 VerifyMode = Require
872925
873 [25-TLS 1.2 Ed448 Client Auth-client]
926 [27-TLS 1.2 Ed448 Client Auth-client]
874927 CipherString = DEFAULT
875928 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
876929 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
879932 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
880933 VerifyMode = Peer
881934
882 [test-25]
935 [test-27]
883936 ExpectedClientCertType = Ed448
884937 ExpectedClientSignType = Ed448
885938 ExpectedResult = Success
887940
888941 # ===========================================================
889942
890 [26-Only RSA-PSS Certificate, TLS v1.1]
891 ssl_conf = 26-Only RSA-PSS Certificate, TLS v1.1-ssl
892
893 [26-Only RSA-PSS Certificate, TLS v1.1-ssl]
894 server = 26-Only RSA-PSS Certificate, TLS v1.1-server
895 client = 26-Only RSA-PSS Certificate, TLS v1.1-client
896
897 [26-Only RSA-PSS Certificate, TLS v1.1-server]
943 [28-Only RSA-PSS Certificate, TLS v1.1]
944 ssl_conf = 28-Only RSA-PSS Certificate, TLS v1.1-ssl
945
946 [28-Only RSA-PSS Certificate, TLS v1.1-ssl]
947 server = 28-Only RSA-PSS Certificate, TLS v1.1-server
948 client = 28-Only RSA-PSS Certificate, TLS v1.1-client
949
950 [28-Only RSA-PSS Certificate, TLS v1.1-server]
898951 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
899952 CipherString = DEFAULT
900953 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
901954
902 [26-Only RSA-PSS Certificate, TLS v1.1-client]
955 [28-Only RSA-PSS Certificate, TLS v1.1-client]
903956 CipherString = DEFAULT
904957 MaxProtocol = TLSv1.1
905958 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
906959 VerifyMode = Peer
907960
908 [test-26]
961 [test-28]
909962 ExpectedResult = ServerFail
910963
911964
912965 # ===========================================================
913966
914 [27-TLS 1.3 ECDSA Signature Algorithm Selection]
915 ssl_conf = 27-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
916
917 [27-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
918 server = 27-TLS 1.3 ECDSA Signature Algorithm Selection-server
919 client = 27-TLS 1.3 ECDSA Signature Algorithm Selection-client
920
921 [27-TLS 1.3 ECDSA Signature Algorithm Selection-server]
922 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
923 CipherString = DEFAULT
924 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
925 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
926 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
927 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
928 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
929 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
930 MaxProtocol = TLSv1.3
931 MinProtocol = TLSv1.3
932 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
933
934 [27-TLS 1.3 ECDSA Signature Algorithm Selection-client]
967 [29-TLS 1.3 ECDSA Signature Algorithm Selection]
968 ssl_conf = 29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
969
970 [29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
971 server = 29-TLS 1.3 ECDSA Signature Algorithm Selection-server
972 client = 29-TLS 1.3 ECDSA Signature Algorithm Selection-client
973
974 [29-TLS 1.3 ECDSA Signature Algorithm Selection-server]
975 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
976 CipherString = DEFAULT
977 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
978 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
979 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
980 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
981 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
982 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
983 MaxProtocol = TLSv1.3
984 MinProtocol = TLSv1.3
985 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
986
987 [29-TLS 1.3 ECDSA Signature Algorithm Selection-client]
935988 CipherString = DEFAULT
936989 SignatureAlgorithms = ECDSA+SHA256
937990 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
938991 VerifyMode = Peer
939992
940 [test-27]
993 [test-29]
941994 ExpectedResult = Success
942995 ExpectedServerCANames = empty
943996 ExpectedServerCertType = P-256
9471000
9481001 # ===========================================================
9491002
950 [28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
951 ssl_conf = 28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
952
953 [28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
954 server = 28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
955 client = 28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
956
957 [28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1003 [30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1004 ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1005
1006 [30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1007 server = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1008 client = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1009
1010 [30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
9581011 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
9591012 CipherString = DEFAULT
9601013 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
9631016 MinProtocol = TLSv1.3
9641017 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
9651018
966 [28-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1019 [30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
9671020 CipherString = DEFAULT
9681021 SignatureAlgorithms = ECDSA+SHA256
9691022 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
9701023 VerifyMode = Peer
9711024
972 [test-28]
1025 [test-30]
9731026 ExpectedResult = Success
9741027 ExpectedServerCANames = empty
9751028 ExpectedServerCertType = P-256
9791032
9801033 # ===========================================================
9811034
982 [29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
983 ssl_conf = 29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
984
985 [29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
986 server = 29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
987 client = 29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
988
989 [29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
990 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
991 CipherString = DEFAULT
992 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
993 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
994 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
995 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
996 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
997 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
998 MaxProtocol = TLSv1.3
999 MinProtocol = TLSv1.3
1000 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1001
1002 [29-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1035 [31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1036 ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1037
1038 [31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1039 server = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1040 client = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1041
1042 [31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1043 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1044 CipherString = DEFAULT
1045 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1046 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1047 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1048 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1049 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1050 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1051 MaxProtocol = TLSv1.3
1052 MinProtocol = TLSv1.3
1053 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1054
1055 [31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
10031056 CipherString = DEFAULT
10041057 SignatureAlgorithms = ECDSA+SHA1
10051058 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
10061059 VerifyMode = Peer
10071060
1008 [test-29]
1061 [test-31]
10091062 ExpectedResult = ServerFail
10101063
10111064
10121065 # ===========================================================
10131066
1014 [30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1015 ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1016
1017 [30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1018 server = 30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1019 client = 30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1020
1021 [30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1022 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1023 CipherString = DEFAULT
1024 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1025 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1026 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1027 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1028 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1029 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1030 MaxProtocol = TLSv1.3
1031 MinProtocol = TLSv1.3
1032 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1033
1034 [30-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1067 [32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1068 ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1069
1070 [32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1071 server = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1072 client = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1073
1074 [32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1075 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1076 CipherString = DEFAULT
1077 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1078 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1079 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1080 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1081 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1082 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1083 MaxProtocol = TLSv1.3
1084 MinProtocol = TLSv1.3
1085 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1086
1087 [32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
10351088 CipherString = DEFAULT
10361089 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
10371090 SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
10381091 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
10391092 VerifyMode = Peer
10401093
1041 [test-30]
1094 [test-32]
10421095 ExpectedResult = Success
10431096 ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
10441097 ExpectedServerCertType = P-256
10481101
10491102 # ===========================================================
10501103
1051 [31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1052 ssl_conf = 31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1053
1054 [31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1055 server = 31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1056 client = 31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1057
1058 [31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1059 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1060 CipherString = DEFAULT
1061 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1062 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1063 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1064 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1065 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1066 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1067 MaxProtocol = TLSv1.3
1068 MinProtocol = TLSv1.3
1069 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1070
1071 [31-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1104 [33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1105 ssl_conf = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1106
1107 [33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1108 server = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1109 client = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1110
1111 [33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1112 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1113 CipherString = DEFAULT
1114 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1115 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1116 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1117 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1118 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1119 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1120 MaxProtocol = TLSv1.3
1121 MinProtocol = TLSv1.3
1122 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1123
1124 [33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
10721125 CipherString = DEFAULT
10731126 SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
10741127 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
10751128 VerifyMode = Peer
10761129
1077 [test-31]
1130 [test-33]
10781131 ExpectedResult = Success
10791132 ExpectedServerCertType = RSA
10801133 ExpectedServerSignHash = SHA384
10831136
10841137 # ===========================================================
10851138
1086 [32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1087 ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1088
1089 [32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1090 server = 32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1091 client = 32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1092
1093 [32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1094 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1095 CipherString = DEFAULT
1096 MaxProtocol = TLSv1.3
1097 MinProtocol = TLSv1.3
1098 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1099
1100 [32-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1139 [34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1140 ssl_conf = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1141
1142 [34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1143 server = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1144 client = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1145
1146 [34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1147 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1148 CipherString = DEFAULT
1149 MaxProtocol = TLSv1.3
1150 MinProtocol = TLSv1.3
1151 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1152
1153 [34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
11011154 CipherString = DEFAULT
11021155 SignatureAlgorithms = ECDSA+SHA256
11031156 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
11041157 VerifyMode = Peer
11051158
1106 [test-32]
1159 [test-34]
11071160 ExpectedResult = ServerFail
11081161
11091162
11101163 # ===========================================================
11111164
1112 [33-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1113 ssl_conf = 33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1114
1115 [33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1116 server = 33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1117 client = 33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1118
1119 [33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1120 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1121 CipherString = DEFAULT
1122 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1123 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1124 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1125 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1126 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1127 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1128 MaxProtocol = TLSv1.3
1129 MinProtocol = TLSv1.3
1130 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1131
1132 [33-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1165 [35-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1166 ssl_conf = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1167
1168 [35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1169 server = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1170 client = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1171
1172 [35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1173 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1174 CipherString = DEFAULT
1175 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1176 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1177 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1178 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1179 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1180 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1181 MaxProtocol = TLSv1.3
1182 MinProtocol = TLSv1.3
1183 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1184
1185 [35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
11331186 CipherString = DEFAULT
11341187 SignatureAlgorithms = RSA+SHA256
11351188 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
11361189 VerifyMode = Peer
11371190
1138 [test-33]
1191 [test-35]
11391192 ExpectedResult = ServerFail
11401193
11411194
11421195 # ===========================================================
11431196
1144 [34-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1145 ssl_conf = 34-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1146
1147 [34-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1148 server = 34-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1149 client = 34-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1150
1151 [34-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1152 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1153 CipherString = DEFAULT
1154 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1155 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1156 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1157 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1158 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1159 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1160 MaxProtocol = TLSv1.3
1161 MinProtocol = TLSv1.3
1162 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1163
1164 [34-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1197 [36-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1198 ssl_conf = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1199
1200 [36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1201 server = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1202 client = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1203
1204 [36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1205 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1206 CipherString = DEFAULT
1207 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1208 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1209 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1210 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1211 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1212 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1213 MaxProtocol = TLSv1.3
1214 MinProtocol = TLSv1.3
1215 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1216
1217 [36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
11651218 CipherString = DEFAULT
11661219 SignatureAlgorithms = RSA-PSS+SHA256
11671220 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
11681221 VerifyMode = Peer
11691222
1170 [test-34]
1223 [test-36]
11711224 ExpectedResult = Success
11721225 ExpectedServerCertType = RSA
11731226 ExpectedServerSignHash = SHA256
11761229
11771230 # ===========================================================
11781231
1179 [35-TLS 1.3 Ed25519 Signature Algorithm Selection]
1180 ssl_conf = 35-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1181
1182 [35-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1183 server = 35-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1184 client = 35-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1185
1186 [35-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1187 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1188 CipherString = DEFAULT
1189 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1190 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1191 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1192 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1193 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1194 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1195 MaxProtocol = TLSv1.3
1196 MinProtocol = TLSv1.3
1197 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1198
1199 [35-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1232 [37-TLS 1.3 Ed25519 Signature Algorithm Selection]
1233 ssl_conf = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1234
1235 [37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1236 server = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1237 client = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1238
1239 [37-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1240 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1241 CipherString = DEFAULT
1242 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1243 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1244 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1245 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1246 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1247 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1248 MaxProtocol = TLSv1.3
1249 MinProtocol = TLSv1.3
1250 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1251
1252 [37-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
12001253 CipherString = DEFAULT
12011254 SignatureAlgorithms = ed25519
12021255 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
12031256 VerifyMode = Peer
12041257
1205 [test-35]
1258 [test-37]
12061259 ExpectedResult = Success
12071260 ExpectedServerCertType = Ed25519
12081261 ExpectedServerSignType = Ed25519
12101263
12111264 # ===========================================================
12121265
1213 [36-TLS 1.3 Ed448 Signature Algorithm Selection]
1214 ssl_conf = 36-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1215
1216 [36-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1217 server = 36-TLS 1.3 Ed448 Signature Algorithm Selection-server
1218 client = 36-TLS 1.3 Ed448 Signature Algorithm Selection-client
1219
1220 [36-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1221 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1222 CipherString = DEFAULT
1223 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1224 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1225 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1226 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1227 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1228 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1229 MaxProtocol = TLSv1.3
1230 MinProtocol = TLSv1.3
1231 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1232
1233 [36-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1266 [38-TLS 1.3 Ed448 Signature Algorithm Selection]
1267 ssl_conf = 38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1268
1269 [38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1270 server = 38-TLS 1.3 Ed448 Signature Algorithm Selection-server
1271 client = 38-TLS 1.3 Ed448 Signature Algorithm Selection-client
1272
1273 [38-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1274 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1275 CipherString = DEFAULT
1276 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1277 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1278 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1279 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1280 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1281 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1282 MaxProtocol = TLSv1.3
1283 MinProtocol = TLSv1.3
1284 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1285
1286 [38-TLS 1.3 Ed448 Signature Algorithm Selection-client]
12341287 CipherString = DEFAULT
12351288 SignatureAlgorithms = ed448
12361289 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
12371290 VerifyMode = Peer
12381291
1239 [test-36]
1292 [test-38]
12401293 ExpectedResult = Success
12411294 ExpectedServerCertType = Ed448
12421295 ExpectedServerSignType = Ed448
12441297
12451298 # ===========================================================
12461299
1247 [37-TLS 1.3 Ed25519 CipherString and Groups Selection]
1248 ssl_conf = 37-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1249
1250 [37-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1251 server = 37-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1252 client = 37-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1253
1254 [37-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1255 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1256 CipherString = DEFAULT
1257 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1258 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1259 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1260 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1261 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1262 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1263 MaxProtocol = TLSv1.3
1264 MinProtocol = TLSv1.3
1265 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1266
1267 [37-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1300 [39-TLS 1.3 Ed25519 CipherString and Groups Selection]
1301 ssl_conf = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1302
1303 [39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1304 server = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1305 client = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1306
1307 [39-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1308 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1309 CipherString = DEFAULT
1310 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1311 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1312 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1313 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1314 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1315 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1316 MaxProtocol = TLSv1.3
1317 MinProtocol = TLSv1.3
1318 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1319
1320 [39-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
12681321 CipherString = DEFAULT
12691322 Groups = X25519
12701323 SignatureAlgorithms = ECDSA+SHA256:ed25519
12711324 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
12721325 VerifyMode = Peer
12731326
1274 [test-37]
1327 [test-39]
12751328 ExpectedResult = Success
12761329 ExpectedServerCertType = P-256
12771330 ExpectedServerSignType = EC
12791332
12801333 # ===========================================================
12811334
1282 [38-TLS 1.3 Ed448 CipherString and Groups Selection]
1283 ssl_conf = 38-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1284
1285 [38-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1286 server = 38-TLS 1.3 Ed448 CipherString and Groups Selection-server
1287 client = 38-TLS 1.3 Ed448 CipherString and Groups Selection-client
1288
1289 [38-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1290 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1291 CipherString = DEFAULT
1292 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1293 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1294 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1295 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1296 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1297 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1298 MaxProtocol = TLSv1.3
1299 MinProtocol = TLSv1.3
1300 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1301
1302 [38-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1335 [40-TLS 1.3 Ed448 CipherString and Groups Selection]
1336 ssl_conf = 40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1337
1338 [40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1339 server = 40-TLS 1.3 Ed448 CipherString and Groups Selection-server
1340 client = 40-TLS 1.3 Ed448 CipherString and Groups Selection-client
1341
1342 [40-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1343 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1344 CipherString = DEFAULT
1345 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1346 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1347 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1348 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1349 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1350 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1351 MaxProtocol = TLSv1.3
1352 MinProtocol = TLSv1.3
1353 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1354
1355 [40-TLS 1.3 Ed448 CipherString and Groups Selection-client]
13031356 CipherString = DEFAULT
13041357 Groups = X448
13051358 SignatureAlgorithms = ECDSA+SHA256:ed448
13061359 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
13071360 VerifyMode = Peer
13081361
1309 [test-38]
1362 [test-40]
13101363 ExpectedResult = Success
13111364 ExpectedServerCertType = P-256
13121365 ExpectedServerSignType = EC
13141367
13151368 # ===========================================================
13161369
1317 [39-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1318 ssl_conf = 39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1319
1320 [39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1321 server = 39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1322 client = 39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1323
1324 [39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1370 [41-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1371 ssl_conf = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1372
1373 [41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1374 server = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1375 client = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1376
1377 [41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
13251378 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
13261379 CipherString = DEFAULT
13271380 ClientSignatureAlgorithms = PSS+SHA256
13291382 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
13301383 VerifyMode = Require
13311384
1332 [39-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1385 [41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
13331386 CipherString = DEFAULT
13341387 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
13351388 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
13401393 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
13411394 VerifyMode = Peer
13421395
1343 [test-39]
1396 [test-41]
13441397 ExpectedClientCANames = empty
13451398 ExpectedClientCertType = RSA
13461399 ExpectedClientSignHash = SHA256
13501403
13511404 # ===========================================================
13521405
1353 [40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1354 ssl_conf = 40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1355
1356 [40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1357 server = 40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1358 client = 40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1359
1360 [40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1406 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1407 ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1408
1409 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1410 server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1411 client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1412
1413 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
13611414 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
13621415 CipherString = DEFAULT
13631416 ClientSignatureAlgorithms = PSS+SHA256
13661419 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
13671420 VerifyMode = Require
13681421
1369 [40-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1422 [42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
13701423 CipherString = DEFAULT
13711424 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
13721425 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
13771430 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
13781431 VerifyMode = Peer
13791432
1380 [test-40]
1433 [test-42]
13811434 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
13821435 ExpectedClientCertType = RSA
13831436 ExpectedClientSignHash = SHA256
13871440
13881441 # ===========================================================
13891442
1390 [41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1391 ssl_conf = 41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1392
1393 [41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1394 server = 41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1395 client = 41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1396
1397 [41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1443 [43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1444 ssl_conf = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1445
1446 [43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1447 server = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1448 client = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1449
1450 [43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
13981451 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
13991452 CipherString = DEFAULT
14001453 ClientSignatureAlgorithms = ECDSA+SHA256
14021455 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
14031456 VerifyMode = Require
14041457
1405 [41-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1458 [43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
14061459 CipherString = DEFAULT
14071460 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
14081461 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
14131466 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
14141467 VerifyMode = Peer
14151468
1416 [test-41]
1469 [test-43]
14171470 ExpectedClientCertType = P-256
14181471 ExpectedClientSignHash = SHA256
14191472 ExpectedClientSignType = EC
14221475
14231476 # ===========================================================
14241477
1425 [42-TLS 1.3 Ed25519 Client Auth]
1426 ssl_conf = 42-TLS 1.3 Ed25519 Client Auth-ssl
1427
1428 [42-TLS 1.3 Ed25519 Client Auth-ssl]
1429 server = 42-TLS 1.3 Ed25519 Client Auth-server
1430 client = 42-TLS 1.3 Ed25519 Client Auth-client
1431
1432 [42-TLS 1.3 Ed25519 Client Auth-server]
1478 [44-TLS 1.3 Ed25519 Client Auth]
1479 ssl_conf = 44-TLS 1.3 Ed25519 Client Auth-ssl
1480
1481 [44-TLS 1.3 Ed25519 Client Auth-ssl]
1482 server = 44-TLS 1.3 Ed25519 Client Auth-server
1483 client = 44-TLS 1.3 Ed25519 Client Auth-client
1484
1485 [44-TLS 1.3 Ed25519 Client Auth-server]
14331486 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
14341487 CipherString = DEFAULT
14351488 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
14361489 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
14371490 VerifyMode = Require
14381491
1439 [42-TLS 1.3 Ed25519 Client Auth-client]
1492 [44-TLS 1.3 Ed25519 Client Auth-client]
14401493 CipherString = DEFAULT
14411494 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
14421495 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
14451498 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
14461499 VerifyMode = Peer
14471500
1448 [test-42]
1501 [test-44]
14491502 ExpectedClientCertType = Ed25519
14501503 ExpectedClientSignType = Ed25519
14511504 ExpectedResult = Success
14531506
14541507 # ===========================================================
14551508
1456 [43-TLS 1.3 Ed448 Client Auth]
1457 ssl_conf = 43-TLS 1.3 Ed448 Client Auth-ssl
1458
1459 [43-TLS 1.3 Ed448 Client Auth-ssl]
1460 server = 43-TLS 1.3 Ed448 Client Auth-server
1461 client = 43-TLS 1.3 Ed448 Client Auth-client
1462
1463 [43-TLS 1.3 Ed448 Client Auth-server]
1509 [45-TLS 1.3 Ed448 Client Auth]
1510 ssl_conf = 45-TLS 1.3 Ed448 Client Auth-ssl
1511
1512 [45-TLS 1.3 Ed448 Client Auth-ssl]
1513 server = 45-TLS 1.3 Ed448 Client Auth-server
1514 client = 45-TLS 1.3 Ed448 Client Auth-client
1515
1516 [45-TLS 1.3 Ed448 Client Auth-server]
14641517 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
14651518 CipherString = DEFAULT
14661519 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
14671520 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
14681521 VerifyMode = Require
14691522
1470 [43-TLS 1.3 Ed448 Client Auth-client]
1523 [45-TLS 1.3 Ed448 Client Auth-client]
14711524 CipherString = DEFAULT
14721525 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
14731526 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
14761529 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
14771530 VerifyMode = Peer
14781531
1479 [test-43]
1532 [test-45]
14801533 ExpectedClientCertType = Ed448
14811534 ExpectedClientSignType = Ed448
14821535 ExpectedResult = Success
14841537
14851538 # ===========================================================
14861539
1487 [44-TLS 1.2 DSA Certificate Test]
1488 ssl_conf = 44-TLS 1.2 DSA Certificate Test-ssl
1489
1490 [44-TLS 1.2 DSA Certificate Test-ssl]
1491 server = 44-TLS 1.2 DSA Certificate Test-server
1492 client = 44-TLS 1.2 DSA Certificate Test-client
1493
1494 [44-TLS 1.2 DSA Certificate Test-server]
1540 [46-TLS 1.2 DSA Certificate Test]
1541 ssl_conf = 46-TLS 1.2 DSA Certificate Test-ssl
1542
1543 [46-TLS 1.2 DSA Certificate Test-ssl]
1544 server = 46-TLS 1.2 DSA Certificate Test-server
1545 client = 46-TLS 1.2 DSA Certificate Test-client
1546
1547 [46-TLS 1.2 DSA Certificate Test-server]
14951548 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
14961549 CipherString = ALL
14971550 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
15011554 MinProtocol = TLSv1.2
15021555 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
15031556
1504 [44-TLS 1.2 DSA Certificate Test-client]
1557 [46-TLS 1.2 DSA Certificate Test-client]
15051558 CipherString = ALL
15061559 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
15071560 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
15081561 VerifyMode = Peer
15091562
1510 [test-44]
1511 ExpectedResult = Success
1512
1513
1514 # ===========================================================
1515
1516 [45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1517 ssl_conf = 45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1518
1519 [45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1520 server = 45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1521 client = 45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1522
1523 [45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1563 [test-46]
1564 ExpectedResult = Success
1565
1566
1567 # ===========================================================
1568
1569 [47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1570 ssl_conf = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1571
1572 [47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1573 server = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1574 client = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1575
1576 [47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
15241577 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
15251578 CipherString = DEFAULT
15261579 ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
15281581 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
15291582 VerifyMode = Request
15301583
1531 [45-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1532 CipherString = DEFAULT
1533 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1534 VerifyMode = Peer
1535
1536 [test-45]
1584 [47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1585 CipherString = DEFAULT
1586 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1587 VerifyMode = Peer
1588
1589 [test-47]
15371590 ExpectedResult = ServerFail
15381591
15391592
15401593 # ===========================================================
15411594
1542 [46-TLS 1.3 DSA Certificate Test]
1543 ssl_conf = 46-TLS 1.3 DSA Certificate Test-ssl
1544
1545 [46-TLS 1.3 DSA Certificate Test-ssl]
1546 server = 46-TLS 1.3 DSA Certificate Test-server
1547 client = 46-TLS 1.3 DSA Certificate Test-client
1548
1549 [46-TLS 1.3 DSA Certificate Test-server]
1595 [48-TLS 1.3 DSA Certificate Test]
1596 ssl_conf = 48-TLS 1.3 DSA Certificate Test-ssl
1597
1598 [48-TLS 1.3 DSA Certificate Test-ssl]
1599 server = 48-TLS 1.3 DSA Certificate Test-server
1600 client = 48-TLS 1.3 DSA Certificate Test-client
1601
1602 [48-TLS 1.3 DSA Certificate Test-server]
15501603 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
15511604 CipherString = ALL
15521605 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
15551608 MinProtocol = TLSv1.3
15561609 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
15571610
1558 [46-TLS 1.3 DSA Certificate Test-client]
1611 [48-TLS 1.3 DSA Certificate Test-client]
15591612 CipherString = ALL
15601613 SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
15611614 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
15621615 VerifyMode = Peer
15631616
1564 [test-46]
1617 [test-48]
15651618 ExpectedResult = ServerFail
15661619
15671620
+30
-0
test/ssl-tests/20-cert-select.conf.in less more
3535 "PrivateKey" => test_pem("server-pss-key.pem"),
3636 };
3737
38 my $server_rsa_all = {
39 "PSS.Certificate" => test_pem("server-pss-cert.pem"),
40 "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
41 "Certificate" => test_pem("servercert.pem"),
42 "PrivateKey" => test_pem("serverkey.pem"),
43 };
44
3845 our @tests = (
3946 {
4047 name => "ECDSA CipherString Selection",
354361 server => $server_pss_only,
355362 client => {
356363 "SignatureAlgorithms" => "RSA+SHA256",
364 },
365 test => {
366 "ExpectedResult" => "ServerFail"
367 },
368 },
369 {
370 name => "RSA key exchange with all RSA certificate types",
371 server => $server_rsa_all,
372 client => {
373 "CipherString" => "kRSA",
374 "MaxProtocol" => "TLSv1.2",
375 },
376 test => {
377 "ExpectedServerCertType" =>, "RSA",
378 "ExpectedResult" => "Success"
379 },
380 },
381 {
382 name => "RSA key exchange with only RSA-PSS certificate",
383 server => $server_pss_only,
384 client => {
385 "CipherString" => "kRSA",
386 "MaxProtocol" => "TLSv1.2",
357387 },
358388 test => {
359389 "ExpectedResult" => "ServerFail"