1# Generated with generate_ssl_tests.pl 2 3num_tests = 36 4 5test-0 = 0-server-auth-flex 6test-1 = 1-client-auth-flex-request 7test-2 = 2-client-auth-flex-require-fail 8test-3 = 3-client-auth-flex-require 9test-4 = 4-client-auth-flex-require-non-empty-names 10test-5 = 5-client-auth-flex-noroot 11test-6 = 6-server-auth-TLSv1 12test-7 = 7-client-auth-TLSv1-request 13test-8 = 8-client-auth-TLSv1-require-fail 14test-9 = 9-client-auth-TLSv1-require 15test-10 = 10-client-auth-TLSv1-require-non-empty-names 16test-11 = 11-client-auth-TLSv1-noroot 17test-12 = 12-server-auth-TLSv1.1 18test-13 = 13-client-auth-TLSv1.1-request 19test-14 = 14-client-auth-TLSv1.1-require-fail 20test-15 = 15-client-auth-TLSv1.1-require 21test-16 = 16-client-auth-TLSv1.1-require-non-empty-names 22test-17 = 17-client-auth-TLSv1.1-noroot 23test-18 = 18-server-auth-TLSv1.2 24test-19 = 19-client-auth-TLSv1.2-request 25test-20 = 20-client-auth-TLSv1.2-require-fail 26test-21 = 21-client-auth-TLSv1.2-require 27test-22 = 22-client-auth-TLSv1.2-require-non-empty-names 28test-23 = 23-client-auth-TLSv1.2-noroot 29test-24 = 24-server-auth-DTLSv1 30test-25 = 25-client-auth-DTLSv1-request 31test-26 = 26-client-auth-DTLSv1-require-fail 32test-27 = 27-client-auth-DTLSv1-require 33test-28 = 28-client-auth-DTLSv1-require-non-empty-names 34test-29 = 29-client-auth-DTLSv1-noroot 35test-30 = 30-server-auth-DTLSv1.2 36test-31 = 31-client-auth-DTLSv1.2-request 37test-32 = 32-client-auth-DTLSv1.2-require-fail 38test-33 = 33-client-auth-DTLSv1.2-require 39test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names 40test-35 = 35-client-auth-DTLSv1.2-noroot 41# =========================================================== 42 43[0-server-auth-flex] 44ssl_conf = 0-server-auth-flex-ssl 45 46[0-server-auth-flex-ssl] 47server = 0-server-auth-flex-server 48client = 0-server-auth-flex-client 49 50[0-server-auth-flex-server] 51Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 52CipherString = DEFAULT:@SECLEVEL=0 53PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 54 55[0-server-auth-flex-client] 56CipherString = DEFAULT:@SECLEVEL=0 57VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 58VerifyMode = Peer 59 60[test-0] 61ExpectedResult = Success 62 63 64# =========================================================== 65 66[1-client-auth-flex-request] 67ssl_conf = 1-client-auth-flex-request-ssl 68 69[1-client-auth-flex-request-ssl] 70server = 1-client-auth-flex-request-server 71client = 1-client-auth-flex-request-client 72 73[1-client-auth-flex-request-server] 74Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 75CipherString = DEFAULT:@SECLEVEL=0 76PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 77VerifyMode = Request 78 79[1-client-auth-flex-request-client] 80CipherString = DEFAULT:@SECLEVEL=0 81VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 82VerifyMode = Peer 83 84[test-1] 85ExpectedResult = Success 86 87 88# =========================================================== 89 90[2-client-auth-flex-require-fail] 91ssl_conf = 2-client-auth-flex-require-fail-ssl 92 93[2-client-auth-flex-require-fail-ssl] 94server = 2-client-auth-flex-require-fail-server 95client = 2-client-auth-flex-require-fail-client 96 97[2-client-auth-flex-require-fail-server] 98Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 99CipherString = DEFAULT:@SECLEVEL=0 100PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 101VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 102VerifyMode = Require 103 104[2-client-auth-flex-require-fail-client] 105CipherString = DEFAULT:@SECLEVEL=0 106VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 107VerifyMode = Peer 108 109[test-2] 110ExpectedResult = ServerFail 111ExpectedServerAlert = CertificateRequired 112 113 114# =========================================================== 115 116[3-client-auth-flex-require] 117ssl_conf = 3-client-auth-flex-require-ssl 118 119[3-client-auth-flex-require-ssl] 120server = 3-client-auth-flex-require-server 121client = 3-client-auth-flex-require-client 122 123[3-client-auth-flex-require-server] 124Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 125CipherString = DEFAULT:@SECLEVEL=0 126PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 127VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 128VerifyMode = Request 129 130[3-client-auth-flex-require-client] 131Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 132CipherString = DEFAULT:@SECLEVEL=0 133PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 134VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 135VerifyMode = Peer 136 137[test-3] 138ExpectedClientCANames = empty 139ExpectedClientCertType = RSA 140ExpectedResult = Success 141 142 143# =========================================================== 144 145[4-client-auth-flex-require-non-empty-names] 146ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl 147 148[4-client-auth-flex-require-non-empty-names-ssl] 149server = 4-client-auth-flex-require-non-empty-names-server 150client = 4-client-auth-flex-require-non-empty-names-client 151 152[4-client-auth-flex-require-non-empty-names-server] 153Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 154CipherString = DEFAULT:@SECLEVEL=0 155ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158VerifyMode = Request 159 160[4-client-auth-flex-require-non-empty-names-client] 161Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162CipherString = DEFAULT:@SECLEVEL=0 163PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 164VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 165VerifyMode = Peer 166 167[test-4] 168ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 169ExpectedClientCertType = RSA 170ExpectedResult = Success 171 172 173# =========================================================== 174 175[5-client-auth-flex-noroot] 176ssl_conf = 5-client-auth-flex-noroot-ssl 177 178[5-client-auth-flex-noroot-ssl] 179server = 5-client-auth-flex-noroot-server 180client = 5-client-auth-flex-noroot-client 181 182[5-client-auth-flex-noroot-server] 183Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 184CipherString = DEFAULT:@SECLEVEL=0 185PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 186VerifyMode = Require 187 188[5-client-auth-flex-noroot-client] 189Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 190CipherString = DEFAULT:@SECLEVEL=0 191PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 193VerifyMode = Peer 194 195[test-5] 196ExpectedResult = ServerFail 197ExpectedServerAlert = UnknownCA 198 199 200# =========================================================== 201 202[6-server-auth-TLSv1] 203ssl_conf = 6-server-auth-TLSv1-ssl 204 205[6-server-auth-TLSv1-ssl] 206server = 6-server-auth-TLSv1-server 207client = 6-server-auth-TLSv1-client 208 209[6-server-auth-TLSv1-server] 210Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 211CipherString = DEFAULT:@SECLEVEL=0 212MaxProtocol = TLSv1 213MinProtocol = TLSv1 214PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 215 216[6-server-auth-TLSv1-client] 217CipherString = DEFAULT:@SECLEVEL=0 218MaxProtocol = TLSv1 219MinProtocol = TLSv1 220VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 221VerifyMode = Peer 222 223[test-6] 224ExpectedResult = Success 225 226 227# =========================================================== 228 229[7-client-auth-TLSv1-request] 230ssl_conf = 7-client-auth-TLSv1-request-ssl 231 232[7-client-auth-TLSv1-request-ssl] 233server = 7-client-auth-TLSv1-request-server 234client = 7-client-auth-TLSv1-request-client 235 236[7-client-auth-TLSv1-request-server] 237Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 238CipherString = DEFAULT:@SECLEVEL=0 239MaxProtocol = TLSv1 240MinProtocol = TLSv1 241PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 242VerifyMode = Request 243 244[7-client-auth-TLSv1-request-client] 245CipherString = DEFAULT:@SECLEVEL=0 246MaxProtocol = TLSv1 247MinProtocol = TLSv1 248VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 249VerifyMode = Peer 250 251[test-7] 252ExpectedResult = Success 253 254 255# =========================================================== 256 257[8-client-auth-TLSv1-require-fail] 258ssl_conf = 8-client-auth-TLSv1-require-fail-ssl 259 260[8-client-auth-TLSv1-require-fail-ssl] 261server = 8-client-auth-TLSv1-require-fail-server 262client = 8-client-auth-TLSv1-require-fail-client 263 264[8-client-auth-TLSv1-require-fail-server] 265Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 266CipherString = DEFAULT:@SECLEVEL=0 267MaxProtocol = TLSv1 268MinProtocol = TLSv1 269PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 270VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 271VerifyMode = Require 272 273[8-client-auth-TLSv1-require-fail-client] 274CipherString = DEFAULT:@SECLEVEL=0 275MaxProtocol = TLSv1 276MinProtocol = TLSv1 277VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 278VerifyMode = Peer 279 280[test-8] 281ExpectedResult = ServerFail 282ExpectedServerAlert = HandshakeFailure 283 284 285# =========================================================== 286 287[9-client-auth-TLSv1-require] 288ssl_conf = 9-client-auth-TLSv1-require-ssl 289 290[9-client-auth-TLSv1-require-ssl] 291server = 9-client-auth-TLSv1-require-server 292client = 9-client-auth-TLSv1-require-client 293 294[9-client-auth-TLSv1-require-server] 295Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 296CipherString = DEFAULT:@SECLEVEL=0 297MaxProtocol = TLSv1 298MinProtocol = TLSv1 299PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 300VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 301VerifyMode = Request 302 303[9-client-auth-TLSv1-require-client] 304Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 305CipherString = DEFAULT:@SECLEVEL=0 306MaxProtocol = TLSv1 307MinProtocol = TLSv1 308PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 309VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 310VerifyMode = Peer 311 312[test-9] 313ExpectedClientCANames = empty 314ExpectedClientCertType = RSA 315ExpectedResult = Success 316 317 318# =========================================================== 319 320[10-client-auth-TLSv1-require-non-empty-names] 321ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl 322 323[10-client-auth-TLSv1-require-non-empty-names-ssl] 324server = 10-client-auth-TLSv1-require-non-empty-names-server 325client = 10-client-auth-TLSv1-require-non-empty-names-client 326 327[10-client-auth-TLSv1-require-non-empty-names-server] 328Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 329CipherString = DEFAULT:@SECLEVEL=0 330ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 331MaxProtocol = TLSv1 332MinProtocol = TLSv1 333PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 334VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 335VerifyMode = Request 336 337[10-client-auth-TLSv1-require-non-empty-names-client] 338Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 339CipherString = DEFAULT:@SECLEVEL=0 340MaxProtocol = TLSv1 341MinProtocol = TLSv1 342PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 343VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 344VerifyMode = Peer 345 346[test-10] 347ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 348ExpectedClientCertType = RSA 349ExpectedResult = Success 350 351 352# =========================================================== 353 354[11-client-auth-TLSv1-noroot] 355ssl_conf = 11-client-auth-TLSv1-noroot-ssl 356 357[11-client-auth-TLSv1-noroot-ssl] 358server = 11-client-auth-TLSv1-noroot-server 359client = 11-client-auth-TLSv1-noroot-client 360 361[11-client-auth-TLSv1-noroot-server] 362Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 363CipherString = DEFAULT:@SECLEVEL=0 364MaxProtocol = TLSv1 365MinProtocol = TLSv1 366PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 367VerifyMode = Require 368 369[11-client-auth-TLSv1-noroot-client] 370Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 371CipherString = DEFAULT:@SECLEVEL=0 372MaxProtocol = TLSv1 373MinProtocol = TLSv1 374PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 375VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 376VerifyMode = Peer 377 378[test-11] 379ExpectedResult = ServerFail 380ExpectedServerAlert = UnknownCA 381 382 383# =========================================================== 384 385[12-server-auth-TLSv1.1] 386ssl_conf = 12-server-auth-TLSv1.1-ssl 387 388[12-server-auth-TLSv1.1-ssl] 389server = 12-server-auth-TLSv1.1-server 390client = 12-server-auth-TLSv1.1-client 391 392[12-server-auth-TLSv1.1-server] 393Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 394CipherString = DEFAULT:@SECLEVEL=0 395MaxProtocol = TLSv1.1 396MinProtocol = TLSv1.1 397PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 398 399[12-server-auth-TLSv1.1-client] 400CipherString = DEFAULT:@SECLEVEL=0 401MaxProtocol = TLSv1.1 402MinProtocol = TLSv1.1 403VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 404VerifyMode = Peer 405 406[test-12] 407ExpectedResult = Success 408 409 410# =========================================================== 411 412[13-client-auth-TLSv1.1-request] 413ssl_conf = 13-client-auth-TLSv1.1-request-ssl 414 415[13-client-auth-TLSv1.1-request-ssl] 416server = 13-client-auth-TLSv1.1-request-server 417client = 13-client-auth-TLSv1.1-request-client 418 419[13-client-auth-TLSv1.1-request-server] 420Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 421CipherString = DEFAULT:@SECLEVEL=0 422MaxProtocol = TLSv1.1 423MinProtocol = TLSv1.1 424PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 425VerifyMode = Request 426 427[13-client-auth-TLSv1.1-request-client] 428CipherString = DEFAULT:@SECLEVEL=0 429MaxProtocol = TLSv1.1 430MinProtocol = TLSv1.1 431VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 432VerifyMode = Peer 433 434[test-13] 435ExpectedResult = Success 436 437 438# =========================================================== 439 440[14-client-auth-TLSv1.1-require-fail] 441ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl 442 443[14-client-auth-TLSv1.1-require-fail-ssl] 444server = 14-client-auth-TLSv1.1-require-fail-server 445client = 14-client-auth-TLSv1.1-require-fail-client 446 447[14-client-auth-TLSv1.1-require-fail-server] 448Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 449CipherString = DEFAULT:@SECLEVEL=0 450MaxProtocol = TLSv1.1 451MinProtocol = TLSv1.1 452PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 453VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 454VerifyMode = Require 455 456[14-client-auth-TLSv1.1-require-fail-client] 457CipherString = DEFAULT:@SECLEVEL=0 458MaxProtocol = TLSv1.1 459MinProtocol = TLSv1.1 460VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 461VerifyMode = Peer 462 463[test-14] 464ExpectedResult = ServerFail 465ExpectedServerAlert = HandshakeFailure 466 467 468# =========================================================== 469 470[15-client-auth-TLSv1.1-require] 471ssl_conf = 15-client-auth-TLSv1.1-require-ssl 472 473[15-client-auth-TLSv1.1-require-ssl] 474server = 15-client-auth-TLSv1.1-require-server 475client = 15-client-auth-TLSv1.1-require-client 476 477[15-client-auth-TLSv1.1-require-server] 478Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 479CipherString = DEFAULT:@SECLEVEL=0 480MaxProtocol = TLSv1.1 481MinProtocol = TLSv1.1 482PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 483VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 484VerifyMode = Request 485 486[15-client-auth-TLSv1.1-require-client] 487Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 488CipherString = DEFAULT:@SECLEVEL=0 489MaxProtocol = TLSv1.1 490MinProtocol = TLSv1.1 491PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 493VerifyMode = Peer 494 495[test-15] 496ExpectedClientCANames = empty 497ExpectedClientCertType = RSA 498ExpectedResult = Success 499 500 501# =========================================================== 502 503[16-client-auth-TLSv1.1-require-non-empty-names] 504ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl 505 506[16-client-auth-TLSv1.1-require-non-empty-names-ssl] 507server = 16-client-auth-TLSv1.1-require-non-empty-names-server 508client = 16-client-auth-TLSv1.1-require-non-empty-names-client 509 510[16-client-auth-TLSv1.1-require-non-empty-names-server] 511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 512CipherString = DEFAULT:@SECLEVEL=0 513ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 514MaxProtocol = TLSv1.1 515MinProtocol = TLSv1.1 516PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 517VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 518VerifyMode = Request 519 520[16-client-auth-TLSv1.1-require-non-empty-names-client] 521Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 522CipherString = DEFAULT:@SECLEVEL=0 523MaxProtocol = TLSv1.1 524MinProtocol = TLSv1.1 525PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 526VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 527VerifyMode = Peer 528 529[test-16] 530ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 531ExpectedClientCertType = RSA 532ExpectedResult = Success 533 534 535# =========================================================== 536 537[17-client-auth-TLSv1.1-noroot] 538ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl 539 540[17-client-auth-TLSv1.1-noroot-ssl] 541server = 17-client-auth-TLSv1.1-noroot-server 542client = 17-client-auth-TLSv1.1-noroot-client 543 544[17-client-auth-TLSv1.1-noroot-server] 545Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 546CipherString = DEFAULT:@SECLEVEL=0 547MaxProtocol = TLSv1.1 548MinProtocol = TLSv1.1 549PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 550VerifyMode = Require 551 552[17-client-auth-TLSv1.1-noroot-client] 553Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 554CipherString = DEFAULT:@SECLEVEL=0 555MaxProtocol = TLSv1.1 556MinProtocol = TLSv1.1 557PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 558VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 559VerifyMode = Peer 560 561[test-17] 562ExpectedResult = ServerFail 563ExpectedServerAlert = UnknownCA 564 565 566# =========================================================== 567 568[18-server-auth-TLSv1.2] 569ssl_conf = 18-server-auth-TLSv1.2-ssl 570 571[18-server-auth-TLSv1.2-ssl] 572server = 18-server-auth-TLSv1.2-server 573client = 18-server-auth-TLSv1.2-client 574 575[18-server-auth-TLSv1.2-server] 576Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 577CipherString = DEFAULT:@SECLEVEL=0 578MaxProtocol = TLSv1.2 579MinProtocol = TLSv1.2 580PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 581 582[18-server-auth-TLSv1.2-client] 583CipherString = DEFAULT:@SECLEVEL=0 584MaxProtocol = TLSv1.2 585MinProtocol = TLSv1.2 586VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 587VerifyMode = Peer 588 589[test-18] 590ExpectedResult = Success 591 592 593# =========================================================== 594 595[19-client-auth-TLSv1.2-request] 596ssl_conf = 19-client-auth-TLSv1.2-request-ssl 597 598[19-client-auth-TLSv1.2-request-ssl] 599server = 19-client-auth-TLSv1.2-request-server 600client = 19-client-auth-TLSv1.2-request-client 601 602[19-client-auth-TLSv1.2-request-server] 603Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 604CipherString = DEFAULT:@SECLEVEL=0 605MaxProtocol = TLSv1.2 606MinProtocol = TLSv1.2 607PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 608VerifyMode = Request 609 610[19-client-auth-TLSv1.2-request-client] 611CipherString = DEFAULT:@SECLEVEL=0 612MaxProtocol = TLSv1.2 613MinProtocol = TLSv1.2 614VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 615VerifyMode = Peer 616 617[test-19] 618ExpectedResult = Success 619 620 621# =========================================================== 622 623[20-client-auth-TLSv1.2-require-fail] 624ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl 625 626[20-client-auth-TLSv1.2-require-fail-ssl] 627server = 20-client-auth-TLSv1.2-require-fail-server 628client = 20-client-auth-TLSv1.2-require-fail-client 629 630[20-client-auth-TLSv1.2-require-fail-server] 631Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 632CipherString = DEFAULT:@SECLEVEL=0 633MaxProtocol = TLSv1.2 634MinProtocol = TLSv1.2 635PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 636VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 637VerifyMode = Require 638 639[20-client-auth-TLSv1.2-require-fail-client] 640CipherString = DEFAULT:@SECLEVEL=0 641MaxProtocol = TLSv1.2 642MinProtocol = TLSv1.2 643VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 644VerifyMode = Peer 645 646[test-20] 647ExpectedResult = ServerFail 648ExpectedServerAlert = HandshakeFailure 649 650 651# =========================================================== 652 653[21-client-auth-TLSv1.2-require] 654ssl_conf = 21-client-auth-TLSv1.2-require-ssl 655 656[21-client-auth-TLSv1.2-require-ssl] 657server = 21-client-auth-TLSv1.2-require-server 658client = 21-client-auth-TLSv1.2-require-client 659 660[21-client-auth-TLSv1.2-require-server] 661Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 662CipherString = DEFAULT:@SECLEVEL=0 663ClientSignatureAlgorithms = SHA256+RSA 664MaxProtocol = TLSv1.2 665MinProtocol = TLSv1.2 666PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 667VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 668VerifyMode = Request 669 670[21-client-auth-TLSv1.2-require-client] 671Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 672CipherString = DEFAULT:@SECLEVEL=0 673MaxProtocol = TLSv1.2 674MinProtocol = TLSv1.2 675PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 676VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 677VerifyMode = Peer 678 679[test-21] 680ExpectedClientCANames = empty 681ExpectedClientCertType = RSA 682ExpectedClientSignHash = SHA256 683ExpectedClientSignType = RSA 684ExpectedResult = Success 685 686 687# =========================================================== 688 689[22-client-auth-TLSv1.2-require-non-empty-names] 690ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl 691 692[22-client-auth-TLSv1.2-require-non-empty-names-ssl] 693server = 22-client-auth-TLSv1.2-require-non-empty-names-server 694client = 22-client-auth-TLSv1.2-require-non-empty-names-client 695 696[22-client-auth-TLSv1.2-require-non-empty-names-server] 697Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 698CipherString = DEFAULT:@SECLEVEL=0 699ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 700ClientSignatureAlgorithms = SHA256+RSA 701MaxProtocol = TLSv1.2 702MinProtocol = TLSv1.2 703PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 704VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 705VerifyMode = Request 706 707[22-client-auth-TLSv1.2-require-non-empty-names-client] 708Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 709CipherString = DEFAULT:@SECLEVEL=0 710MaxProtocol = TLSv1.2 711MinProtocol = TLSv1.2 712PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 713VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 714VerifyMode = Peer 715 716[test-22] 717ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 718ExpectedClientCertType = RSA 719ExpectedClientSignHash = SHA256 720ExpectedClientSignType = RSA 721ExpectedResult = Success 722 723 724# =========================================================== 725 726[23-client-auth-TLSv1.2-noroot] 727ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl 728 729[23-client-auth-TLSv1.2-noroot-ssl] 730server = 23-client-auth-TLSv1.2-noroot-server 731client = 23-client-auth-TLSv1.2-noroot-client 732 733[23-client-auth-TLSv1.2-noroot-server] 734Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 735CipherString = DEFAULT:@SECLEVEL=0 736MaxProtocol = TLSv1.2 737MinProtocol = TLSv1.2 738PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 739VerifyMode = Require 740 741[23-client-auth-TLSv1.2-noroot-client] 742Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 743CipherString = DEFAULT:@SECLEVEL=0 744MaxProtocol = TLSv1.2 745MinProtocol = TLSv1.2 746PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 747VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 748VerifyMode = Peer 749 750[test-23] 751ExpectedResult = ServerFail 752ExpectedServerAlert = UnknownCA 753 754 755# =========================================================== 756 757[24-server-auth-DTLSv1] 758ssl_conf = 24-server-auth-DTLSv1-ssl 759 760[24-server-auth-DTLSv1-ssl] 761server = 24-server-auth-DTLSv1-server 762client = 24-server-auth-DTLSv1-client 763 764[24-server-auth-DTLSv1-server] 765Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 766CipherString = DEFAULT:@SECLEVEL=0 767MaxProtocol = DTLSv1 768MinProtocol = DTLSv1 769PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 770 771[24-server-auth-DTLSv1-client] 772CipherString = DEFAULT:@SECLEVEL=0 773MaxProtocol = DTLSv1 774MinProtocol = DTLSv1 775VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 776VerifyMode = Peer 777 778[test-24] 779ExpectedResult = Success 780Method = DTLS 781 782 783# =========================================================== 784 785[25-client-auth-DTLSv1-request] 786ssl_conf = 25-client-auth-DTLSv1-request-ssl 787 788[25-client-auth-DTLSv1-request-ssl] 789server = 25-client-auth-DTLSv1-request-server 790client = 25-client-auth-DTLSv1-request-client 791 792[25-client-auth-DTLSv1-request-server] 793Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 794CipherString = DEFAULT:@SECLEVEL=0 795MaxProtocol = DTLSv1 796MinProtocol = DTLSv1 797PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 798VerifyMode = Request 799 800[25-client-auth-DTLSv1-request-client] 801CipherString = DEFAULT:@SECLEVEL=0 802MaxProtocol = DTLSv1 803MinProtocol = DTLSv1 804VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 805VerifyMode = Peer 806 807[test-25] 808ExpectedResult = Success 809Method = DTLS 810 811 812# =========================================================== 813 814[26-client-auth-DTLSv1-require-fail] 815ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl 816 817[26-client-auth-DTLSv1-require-fail-ssl] 818server = 26-client-auth-DTLSv1-require-fail-server 819client = 26-client-auth-DTLSv1-require-fail-client 820 821[26-client-auth-DTLSv1-require-fail-server] 822Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 823CipherString = DEFAULT:@SECLEVEL=0 824MaxProtocol = DTLSv1 825MinProtocol = DTLSv1 826PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 827VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 828VerifyMode = Require 829 830[26-client-auth-DTLSv1-require-fail-client] 831CipherString = DEFAULT:@SECLEVEL=0 832MaxProtocol = DTLSv1 833MinProtocol = DTLSv1 834VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 835VerifyMode = Peer 836 837[test-26] 838ExpectedResult = ServerFail 839ExpectedServerAlert = HandshakeFailure 840Method = DTLS 841 842 843# =========================================================== 844 845[27-client-auth-DTLSv1-require] 846ssl_conf = 27-client-auth-DTLSv1-require-ssl 847 848[27-client-auth-DTLSv1-require-ssl] 849server = 27-client-auth-DTLSv1-require-server 850client = 27-client-auth-DTLSv1-require-client 851 852[27-client-auth-DTLSv1-require-server] 853Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 854CipherString = DEFAULT:@SECLEVEL=0 855MaxProtocol = DTLSv1 856MinProtocol = DTLSv1 857PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 858VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 859VerifyMode = Request 860 861[27-client-auth-DTLSv1-require-client] 862Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 863CipherString = DEFAULT:@SECLEVEL=0 864MaxProtocol = DTLSv1 865MinProtocol = DTLSv1 866PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 867VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 868VerifyMode = Peer 869 870[test-27] 871ExpectedClientCANames = empty 872ExpectedClientCertType = RSA 873ExpectedResult = Success 874Method = DTLS 875 876 877# =========================================================== 878 879[28-client-auth-DTLSv1-require-non-empty-names] 880ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl 881 882[28-client-auth-DTLSv1-require-non-empty-names-ssl] 883server = 28-client-auth-DTLSv1-require-non-empty-names-server 884client = 28-client-auth-DTLSv1-require-non-empty-names-client 885 886[28-client-auth-DTLSv1-require-non-empty-names-server] 887Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 888CipherString = DEFAULT:@SECLEVEL=0 889ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 890MaxProtocol = DTLSv1 891MinProtocol = DTLSv1 892PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 893VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 894VerifyMode = Request 895 896[28-client-auth-DTLSv1-require-non-empty-names-client] 897Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 898CipherString = DEFAULT:@SECLEVEL=0 899MaxProtocol = DTLSv1 900MinProtocol = DTLSv1 901PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 902VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 903VerifyMode = Peer 904 905[test-28] 906ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 907ExpectedClientCertType = RSA 908ExpectedResult = Success 909Method = DTLS 910 911 912# =========================================================== 913 914[29-client-auth-DTLSv1-noroot] 915ssl_conf = 29-client-auth-DTLSv1-noroot-ssl 916 917[29-client-auth-DTLSv1-noroot-ssl] 918server = 29-client-auth-DTLSv1-noroot-server 919client = 29-client-auth-DTLSv1-noroot-client 920 921[29-client-auth-DTLSv1-noroot-server] 922Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 923CipherString = DEFAULT:@SECLEVEL=0 924MaxProtocol = DTLSv1 925MinProtocol = DTLSv1 926PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 927VerifyMode = Require 928 929[29-client-auth-DTLSv1-noroot-client] 930Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 931CipherString = DEFAULT:@SECLEVEL=0 932MaxProtocol = DTLSv1 933MinProtocol = DTLSv1 934PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 935VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 936VerifyMode = Peer 937 938[test-29] 939ExpectedResult = ServerFail 940ExpectedServerAlert = UnknownCA 941Method = DTLS 942 943 944# =========================================================== 945 946[30-server-auth-DTLSv1.2] 947ssl_conf = 30-server-auth-DTLSv1.2-ssl 948 949[30-server-auth-DTLSv1.2-ssl] 950server = 30-server-auth-DTLSv1.2-server 951client = 30-server-auth-DTLSv1.2-client 952 953[30-server-auth-DTLSv1.2-server] 954Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 955CipherString = DEFAULT:@SECLEVEL=0 956MaxProtocol = DTLSv1.2 957MinProtocol = DTLSv1.2 958PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 959 960[30-server-auth-DTLSv1.2-client] 961CipherString = DEFAULT:@SECLEVEL=0 962MaxProtocol = DTLSv1.2 963MinProtocol = DTLSv1.2 964VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 965VerifyMode = Peer 966 967[test-30] 968ExpectedResult = Success 969Method = DTLS 970 971 972# =========================================================== 973 974[31-client-auth-DTLSv1.2-request] 975ssl_conf = 31-client-auth-DTLSv1.2-request-ssl 976 977[31-client-auth-DTLSv1.2-request-ssl] 978server = 31-client-auth-DTLSv1.2-request-server 979client = 31-client-auth-DTLSv1.2-request-client 980 981[31-client-auth-DTLSv1.2-request-server] 982Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 983CipherString = DEFAULT:@SECLEVEL=0 984MaxProtocol = DTLSv1.2 985MinProtocol = DTLSv1.2 986PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 987VerifyMode = Request 988 989[31-client-auth-DTLSv1.2-request-client] 990CipherString = DEFAULT:@SECLEVEL=0 991MaxProtocol = DTLSv1.2 992MinProtocol = DTLSv1.2 993VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 994VerifyMode = Peer 995 996[test-31] 997ExpectedResult = Success 998Method = DTLS 999 1000 1001# =========================================================== 1002 1003[32-client-auth-DTLSv1.2-require-fail] 1004ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl 1005 1006[32-client-auth-DTLSv1.2-require-fail-ssl] 1007server = 32-client-auth-DTLSv1.2-require-fail-server 1008client = 32-client-auth-DTLSv1.2-require-fail-client 1009 1010[32-client-auth-DTLSv1.2-require-fail-server] 1011Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1012CipherString = DEFAULT:@SECLEVEL=0 1013MaxProtocol = DTLSv1.2 1014MinProtocol = DTLSv1.2 1015PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1016VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1017VerifyMode = Require 1018 1019[32-client-auth-DTLSv1.2-require-fail-client] 1020CipherString = DEFAULT:@SECLEVEL=0 1021MaxProtocol = DTLSv1.2 1022MinProtocol = DTLSv1.2 1023VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1024VerifyMode = Peer 1025 1026[test-32] 1027ExpectedResult = ServerFail 1028ExpectedServerAlert = HandshakeFailure 1029Method = DTLS 1030 1031 1032# =========================================================== 1033 1034[33-client-auth-DTLSv1.2-require] 1035ssl_conf = 33-client-auth-DTLSv1.2-require-ssl 1036 1037[33-client-auth-DTLSv1.2-require-ssl] 1038server = 33-client-auth-DTLSv1.2-require-server 1039client = 33-client-auth-DTLSv1.2-require-client 1040 1041[33-client-auth-DTLSv1.2-require-server] 1042Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1043CipherString = DEFAULT:@SECLEVEL=0 1044MaxProtocol = DTLSv1.2 1045MinProtocol = DTLSv1.2 1046PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1047VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1048VerifyMode = Request 1049 1050[33-client-auth-DTLSv1.2-require-client] 1051Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1052CipherString = DEFAULT:@SECLEVEL=0 1053MaxProtocol = DTLSv1.2 1054MinProtocol = DTLSv1.2 1055PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1056VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1057VerifyMode = Peer 1058 1059[test-33] 1060ExpectedClientCANames = empty 1061ExpectedClientCertType = RSA 1062ExpectedResult = Success 1063Method = DTLS 1064 1065 1066# =========================================================== 1067 1068[34-client-auth-DTLSv1.2-require-non-empty-names] 1069ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl 1070 1071[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] 1072server = 34-client-auth-DTLSv1.2-require-non-empty-names-server 1073client = 34-client-auth-DTLSv1.2-require-non-empty-names-client 1074 1075[34-client-auth-DTLSv1.2-require-non-empty-names-server] 1076Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1077CipherString = DEFAULT:@SECLEVEL=0 1078ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1079MaxProtocol = DTLSv1.2 1080MinProtocol = DTLSv1.2 1081PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1082VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1083VerifyMode = Request 1084 1085[34-client-auth-DTLSv1.2-require-non-empty-names-client] 1086Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1087CipherString = DEFAULT:@SECLEVEL=0 1088MaxProtocol = DTLSv1.2 1089MinProtocol = DTLSv1.2 1090PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1091VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1092VerifyMode = Peer 1093 1094[test-34] 1095ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1096ExpectedClientCertType = RSA 1097ExpectedResult = Success 1098Method = DTLS 1099 1100 1101# =========================================================== 1102 1103[35-client-auth-DTLSv1.2-noroot] 1104ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl 1105 1106[35-client-auth-DTLSv1.2-noroot-ssl] 1107server = 35-client-auth-DTLSv1.2-noroot-server 1108client = 35-client-auth-DTLSv1.2-noroot-client 1109 1110[35-client-auth-DTLSv1.2-noroot-server] 1111Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1112CipherString = DEFAULT:@SECLEVEL=0 1113MaxProtocol = DTLSv1.2 1114MinProtocol = DTLSv1.2 1115PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1116VerifyMode = Require 1117 1118[35-client-auth-DTLSv1.2-noroot-client] 1119Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1120CipherString = DEFAULT:@SECLEVEL=0 1121MaxProtocol = DTLSv1.2 1122MinProtocol = DTLSv1.2 1123PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1124VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1125VerifyMode = Peer 1126 1127[test-35] 1128ExpectedResult = ServerFail 1129ExpectedServerAlert = UnknownCA 1130Method = DTLS 1131 1132 1133