1*e0c4386eSCy Schubert# Generated with generate_ssl_tests.pl 2*e0c4386eSCy Schubert 3*e0c4386eSCy Schubertnum_tests = 36 4*e0c4386eSCy Schubert 5*e0c4386eSCy Schuberttest-0 = 0-server-auth-flex 6*e0c4386eSCy Schuberttest-1 = 1-client-auth-flex-request 7*e0c4386eSCy Schuberttest-2 = 2-client-auth-flex-require-fail 8*e0c4386eSCy Schuberttest-3 = 3-client-auth-flex-require 9*e0c4386eSCy Schuberttest-4 = 4-client-auth-flex-require-non-empty-names 10*e0c4386eSCy Schuberttest-5 = 5-client-auth-flex-noroot 11*e0c4386eSCy Schuberttest-6 = 6-server-auth-TLSv1 12*e0c4386eSCy Schuberttest-7 = 7-client-auth-TLSv1-request 13*e0c4386eSCy Schuberttest-8 = 8-client-auth-TLSv1-require-fail 14*e0c4386eSCy Schuberttest-9 = 9-client-auth-TLSv1-require 15*e0c4386eSCy Schuberttest-10 = 10-client-auth-TLSv1-require-non-empty-names 16*e0c4386eSCy Schuberttest-11 = 11-client-auth-TLSv1-noroot 17*e0c4386eSCy Schuberttest-12 = 12-server-auth-TLSv1.1 18*e0c4386eSCy Schuberttest-13 = 13-client-auth-TLSv1.1-request 19*e0c4386eSCy Schuberttest-14 = 14-client-auth-TLSv1.1-require-fail 20*e0c4386eSCy Schuberttest-15 = 15-client-auth-TLSv1.1-require 21*e0c4386eSCy Schuberttest-16 = 16-client-auth-TLSv1.1-require-non-empty-names 22*e0c4386eSCy Schuberttest-17 = 17-client-auth-TLSv1.1-noroot 23*e0c4386eSCy Schuberttest-18 = 18-server-auth-TLSv1.2 24*e0c4386eSCy Schuberttest-19 = 19-client-auth-TLSv1.2-request 25*e0c4386eSCy Schuberttest-20 = 20-client-auth-TLSv1.2-require-fail 26*e0c4386eSCy Schuberttest-21 = 21-client-auth-TLSv1.2-require 27*e0c4386eSCy Schuberttest-22 = 22-client-auth-TLSv1.2-require-non-empty-names 28*e0c4386eSCy Schuberttest-23 = 23-client-auth-TLSv1.2-noroot 29*e0c4386eSCy Schuberttest-24 = 24-server-auth-DTLSv1 30*e0c4386eSCy Schuberttest-25 = 25-client-auth-DTLSv1-request 31*e0c4386eSCy Schuberttest-26 = 26-client-auth-DTLSv1-require-fail 32*e0c4386eSCy Schuberttest-27 = 27-client-auth-DTLSv1-require 33*e0c4386eSCy Schuberttest-28 = 28-client-auth-DTLSv1-require-non-empty-names 34*e0c4386eSCy Schuberttest-29 = 29-client-auth-DTLSv1-noroot 35*e0c4386eSCy Schuberttest-30 = 30-server-auth-DTLSv1.2 36*e0c4386eSCy Schuberttest-31 = 31-client-auth-DTLSv1.2-request 37*e0c4386eSCy Schuberttest-32 = 32-client-auth-DTLSv1.2-require-fail 38*e0c4386eSCy Schuberttest-33 = 33-client-auth-DTLSv1.2-require 39*e0c4386eSCy Schuberttest-34 = 34-client-auth-DTLSv1.2-require-non-empty-names 40*e0c4386eSCy Schuberttest-35 = 35-client-auth-DTLSv1.2-noroot 41*e0c4386eSCy Schubert# =========================================================== 42*e0c4386eSCy Schubert 43*e0c4386eSCy Schubert[0-server-auth-flex] 44*e0c4386eSCy Schubertssl_conf = 0-server-auth-flex-ssl 45*e0c4386eSCy Schubert 46*e0c4386eSCy Schubert[0-server-auth-flex-ssl] 47*e0c4386eSCy Schubertserver = 0-server-auth-flex-server 48*e0c4386eSCy Schubertclient = 0-server-auth-flex-client 49*e0c4386eSCy Schubert 50*e0c4386eSCy Schubert[0-server-auth-flex-server] 51*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 52*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 53*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 54*e0c4386eSCy Schubert 55*e0c4386eSCy Schubert[0-server-auth-flex-client] 56*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 57*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 58*e0c4386eSCy SchubertVerifyMode = Peer 59*e0c4386eSCy Schubert 60*e0c4386eSCy Schubert[test-0] 61*e0c4386eSCy SchubertExpectedResult = Success 62*e0c4386eSCy Schubert 63*e0c4386eSCy Schubert 64*e0c4386eSCy Schubert# =========================================================== 65*e0c4386eSCy Schubert 66*e0c4386eSCy Schubert[1-client-auth-flex-request] 67*e0c4386eSCy Schubertssl_conf = 1-client-auth-flex-request-ssl 68*e0c4386eSCy Schubert 69*e0c4386eSCy Schubert[1-client-auth-flex-request-ssl] 70*e0c4386eSCy Schubertserver = 1-client-auth-flex-request-server 71*e0c4386eSCy Schubertclient = 1-client-auth-flex-request-client 72*e0c4386eSCy Schubert 73*e0c4386eSCy Schubert[1-client-auth-flex-request-server] 74*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 75*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 76*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 77*e0c4386eSCy SchubertVerifyMode = Request 78*e0c4386eSCy Schubert 79*e0c4386eSCy Schubert[1-client-auth-flex-request-client] 80*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 81*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 82*e0c4386eSCy SchubertVerifyMode = Peer 83*e0c4386eSCy Schubert 84*e0c4386eSCy Schubert[test-1] 85*e0c4386eSCy SchubertExpectedResult = Success 86*e0c4386eSCy Schubert 87*e0c4386eSCy Schubert 88*e0c4386eSCy Schubert# =========================================================== 89*e0c4386eSCy Schubert 90*e0c4386eSCy Schubert[2-client-auth-flex-require-fail] 91*e0c4386eSCy Schubertssl_conf = 2-client-auth-flex-require-fail-ssl 92*e0c4386eSCy Schubert 93*e0c4386eSCy Schubert[2-client-auth-flex-require-fail-ssl] 94*e0c4386eSCy Schubertserver = 2-client-auth-flex-require-fail-server 95*e0c4386eSCy Schubertclient = 2-client-auth-flex-require-fail-client 96*e0c4386eSCy Schubert 97*e0c4386eSCy Schubert[2-client-auth-flex-require-fail-server] 98*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 99*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 100*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 101*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 102*e0c4386eSCy SchubertVerifyMode = Require 103*e0c4386eSCy Schubert 104*e0c4386eSCy Schubert[2-client-auth-flex-require-fail-client] 105*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 106*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 107*e0c4386eSCy SchubertVerifyMode = Peer 108*e0c4386eSCy Schubert 109*e0c4386eSCy Schubert[test-2] 110*e0c4386eSCy SchubertExpectedResult = ServerFail 111*e0c4386eSCy SchubertExpectedServerAlert = CertificateRequired 112*e0c4386eSCy Schubert 113*e0c4386eSCy Schubert 114*e0c4386eSCy Schubert# =========================================================== 115*e0c4386eSCy Schubert 116*e0c4386eSCy Schubert[3-client-auth-flex-require] 117*e0c4386eSCy Schubertssl_conf = 3-client-auth-flex-require-ssl 118*e0c4386eSCy Schubert 119*e0c4386eSCy Schubert[3-client-auth-flex-require-ssl] 120*e0c4386eSCy Schubertserver = 3-client-auth-flex-require-server 121*e0c4386eSCy Schubertclient = 3-client-auth-flex-require-client 122*e0c4386eSCy Schubert 123*e0c4386eSCy Schubert[3-client-auth-flex-require-server] 124*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 125*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 126*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 127*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 128*e0c4386eSCy SchubertVerifyMode = Request 129*e0c4386eSCy Schubert 130*e0c4386eSCy Schubert[3-client-auth-flex-require-client] 131*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 132*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 133*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 134*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 135*e0c4386eSCy SchubertVerifyMode = Peer 136*e0c4386eSCy Schubert 137*e0c4386eSCy Schubert[test-3] 138*e0c4386eSCy SchubertExpectedClientCANames = empty 139*e0c4386eSCy SchubertExpectedClientCertType = RSA 140*e0c4386eSCy SchubertExpectedResult = Success 141*e0c4386eSCy Schubert 142*e0c4386eSCy Schubert 143*e0c4386eSCy Schubert# =========================================================== 144*e0c4386eSCy Schubert 145*e0c4386eSCy Schubert[4-client-auth-flex-require-non-empty-names] 146*e0c4386eSCy Schubertssl_conf = 4-client-auth-flex-require-non-empty-names-ssl 147*e0c4386eSCy Schubert 148*e0c4386eSCy Schubert[4-client-auth-flex-require-non-empty-names-ssl] 149*e0c4386eSCy Schubertserver = 4-client-auth-flex-require-non-empty-names-server 150*e0c4386eSCy Schubertclient = 4-client-auth-flex-require-non-empty-names-client 151*e0c4386eSCy Schubert 152*e0c4386eSCy Schubert[4-client-auth-flex-require-non-empty-names-server] 153*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 154*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 155*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 156*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158*e0c4386eSCy SchubertVerifyMode = Request 159*e0c4386eSCy Schubert 160*e0c4386eSCy Schubert[4-client-auth-flex-require-non-empty-names-client] 161*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 163*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 164*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 165*e0c4386eSCy SchubertVerifyMode = Peer 166*e0c4386eSCy Schubert 167*e0c4386eSCy Schubert[test-4] 168*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 169*e0c4386eSCy SchubertExpectedClientCertType = RSA 170*e0c4386eSCy SchubertExpectedResult = Success 171*e0c4386eSCy Schubert 172*e0c4386eSCy Schubert 173*e0c4386eSCy Schubert# =========================================================== 174*e0c4386eSCy Schubert 175*e0c4386eSCy Schubert[5-client-auth-flex-noroot] 176*e0c4386eSCy Schubertssl_conf = 5-client-auth-flex-noroot-ssl 177*e0c4386eSCy Schubert 178*e0c4386eSCy Schubert[5-client-auth-flex-noroot-ssl] 179*e0c4386eSCy Schubertserver = 5-client-auth-flex-noroot-server 180*e0c4386eSCy Schubertclient = 5-client-auth-flex-noroot-client 181*e0c4386eSCy Schubert 182*e0c4386eSCy Schubert[5-client-auth-flex-noroot-server] 183*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 184*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 185*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 186*e0c4386eSCy SchubertVerifyMode = Require 187*e0c4386eSCy Schubert 188*e0c4386eSCy Schubert[5-client-auth-flex-noroot-client] 189*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 190*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 191*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 192*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 193*e0c4386eSCy SchubertVerifyMode = Peer 194*e0c4386eSCy Schubert 195*e0c4386eSCy Schubert[test-5] 196*e0c4386eSCy SchubertExpectedResult = ServerFail 197*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 198*e0c4386eSCy Schubert 199*e0c4386eSCy Schubert 200*e0c4386eSCy Schubert# =========================================================== 201*e0c4386eSCy Schubert 202*e0c4386eSCy Schubert[6-server-auth-TLSv1] 203*e0c4386eSCy Schubertssl_conf = 6-server-auth-TLSv1-ssl 204*e0c4386eSCy Schubert 205*e0c4386eSCy Schubert[6-server-auth-TLSv1-ssl] 206*e0c4386eSCy Schubertserver = 6-server-auth-TLSv1-server 207*e0c4386eSCy Schubertclient = 6-server-auth-TLSv1-client 208*e0c4386eSCy Schubert 209*e0c4386eSCy Schubert[6-server-auth-TLSv1-server] 210*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 211*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 212*e0c4386eSCy SchubertMaxProtocol = TLSv1 213*e0c4386eSCy SchubertMinProtocol = TLSv1 214*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 215*e0c4386eSCy Schubert 216*e0c4386eSCy Schubert[6-server-auth-TLSv1-client] 217*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 218*e0c4386eSCy SchubertMaxProtocol = TLSv1 219*e0c4386eSCy SchubertMinProtocol = TLSv1 220*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 221*e0c4386eSCy SchubertVerifyMode = Peer 222*e0c4386eSCy Schubert 223*e0c4386eSCy Schubert[test-6] 224*e0c4386eSCy SchubertExpectedResult = Success 225*e0c4386eSCy Schubert 226*e0c4386eSCy Schubert 227*e0c4386eSCy Schubert# =========================================================== 228*e0c4386eSCy Schubert 229*e0c4386eSCy Schubert[7-client-auth-TLSv1-request] 230*e0c4386eSCy Schubertssl_conf = 7-client-auth-TLSv1-request-ssl 231*e0c4386eSCy Schubert 232*e0c4386eSCy Schubert[7-client-auth-TLSv1-request-ssl] 233*e0c4386eSCy Schubertserver = 7-client-auth-TLSv1-request-server 234*e0c4386eSCy Schubertclient = 7-client-auth-TLSv1-request-client 235*e0c4386eSCy Schubert 236*e0c4386eSCy Schubert[7-client-auth-TLSv1-request-server] 237*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 238*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 239*e0c4386eSCy SchubertMaxProtocol = TLSv1 240*e0c4386eSCy SchubertMinProtocol = TLSv1 241*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 242*e0c4386eSCy SchubertVerifyMode = Request 243*e0c4386eSCy Schubert 244*e0c4386eSCy Schubert[7-client-auth-TLSv1-request-client] 245*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 246*e0c4386eSCy SchubertMaxProtocol = TLSv1 247*e0c4386eSCy SchubertMinProtocol = TLSv1 248*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 249*e0c4386eSCy SchubertVerifyMode = Peer 250*e0c4386eSCy Schubert 251*e0c4386eSCy Schubert[test-7] 252*e0c4386eSCy SchubertExpectedResult = Success 253*e0c4386eSCy Schubert 254*e0c4386eSCy Schubert 255*e0c4386eSCy Schubert# =========================================================== 256*e0c4386eSCy Schubert 257*e0c4386eSCy Schubert[8-client-auth-TLSv1-require-fail] 258*e0c4386eSCy Schubertssl_conf = 8-client-auth-TLSv1-require-fail-ssl 259*e0c4386eSCy Schubert 260*e0c4386eSCy Schubert[8-client-auth-TLSv1-require-fail-ssl] 261*e0c4386eSCy Schubertserver = 8-client-auth-TLSv1-require-fail-server 262*e0c4386eSCy Schubertclient = 8-client-auth-TLSv1-require-fail-client 263*e0c4386eSCy Schubert 264*e0c4386eSCy Schubert[8-client-auth-TLSv1-require-fail-server] 265*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 266*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 267*e0c4386eSCy SchubertMaxProtocol = TLSv1 268*e0c4386eSCy SchubertMinProtocol = TLSv1 269*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 270*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 271*e0c4386eSCy SchubertVerifyMode = Require 272*e0c4386eSCy Schubert 273*e0c4386eSCy Schubert[8-client-auth-TLSv1-require-fail-client] 274*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 275*e0c4386eSCy SchubertMaxProtocol = TLSv1 276*e0c4386eSCy SchubertMinProtocol = TLSv1 277*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 278*e0c4386eSCy SchubertVerifyMode = Peer 279*e0c4386eSCy Schubert 280*e0c4386eSCy Schubert[test-8] 281*e0c4386eSCy SchubertExpectedResult = ServerFail 282*e0c4386eSCy SchubertExpectedServerAlert = HandshakeFailure 283*e0c4386eSCy Schubert 284*e0c4386eSCy Schubert 285*e0c4386eSCy Schubert# =========================================================== 286*e0c4386eSCy Schubert 287*e0c4386eSCy Schubert[9-client-auth-TLSv1-require] 288*e0c4386eSCy Schubertssl_conf = 9-client-auth-TLSv1-require-ssl 289*e0c4386eSCy Schubert 290*e0c4386eSCy Schubert[9-client-auth-TLSv1-require-ssl] 291*e0c4386eSCy Schubertserver = 9-client-auth-TLSv1-require-server 292*e0c4386eSCy Schubertclient = 9-client-auth-TLSv1-require-client 293*e0c4386eSCy Schubert 294*e0c4386eSCy Schubert[9-client-auth-TLSv1-require-server] 295*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 296*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 297*e0c4386eSCy SchubertMaxProtocol = TLSv1 298*e0c4386eSCy SchubertMinProtocol = TLSv1 299*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 300*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 301*e0c4386eSCy SchubertVerifyMode = Request 302*e0c4386eSCy Schubert 303*e0c4386eSCy Schubert[9-client-auth-TLSv1-require-client] 304*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 305*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 306*e0c4386eSCy SchubertMaxProtocol = TLSv1 307*e0c4386eSCy SchubertMinProtocol = TLSv1 308*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 309*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 310*e0c4386eSCy SchubertVerifyMode = Peer 311*e0c4386eSCy Schubert 312*e0c4386eSCy Schubert[test-9] 313*e0c4386eSCy SchubertExpectedClientCANames = empty 314*e0c4386eSCy SchubertExpectedClientCertType = RSA 315*e0c4386eSCy SchubertExpectedResult = Success 316*e0c4386eSCy Schubert 317*e0c4386eSCy Schubert 318*e0c4386eSCy Schubert# =========================================================== 319*e0c4386eSCy Schubert 320*e0c4386eSCy Schubert[10-client-auth-TLSv1-require-non-empty-names] 321*e0c4386eSCy Schubertssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl 322*e0c4386eSCy Schubert 323*e0c4386eSCy Schubert[10-client-auth-TLSv1-require-non-empty-names-ssl] 324*e0c4386eSCy Schubertserver = 10-client-auth-TLSv1-require-non-empty-names-server 325*e0c4386eSCy Schubertclient = 10-client-auth-TLSv1-require-non-empty-names-client 326*e0c4386eSCy Schubert 327*e0c4386eSCy Schubert[10-client-auth-TLSv1-require-non-empty-names-server] 328*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 329*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 330*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 331*e0c4386eSCy SchubertMaxProtocol = TLSv1 332*e0c4386eSCy SchubertMinProtocol = TLSv1 333*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 334*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 335*e0c4386eSCy SchubertVerifyMode = Request 336*e0c4386eSCy Schubert 337*e0c4386eSCy Schubert[10-client-auth-TLSv1-require-non-empty-names-client] 338*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 339*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 340*e0c4386eSCy SchubertMaxProtocol = TLSv1 341*e0c4386eSCy SchubertMinProtocol = TLSv1 342*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 343*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 344*e0c4386eSCy SchubertVerifyMode = Peer 345*e0c4386eSCy Schubert 346*e0c4386eSCy Schubert[test-10] 347*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 348*e0c4386eSCy SchubertExpectedClientCertType = RSA 349*e0c4386eSCy SchubertExpectedResult = Success 350*e0c4386eSCy Schubert 351*e0c4386eSCy Schubert 352*e0c4386eSCy Schubert# =========================================================== 353*e0c4386eSCy Schubert 354*e0c4386eSCy Schubert[11-client-auth-TLSv1-noroot] 355*e0c4386eSCy Schubertssl_conf = 11-client-auth-TLSv1-noroot-ssl 356*e0c4386eSCy Schubert 357*e0c4386eSCy Schubert[11-client-auth-TLSv1-noroot-ssl] 358*e0c4386eSCy Schubertserver = 11-client-auth-TLSv1-noroot-server 359*e0c4386eSCy Schubertclient = 11-client-auth-TLSv1-noroot-client 360*e0c4386eSCy Schubert 361*e0c4386eSCy Schubert[11-client-auth-TLSv1-noroot-server] 362*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 363*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 364*e0c4386eSCy SchubertMaxProtocol = TLSv1 365*e0c4386eSCy SchubertMinProtocol = TLSv1 366*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 367*e0c4386eSCy SchubertVerifyMode = Require 368*e0c4386eSCy Schubert 369*e0c4386eSCy Schubert[11-client-auth-TLSv1-noroot-client] 370*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 371*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 372*e0c4386eSCy SchubertMaxProtocol = TLSv1 373*e0c4386eSCy SchubertMinProtocol = TLSv1 374*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 375*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 376*e0c4386eSCy SchubertVerifyMode = Peer 377*e0c4386eSCy Schubert 378*e0c4386eSCy Schubert[test-11] 379*e0c4386eSCy SchubertExpectedResult = ServerFail 380*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 381*e0c4386eSCy Schubert 382*e0c4386eSCy Schubert 383*e0c4386eSCy Schubert# =========================================================== 384*e0c4386eSCy Schubert 385*e0c4386eSCy Schubert[12-server-auth-TLSv1.1] 386*e0c4386eSCy Schubertssl_conf = 12-server-auth-TLSv1.1-ssl 387*e0c4386eSCy Schubert 388*e0c4386eSCy Schubert[12-server-auth-TLSv1.1-ssl] 389*e0c4386eSCy Schubertserver = 12-server-auth-TLSv1.1-server 390*e0c4386eSCy Schubertclient = 12-server-auth-TLSv1.1-client 391*e0c4386eSCy Schubert 392*e0c4386eSCy Schubert[12-server-auth-TLSv1.1-server] 393*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 394*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 395*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 396*e0c4386eSCy SchubertMinProtocol = TLSv1.1 397*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 398*e0c4386eSCy Schubert 399*e0c4386eSCy Schubert[12-server-auth-TLSv1.1-client] 400*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 401*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 402*e0c4386eSCy SchubertMinProtocol = TLSv1.1 403*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 404*e0c4386eSCy SchubertVerifyMode = Peer 405*e0c4386eSCy Schubert 406*e0c4386eSCy Schubert[test-12] 407*e0c4386eSCy SchubertExpectedResult = Success 408*e0c4386eSCy Schubert 409*e0c4386eSCy Schubert 410*e0c4386eSCy Schubert# =========================================================== 411*e0c4386eSCy Schubert 412*e0c4386eSCy Schubert[13-client-auth-TLSv1.1-request] 413*e0c4386eSCy Schubertssl_conf = 13-client-auth-TLSv1.1-request-ssl 414*e0c4386eSCy Schubert 415*e0c4386eSCy Schubert[13-client-auth-TLSv1.1-request-ssl] 416*e0c4386eSCy Schubertserver = 13-client-auth-TLSv1.1-request-server 417*e0c4386eSCy Schubertclient = 13-client-auth-TLSv1.1-request-client 418*e0c4386eSCy Schubert 419*e0c4386eSCy Schubert[13-client-auth-TLSv1.1-request-server] 420*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 421*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 422*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 423*e0c4386eSCy SchubertMinProtocol = TLSv1.1 424*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 425*e0c4386eSCy SchubertVerifyMode = Request 426*e0c4386eSCy Schubert 427*e0c4386eSCy Schubert[13-client-auth-TLSv1.1-request-client] 428*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 429*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 430*e0c4386eSCy SchubertMinProtocol = TLSv1.1 431*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 432*e0c4386eSCy SchubertVerifyMode = Peer 433*e0c4386eSCy Schubert 434*e0c4386eSCy Schubert[test-13] 435*e0c4386eSCy SchubertExpectedResult = Success 436*e0c4386eSCy Schubert 437*e0c4386eSCy Schubert 438*e0c4386eSCy Schubert# =========================================================== 439*e0c4386eSCy Schubert 440*e0c4386eSCy Schubert[14-client-auth-TLSv1.1-require-fail] 441*e0c4386eSCy Schubertssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl 442*e0c4386eSCy Schubert 443*e0c4386eSCy Schubert[14-client-auth-TLSv1.1-require-fail-ssl] 444*e0c4386eSCy Schubertserver = 14-client-auth-TLSv1.1-require-fail-server 445*e0c4386eSCy Schubertclient = 14-client-auth-TLSv1.1-require-fail-client 446*e0c4386eSCy Schubert 447*e0c4386eSCy Schubert[14-client-auth-TLSv1.1-require-fail-server] 448*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 449*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 450*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 451*e0c4386eSCy SchubertMinProtocol = TLSv1.1 452*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 453*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 454*e0c4386eSCy SchubertVerifyMode = Require 455*e0c4386eSCy Schubert 456*e0c4386eSCy Schubert[14-client-auth-TLSv1.1-require-fail-client] 457*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 458*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 459*e0c4386eSCy SchubertMinProtocol = TLSv1.1 460*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 461*e0c4386eSCy SchubertVerifyMode = Peer 462*e0c4386eSCy Schubert 463*e0c4386eSCy Schubert[test-14] 464*e0c4386eSCy SchubertExpectedResult = ServerFail 465*e0c4386eSCy SchubertExpectedServerAlert = HandshakeFailure 466*e0c4386eSCy Schubert 467*e0c4386eSCy Schubert 468*e0c4386eSCy Schubert# =========================================================== 469*e0c4386eSCy Schubert 470*e0c4386eSCy Schubert[15-client-auth-TLSv1.1-require] 471*e0c4386eSCy Schubertssl_conf = 15-client-auth-TLSv1.1-require-ssl 472*e0c4386eSCy Schubert 473*e0c4386eSCy Schubert[15-client-auth-TLSv1.1-require-ssl] 474*e0c4386eSCy Schubertserver = 15-client-auth-TLSv1.1-require-server 475*e0c4386eSCy Schubertclient = 15-client-auth-TLSv1.1-require-client 476*e0c4386eSCy Schubert 477*e0c4386eSCy Schubert[15-client-auth-TLSv1.1-require-server] 478*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 479*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 480*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 481*e0c4386eSCy SchubertMinProtocol = TLSv1.1 482*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 483*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 484*e0c4386eSCy SchubertVerifyMode = Request 485*e0c4386eSCy Schubert 486*e0c4386eSCy Schubert[15-client-auth-TLSv1.1-require-client] 487*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 488*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 489*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 490*e0c4386eSCy SchubertMinProtocol = TLSv1.1 491*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 492*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 493*e0c4386eSCy SchubertVerifyMode = Peer 494*e0c4386eSCy Schubert 495*e0c4386eSCy Schubert[test-15] 496*e0c4386eSCy SchubertExpectedClientCANames = empty 497*e0c4386eSCy SchubertExpectedClientCertType = RSA 498*e0c4386eSCy SchubertExpectedResult = Success 499*e0c4386eSCy Schubert 500*e0c4386eSCy Schubert 501*e0c4386eSCy Schubert# =========================================================== 502*e0c4386eSCy Schubert 503*e0c4386eSCy Schubert[16-client-auth-TLSv1.1-require-non-empty-names] 504*e0c4386eSCy Schubertssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl 505*e0c4386eSCy Schubert 506*e0c4386eSCy Schubert[16-client-auth-TLSv1.1-require-non-empty-names-ssl] 507*e0c4386eSCy Schubertserver = 16-client-auth-TLSv1.1-require-non-empty-names-server 508*e0c4386eSCy Schubertclient = 16-client-auth-TLSv1.1-require-non-empty-names-client 509*e0c4386eSCy Schubert 510*e0c4386eSCy Schubert[16-client-auth-TLSv1.1-require-non-empty-names-server] 511*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 512*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 513*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 514*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 515*e0c4386eSCy SchubertMinProtocol = TLSv1.1 516*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 517*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 518*e0c4386eSCy SchubertVerifyMode = Request 519*e0c4386eSCy Schubert 520*e0c4386eSCy Schubert[16-client-auth-TLSv1.1-require-non-empty-names-client] 521*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 522*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 523*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 524*e0c4386eSCy SchubertMinProtocol = TLSv1.1 525*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 526*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 527*e0c4386eSCy SchubertVerifyMode = Peer 528*e0c4386eSCy Schubert 529*e0c4386eSCy Schubert[test-16] 530*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 531*e0c4386eSCy SchubertExpectedClientCertType = RSA 532*e0c4386eSCy SchubertExpectedResult = Success 533*e0c4386eSCy Schubert 534*e0c4386eSCy Schubert 535*e0c4386eSCy Schubert# =========================================================== 536*e0c4386eSCy Schubert 537*e0c4386eSCy Schubert[17-client-auth-TLSv1.1-noroot] 538*e0c4386eSCy Schubertssl_conf = 17-client-auth-TLSv1.1-noroot-ssl 539*e0c4386eSCy Schubert 540*e0c4386eSCy Schubert[17-client-auth-TLSv1.1-noroot-ssl] 541*e0c4386eSCy Schubertserver = 17-client-auth-TLSv1.1-noroot-server 542*e0c4386eSCy Schubertclient = 17-client-auth-TLSv1.1-noroot-client 543*e0c4386eSCy Schubert 544*e0c4386eSCy Schubert[17-client-auth-TLSv1.1-noroot-server] 545*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 546*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 547*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 548*e0c4386eSCy SchubertMinProtocol = TLSv1.1 549*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 550*e0c4386eSCy SchubertVerifyMode = Require 551*e0c4386eSCy Schubert 552*e0c4386eSCy Schubert[17-client-auth-TLSv1.1-noroot-client] 553*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 554*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 555*e0c4386eSCy SchubertMaxProtocol = TLSv1.1 556*e0c4386eSCy SchubertMinProtocol = TLSv1.1 557*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 558*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 559*e0c4386eSCy SchubertVerifyMode = Peer 560*e0c4386eSCy Schubert 561*e0c4386eSCy Schubert[test-17] 562*e0c4386eSCy SchubertExpectedResult = ServerFail 563*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 564*e0c4386eSCy Schubert 565*e0c4386eSCy Schubert 566*e0c4386eSCy Schubert# =========================================================== 567*e0c4386eSCy Schubert 568*e0c4386eSCy Schubert[18-server-auth-TLSv1.2] 569*e0c4386eSCy Schubertssl_conf = 18-server-auth-TLSv1.2-ssl 570*e0c4386eSCy Schubert 571*e0c4386eSCy Schubert[18-server-auth-TLSv1.2-ssl] 572*e0c4386eSCy Schubertserver = 18-server-auth-TLSv1.2-server 573*e0c4386eSCy Schubertclient = 18-server-auth-TLSv1.2-client 574*e0c4386eSCy Schubert 575*e0c4386eSCy Schubert[18-server-auth-TLSv1.2-server] 576*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 577*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 578*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 579*e0c4386eSCy SchubertMinProtocol = TLSv1.2 580*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 581*e0c4386eSCy Schubert 582*e0c4386eSCy Schubert[18-server-auth-TLSv1.2-client] 583*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 584*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 585*e0c4386eSCy SchubertMinProtocol = TLSv1.2 586*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 587*e0c4386eSCy SchubertVerifyMode = Peer 588*e0c4386eSCy Schubert 589*e0c4386eSCy Schubert[test-18] 590*e0c4386eSCy SchubertExpectedResult = Success 591*e0c4386eSCy Schubert 592*e0c4386eSCy Schubert 593*e0c4386eSCy Schubert# =========================================================== 594*e0c4386eSCy Schubert 595*e0c4386eSCy Schubert[19-client-auth-TLSv1.2-request] 596*e0c4386eSCy Schubertssl_conf = 19-client-auth-TLSv1.2-request-ssl 597*e0c4386eSCy Schubert 598*e0c4386eSCy Schubert[19-client-auth-TLSv1.2-request-ssl] 599*e0c4386eSCy Schubertserver = 19-client-auth-TLSv1.2-request-server 600*e0c4386eSCy Schubertclient = 19-client-auth-TLSv1.2-request-client 601*e0c4386eSCy Schubert 602*e0c4386eSCy Schubert[19-client-auth-TLSv1.2-request-server] 603*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 604*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 605*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 606*e0c4386eSCy SchubertMinProtocol = TLSv1.2 607*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 608*e0c4386eSCy SchubertVerifyMode = Request 609*e0c4386eSCy Schubert 610*e0c4386eSCy Schubert[19-client-auth-TLSv1.2-request-client] 611*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 612*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 613*e0c4386eSCy SchubertMinProtocol = TLSv1.2 614*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 615*e0c4386eSCy SchubertVerifyMode = Peer 616*e0c4386eSCy Schubert 617*e0c4386eSCy Schubert[test-19] 618*e0c4386eSCy SchubertExpectedResult = Success 619*e0c4386eSCy Schubert 620*e0c4386eSCy Schubert 621*e0c4386eSCy Schubert# =========================================================== 622*e0c4386eSCy Schubert 623*e0c4386eSCy Schubert[20-client-auth-TLSv1.2-require-fail] 624*e0c4386eSCy Schubertssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl 625*e0c4386eSCy Schubert 626*e0c4386eSCy Schubert[20-client-auth-TLSv1.2-require-fail-ssl] 627*e0c4386eSCy Schubertserver = 20-client-auth-TLSv1.2-require-fail-server 628*e0c4386eSCy Schubertclient = 20-client-auth-TLSv1.2-require-fail-client 629*e0c4386eSCy Schubert 630*e0c4386eSCy Schubert[20-client-auth-TLSv1.2-require-fail-server] 631*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 632*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 633*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 634*e0c4386eSCy SchubertMinProtocol = TLSv1.2 635*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 636*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 637*e0c4386eSCy SchubertVerifyMode = Require 638*e0c4386eSCy Schubert 639*e0c4386eSCy Schubert[20-client-auth-TLSv1.2-require-fail-client] 640*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 641*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 642*e0c4386eSCy SchubertMinProtocol = TLSv1.2 643*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 644*e0c4386eSCy SchubertVerifyMode = Peer 645*e0c4386eSCy Schubert 646*e0c4386eSCy Schubert[test-20] 647*e0c4386eSCy SchubertExpectedResult = ServerFail 648*e0c4386eSCy SchubertExpectedServerAlert = HandshakeFailure 649*e0c4386eSCy Schubert 650*e0c4386eSCy Schubert 651*e0c4386eSCy Schubert# =========================================================== 652*e0c4386eSCy Schubert 653*e0c4386eSCy Schubert[21-client-auth-TLSv1.2-require] 654*e0c4386eSCy Schubertssl_conf = 21-client-auth-TLSv1.2-require-ssl 655*e0c4386eSCy Schubert 656*e0c4386eSCy Schubert[21-client-auth-TLSv1.2-require-ssl] 657*e0c4386eSCy Schubertserver = 21-client-auth-TLSv1.2-require-server 658*e0c4386eSCy Schubertclient = 21-client-auth-TLSv1.2-require-client 659*e0c4386eSCy Schubert 660*e0c4386eSCy Schubert[21-client-auth-TLSv1.2-require-server] 661*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 662*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 663*e0c4386eSCy SchubertClientSignatureAlgorithms = SHA256+RSA 664*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 665*e0c4386eSCy SchubertMinProtocol = TLSv1.2 666*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 667*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 668*e0c4386eSCy SchubertVerifyMode = Request 669*e0c4386eSCy Schubert 670*e0c4386eSCy Schubert[21-client-auth-TLSv1.2-require-client] 671*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 672*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 673*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 674*e0c4386eSCy SchubertMinProtocol = TLSv1.2 675*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 676*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 677*e0c4386eSCy SchubertVerifyMode = Peer 678*e0c4386eSCy Schubert 679*e0c4386eSCy Schubert[test-21] 680*e0c4386eSCy SchubertExpectedClientCANames = empty 681*e0c4386eSCy SchubertExpectedClientCertType = RSA 682*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 683*e0c4386eSCy SchubertExpectedClientSignType = RSA 684*e0c4386eSCy SchubertExpectedResult = Success 685*e0c4386eSCy Schubert 686*e0c4386eSCy Schubert 687*e0c4386eSCy Schubert# =========================================================== 688*e0c4386eSCy Schubert 689*e0c4386eSCy Schubert[22-client-auth-TLSv1.2-require-non-empty-names] 690*e0c4386eSCy Schubertssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl 691*e0c4386eSCy Schubert 692*e0c4386eSCy Schubert[22-client-auth-TLSv1.2-require-non-empty-names-ssl] 693*e0c4386eSCy Schubertserver = 22-client-auth-TLSv1.2-require-non-empty-names-server 694*e0c4386eSCy Schubertclient = 22-client-auth-TLSv1.2-require-non-empty-names-client 695*e0c4386eSCy Schubert 696*e0c4386eSCy Schubert[22-client-auth-TLSv1.2-require-non-empty-names-server] 697*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 698*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 699*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 700*e0c4386eSCy SchubertClientSignatureAlgorithms = SHA256+RSA 701*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 702*e0c4386eSCy SchubertMinProtocol = TLSv1.2 703*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 704*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 705*e0c4386eSCy SchubertVerifyMode = Request 706*e0c4386eSCy Schubert 707*e0c4386eSCy Schubert[22-client-auth-TLSv1.2-require-non-empty-names-client] 708*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 709*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 710*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 711*e0c4386eSCy SchubertMinProtocol = TLSv1.2 712*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 713*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 714*e0c4386eSCy SchubertVerifyMode = Peer 715*e0c4386eSCy Schubert 716*e0c4386eSCy Schubert[test-22] 717*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 718*e0c4386eSCy SchubertExpectedClientCertType = RSA 719*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 720*e0c4386eSCy SchubertExpectedClientSignType = RSA 721*e0c4386eSCy SchubertExpectedResult = Success 722*e0c4386eSCy Schubert 723*e0c4386eSCy Schubert 724*e0c4386eSCy Schubert# =========================================================== 725*e0c4386eSCy Schubert 726*e0c4386eSCy Schubert[23-client-auth-TLSv1.2-noroot] 727*e0c4386eSCy Schubertssl_conf = 23-client-auth-TLSv1.2-noroot-ssl 728*e0c4386eSCy Schubert 729*e0c4386eSCy Schubert[23-client-auth-TLSv1.2-noroot-ssl] 730*e0c4386eSCy Schubertserver = 23-client-auth-TLSv1.2-noroot-server 731*e0c4386eSCy Schubertclient = 23-client-auth-TLSv1.2-noroot-client 732*e0c4386eSCy Schubert 733*e0c4386eSCy Schubert[23-client-auth-TLSv1.2-noroot-server] 734*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 735*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 736*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 737*e0c4386eSCy SchubertMinProtocol = TLSv1.2 738*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 739*e0c4386eSCy SchubertVerifyMode = Require 740*e0c4386eSCy Schubert 741*e0c4386eSCy Schubert[23-client-auth-TLSv1.2-noroot-client] 742*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 743*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 744*e0c4386eSCy SchubertMaxProtocol = TLSv1.2 745*e0c4386eSCy SchubertMinProtocol = TLSv1.2 746*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 747*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 748*e0c4386eSCy SchubertVerifyMode = Peer 749*e0c4386eSCy Schubert 750*e0c4386eSCy Schubert[test-23] 751*e0c4386eSCy SchubertExpectedResult = ServerFail 752*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 753*e0c4386eSCy Schubert 754*e0c4386eSCy Schubert 755*e0c4386eSCy Schubert# =========================================================== 756*e0c4386eSCy Schubert 757*e0c4386eSCy Schubert[24-server-auth-DTLSv1] 758*e0c4386eSCy Schubertssl_conf = 24-server-auth-DTLSv1-ssl 759*e0c4386eSCy Schubert 760*e0c4386eSCy Schubert[24-server-auth-DTLSv1-ssl] 761*e0c4386eSCy Schubertserver = 24-server-auth-DTLSv1-server 762*e0c4386eSCy Schubertclient = 24-server-auth-DTLSv1-client 763*e0c4386eSCy Schubert 764*e0c4386eSCy Schubert[24-server-auth-DTLSv1-server] 765*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 766*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 767*e0c4386eSCy SchubertMaxProtocol = DTLSv1 768*e0c4386eSCy SchubertMinProtocol = DTLSv1 769*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 770*e0c4386eSCy Schubert 771*e0c4386eSCy Schubert[24-server-auth-DTLSv1-client] 772*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 773*e0c4386eSCy SchubertMaxProtocol = DTLSv1 774*e0c4386eSCy SchubertMinProtocol = DTLSv1 775*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 776*e0c4386eSCy SchubertVerifyMode = Peer 777*e0c4386eSCy Schubert 778*e0c4386eSCy Schubert[test-24] 779*e0c4386eSCy SchubertExpectedResult = Success 780*e0c4386eSCy SchubertMethod = DTLS 781*e0c4386eSCy Schubert 782*e0c4386eSCy Schubert 783*e0c4386eSCy Schubert# =========================================================== 784*e0c4386eSCy Schubert 785*e0c4386eSCy Schubert[25-client-auth-DTLSv1-request] 786*e0c4386eSCy Schubertssl_conf = 25-client-auth-DTLSv1-request-ssl 787*e0c4386eSCy Schubert 788*e0c4386eSCy Schubert[25-client-auth-DTLSv1-request-ssl] 789*e0c4386eSCy Schubertserver = 25-client-auth-DTLSv1-request-server 790*e0c4386eSCy Schubertclient = 25-client-auth-DTLSv1-request-client 791*e0c4386eSCy Schubert 792*e0c4386eSCy Schubert[25-client-auth-DTLSv1-request-server] 793*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 794*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 795*e0c4386eSCy SchubertMaxProtocol = DTLSv1 796*e0c4386eSCy SchubertMinProtocol = DTLSv1 797*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 798*e0c4386eSCy SchubertVerifyMode = Request 799*e0c4386eSCy Schubert 800*e0c4386eSCy Schubert[25-client-auth-DTLSv1-request-client] 801*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 802*e0c4386eSCy SchubertMaxProtocol = DTLSv1 803*e0c4386eSCy SchubertMinProtocol = DTLSv1 804*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 805*e0c4386eSCy SchubertVerifyMode = Peer 806*e0c4386eSCy Schubert 807*e0c4386eSCy Schubert[test-25] 808*e0c4386eSCy SchubertExpectedResult = Success 809*e0c4386eSCy SchubertMethod = DTLS 810*e0c4386eSCy Schubert 811*e0c4386eSCy Schubert 812*e0c4386eSCy Schubert# =========================================================== 813*e0c4386eSCy Schubert 814*e0c4386eSCy Schubert[26-client-auth-DTLSv1-require-fail] 815*e0c4386eSCy Schubertssl_conf = 26-client-auth-DTLSv1-require-fail-ssl 816*e0c4386eSCy Schubert 817*e0c4386eSCy Schubert[26-client-auth-DTLSv1-require-fail-ssl] 818*e0c4386eSCy Schubertserver = 26-client-auth-DTLSv1-require-fail-server 819*e0c4386eSCy Schubertclient = 26-client-auth-DTLSv1-require-fail-client 820*e0c4386eSCy Schubert 821*e0c4386eSCy Schubert[26-client-auth-DTLSv1-require-fail-server] 822*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 823*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 824*e0c4386eSCy SchubertMaxProtocol = DTLSv1 825*e0c4386eSCy SchubertMinProtocol = DTLSv1 826*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 827*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 828*e0c4386eSCy SchubertVerifyMode = Require 829*e0c4386eSCy Schubert 830*e0c4386eSCy Schubert[26-client-auth-DTLSv1-require-fail-client] 831*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 832*e0c4386eSCy SchubertMaxProtocol = DTLSv1 833*e0c4386eSCy SchubertMinProtocol = DTLSv1 834*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 835*e0c4386eSCy SchubertVerifyMode = Peer 836*e0c4386eSCy Schubert 837*e0c4386eSCy Schubert[test-26] 838*e0c4386eSCy SchubertExpectedResult = ServerFail 839*e0c4386eSCy SchubertExpectedServerAlert = HandshakeFailure 840*e0c4386eSCy SchubertMethod = DTLS 841*e0c4386eSCy Schubert 842*e0c4386eSCy Schubert 843*e0c4386eSCy Schubert# =========================================================== 844*e0c4386eSCy Schubert 845*e0c4386eSCy Schubert[27-client-auth-DTLSv1-require] 846*e0c4386eSCy Schubertssl_conf = 27-client-auth-DTLSv1-require-ssl 847*e0c4386eSCy Schubert 848*e0c4386eSCy Schubert[27-client-auth-DTLSv1-require-ssl] 849*e0c4386eSCy Schubertserver = 27-client-auth-DTLSv1-require-server 850*e0c4386eSCy Schubertclient = 27-client-auth-DTLSv1-require-client 851*e0c4386eSCy Schubert 852*e0c4386eSCy Schubert[27-client-auth-DTLSv1-require-server] 853*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 854*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 855*e0c4386eSCy SchubertMaxProtocol = DTLSv1 856*e0c4386eSCy SchubertMinProtocol = DTLSv1 857*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 858*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 859*e0c4386eSCy SchubertVerifyMode = Request 860*e0c4386eSCy Schubert 861*e0c4386eSCy Schubert[27-client-auth-DTLSv1-require-client] 862*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 863*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 864*e0c4386eSCy SchubertMaxProtocol = DTLSv1 865*e0c4386eSCy SchubertMinProtocol = DTLSv1 866*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 867*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 868*e0c4386eSCy SchubertVerifyMode = Peer 869*e0c4386eSCy Schubert 870*e0c4386eSCy Schubert[test-27] 871*e0c4386eSCy SchubertExpectedClientCANames = empty 872*e0c4386eSCy SchubertExpectedClientCertType = RSA 873*e0c4386eSCy SchubertExpectedResult = Success 874*e0c4386eSCy SchubertMethod = DTLS 875*e0c4386eSCy Schubert 876*e0c4386eSCy Schubert 877*e0c4386eSCy Schubert# =========================================================== 878*e0c4386eSCy Schubert 879*e0c4386eSCy Schubert[28-client-auth-DTLSv1-require-non-empty-names] 880*e0c4386eSCy Schubertssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl 881*e0c4386eSCy Schubert 882*e0c4386eSCy Schubert[28-client-auth-DTLSv1-require-non-empty-names-ssl] 883*e0c4386eSCy Schubertserver = 28-client-auth-DTLSv1-require-non-empty-names-server 884*e0c4386eSCy Schubertclient = 28-client-auth-DTLSv1-require-non-empty-names-client 885*e0c4386eSCy Schubert 886*e0c4386eSCy Schubert[28-client-auth-DTLSv1-require-non-empty-names-server] 887*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 888*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 889*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 890*e0c4386eSCy SchubertMaxProtocol = DTLSv1 891*e0c4386eSCy SchubertMinProtocol = DTLSv1 892*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 893*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 894*e0c4386eSCy SchubertVerifyMode = Request 895*e0c4386eSCy Schubert 896*e0c4386eSCy Schubert[28-client-auth-DTLSv1-require-non-empty-names-client] 897*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 898*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 899*e0c4386eSCy SchubertMaxProtocol = DTLSv1 900*e0c4386eSCy SchubertMinProtocol = DTLSv1 901*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 902*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 903*e0c4386eSCy SchubertVerifyMode = Peer 904*e0c4386eSCy Schubert 905*e0c4386eSCy Schubert[test-28] 906*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 907*e0c4386eSCy SchubertExpectedClientCertType = RSA 908*e0c4386eSCy SchubertExpectedResult = Success 909*e0c4386eSCy SchubertMethod = DTLS 910*e0c4386eSCy Schubert 911*e0c4386eSCy Schubert 912*e0c4386eSCy Schubert# =========================================================== 913*e0c4386eSCy Schubert 914*e0c4386eSCy Schubert[29-client-auth-DTLSv1-noroot] 915*e0c4386eSCy Schubertssl_conf = 29-client-auth-DTLSv1-noroot-ssl 916*e0c4386eSCy Schubert 917*e0c4386eSCy Schubert[29-client-auth-DTLSv1-noroot-ssl] 918*e0c4386eSCy Schubertserver = 29-client-auth-DTLSv1-noroot-server 919*e0c4386eSCy Schubertclient = 29-client-auth-DTLSv1-noroot-client 920*e0c4386eSCy Schubert 921*e0c4386eSCy Schubert[29-client-auth-DTLSv1-noroot-server] 922*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 923*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 924*e0c4386eSCy SchubertMaxProtocol = DTLSv1 925*e0c4386eSCy SchubertMinProtocol = DTLSv1 926*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 927*e0c4386eSCy SchubertVerifyMode = Require 928*e0c4386eSCy Schubert 929*e0c4386eSCy Schubert[29-client-auth-DTLSv1-noroot-client] 930*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 931*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 932*e0c4386eSCy SchubertMaxProtocol = DTLSv1 933*e0c4386eSCy SchubertMinProtocol = DTLSv1 934*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 935*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 936*e0c4386eSCy SchubertVerifyMode = Peer 937*e0c4386eSCy Schubert 938*e0c4386eSCy Schubert[test-29] 939*e0c4386eSCy SchubertExpectedResult = ServerFail 940*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 941*e0c4386eSCy SchubertMethod = DTLS 942*e0c4386eSCy Schubert 943*e0c4386eSCy Schubert 944*e0c4386eSCy Schubert# =========================================================== 945*e0c4386eSCy Schubert 946*e0c4386eSCy Schubert[30-server-auth-DTLSv1.2] 947*e0c4386eSCy Schubertssl_conf = 30-server-auth-DTLSv1.2-ssl 948*e0c4386eSCy Schubert 949*e0c4386eSCy Schubert[30-server-auth-DTLSv1.2-ssl] 950*e0c4386eSCy Schubertserver = 30-server-auth-DTLSv1.2-server 951*e0c4386eSCy Schubertclient = 30-server-auth-DTLSv1.2-client 952*e0c4386eSCy Schubert 953*e0c4386eSCy Schubert[30-server-auth-DTLSv1.2-server] 954*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 955*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 956*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 957*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 958*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 959*e0c4386eSCy Schubert 960*e0c4386eSCy Schubert[30-server-auth-DTLSv1.2-client] 961*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 962*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 963*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 964*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 965*e0c4386eSCy SchubertVerifyMode = Peer 966*e0c4386eSCy Schubert 967*e0c4386eSCy Schubert[test-30] 968*e0c4386eSCy SchubertExpectedResult = Success 969*e0c4386eSCy SchubertMethod = DTLS 970*e0c4386eSCy Schubert 971*e0c4386eSCy Schubert 972*e0c4386eSCy Schubert# =========================================================== 973*e0c4386eSCy Schubert 974*e0c4386eSCy Schubert[31-client-auth-DTLSv1.2-request] 975*e0c4386eSCy Schubertssl_conf = 31-client-auth-DTLSv1.2-request-ssl 976*e0c4386eSCy Schubert 977*e0c4386eSCy Schubert[31-client-auth-DTLSv1.2-request-ssl] 978*e0c4386eSCy Schubertserver = 31-client-auth-DTLSv1.2-request-server 979*e0c4386eSCy Schubertclient = 31-client-auth-DTLSv1.2-request-client 980*e0c4386eSCy Schubert 981*e0c4386eSCy Schubert[31-client-auth-DTLSv1.2-request-server] 982*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 983*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 984*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 985*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 986*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 987*e0c4386eSCy SchubertVerifyMode = Request 988*e0c4386eSCy Schubert 989*e0c4386eSCy Schubert[31-client-auth-DTLSv1.2-request-client] 990*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 991*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 992*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 993*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 994*e0c4386eSCy SchubertVerifyMode = Peer 995*e0c4386eSCy Schubert 996*e0c4386eSCy Schubert[test-31] 997*e0c4386eSCy SchubertExpectedResult = Success 998*e0c4386eSCy SchubertMethod = DTLS 999*e0c4386eSCy Schubert 1000*e0c4386eSCy Schubert 1001*e0c4386eSCy Schubert# =========================================================== 1002*e0c4386eSCy Schubert 1003*e0c4386eSCy Schubert[32-client-auth-DTLSv1.2-require-fail] 1004*e0c4386eSCy Schubertssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl 1005*e0c4386eSCy Schubert 1006*e0c4386eSCy Schubert[32-client-auth-DTLSv1.2-require-fail-ssl] 1007*e0c4386eSCy Schubertserver = 32-client-auth-DTLSv1.2-require-fail-server 1008*e0c4386eSCy Schubertclient = 32-client-auth-DTLSv1.2-require-fail-client 1009*e0c4386eSCy Schubert 1010*e0c4386eSCy Schubert[32-client-auth-DTLSv1.2-require-fail-server] 1011*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1012*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1013*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1014*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1015*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1016*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1017*e0c4386eSCy SchubertVerifyMode = Require 1018*e0c4386eSCy Schubert 1019*e0c4386eSCy Schubert[32-client-auth-DTLSv1.2-require-fail-client] 1020*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1021*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1022*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1023*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1024*e0c4386eSCy SchubertVerifyMode = Peer 1025*e0c4386eSCy Schubert 1026*e0c4386eSCy Schubert[test-32] 1027*e0c4386eSCy SchubertExpectedResult = ServerFail 1028*e0c4386eSCy SchubertExpectedServerAlert = HandshakeFailure 1029*e0c4386eSCy SchubertMethod = DTLS 1030*e0c4386eSCy Schubert 1031*e0c4386eSCy Schubert 1032*e0c4386eSCy Schubert# =========================================================== 1033*e0c4386eSCy Schubert 1034*e0c4386eSCy Schubert[33-client-auth-DTLSv1.2-require] 1035*e0c4386eSCy Schubertssl_conf = 33-client-auth-DTLSv1.2-require-ssl 1036*e0c4386eSCy Schubert 1037*e0c4386eSCy Schubert[33-client-auth-DTLSv1.2-require-ssl] 1038*e0c4386eSCy Schubertserver = 33-client-auth-DTLSv1.2-require-server 1039*e0c4386eSCy Schubertclient = 33-client-auth-DTLSv1.2-require-client 1040*e0c4386eSCy Schubert 1041*e0c4386eSCy Schubert[33-client-auth-DTLSv1.2-require-server] 1042*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1043*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1044*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1045*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1046*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1047*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1048*e0c4386eSCy SchubertVerifyMode = Request 1049*e0c4386eSCy Schubert 1050*e0c4386eSCy Schubert[33-client-auth-DTLSv1.2-require-client] 1051*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1052*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1053*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1054*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1055*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1056*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1057*e0c4386eSCy SchubertVerifyMode = Peer 1058*e0c4386eSCy Schubert 1059*e0c4386eSCy Schubert[test-33] 1060*e0c4386eSCy SchubertExpectedClientCANames = empty 1061*e0c4386eSCy SchubertExpectedClientCertType = RSA 1062*e0c4386eSCy SchubertExpectedResult = Success 1063*e0c4386eSCy SchubertMethod = DTLS 1064*e0c4386eSCy Schubert 1065*e0c4386eSCy Schubert 1066*e0c4386eSCy Schubert# =========================================================== 1067*e0c4386eSCy Schubert 1068*e0c4386eSCy Schubert[34-client-auth-DTLSv1.2-require-non-empty-names] 1069*e0c4386eSCy Schubertssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl 1070*e0c4386eSCy Schubert 1071*e0c4386eSCy Schubert[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] 1072*e0c4386eSCy Schubertserver = 34-client-auth-DTLSv1.2-require-non-empty-names-server 1073*e0c4386eSCy Schubertclient = 34-client-auth-DTLSv1.2-require-non-empty-names-client 1074*e0c4386eSCy Schubert 1075*e0c4386eSCy Schubert[34-client-auth-DTLSv1.2-require-non-empty-names-server] 1076*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1077*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1078*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1079*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1080*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1081*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1082*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1083*e0c4386eSCy SchubertVerifyMode = Request 1084*e0c4386eSCy Schubert 1085*e0c4386eSCy Schubert[34-client-auth-DTLSv1.2-require-non-empty-names-client] 1086*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1087*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1088*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1089*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1090*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1091*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1092*e0c4386eSCy SchubertVerifyMode = Peer 1093*e0c4386eSCy Schubert 1094*e0c4386eSCy Schubert[test-34] 1095*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1096*e0c4386eSCy SchubertExpectedClientCertType = RSA 1097*e0c4386eSCy SchubertExpectedResult = Success 1098*e0c4386eSCy SchubertMethod = DTLS 1099*e0c4386eSCy Schubert 1100*e0c4386eSCy Schubert 1101*e0c4386eSCy Schubert# =========================================================== 1102*e0c4386eSCy Schubert 1103*e0c4386eSCy Schubert[35-client-auth-DTLSv1.2-noroot] 1104*e0c4386eSCy Schubertssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl 1105*e0c4386eSCy Schubert 1106*e0c4386eSCy Schubert[35-client-auth-DTLSv1.2-noroot-ssl] 1107*e0c4386eSCy Schubertserver = 35-client-auth-DTLSv1.2-noroot-server 1108*e0c4386eSCy Schubertclient = 35-client-auth-DTLSv1.2-noroot-client 1109*e0c4386eSCy Schubert 1110*e0c4386eSCy Schubert[35-client-auth-DTLSv1.2-noroot-server] 1111*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1112*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1113*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1114*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1115*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1116*e0c4386eSCy SchubertVerifyMode = Require 1117*e0c4386eSCy Schubert 1118*e0c4386eSCy Schubert[35-client-auth-DTLSv1.2-noroot-client] 1119*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1120*e0c4386eSCy SchubertCipherString = DEFAULT:@SECLEVEL=0 1121*e0c4386eSCy SchubertMaxProtocol = DTLSv1.2 1122*e0c4386eSCy SchubertMinProtocol = DTLSv1.2 1123*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1124*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1125*e0c4386eSCy SchubertVerifyMode = Peer 1126*e0c4386eSCy Schubert 1127*e0c4386eSCy Schubert[test-35] 1128*e0c4386eSCy SchubertExpectedResult = ServerFail 1129*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 1130*e0c4386eSCy SchubertMethod = DTLS 1131*e0c4386eSCy Schubert 1132*e0c4386eSCy Schubert 1133