xref: /freebsd/crypto/openssl/test/ssl-tests/04-client_auth.cnf (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 36
4
5test-0 = 0-server-auth-flex
6test-1 = 1-client-auth-flex-request
7test-2 = 2-client-auth-flex-require-fail
8test-3 = 3-client-auth-flex-require
9test-4 = 4-client-auth-flex-require-non-empty-names
10test-5 = 5-client-auth-flex-noroot
11test-6 = 6-server-auth-TLSv1
12test-7 = 7-client-auth-TLSv1-request
13test-8 = 8-client-auth-TLSv1-require-fail
14test-9 = 9-client-auth-TLSv1-require
15test-10 = 10-client-auth-TLSv1-require-non-empty-names
16test-11 = 11-client-auth-TLSv1-noroot
17test-12 = 12-server-auth-TLSv1.1
18test-13 = 13-client-auth-TLSv1.1-request
19test-14 = 14-client-auth-TLSv1.1-require-fail
20test-15 = 15-client-auth-TLSv1.1-require
21test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
22test-17 = 17-client-auth-TLSv1.1-noroot
23test-18 = 18-server-auth-TLSv1.2
24test-19 = 19-client-auth-TLSv1.2-request
25test-20 = 20-client-auth-TLSv1.2-require-fail
26test-21 = 21-client-auth-TLSv1.2-require
27test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
28test-23 = 23-client-auth-TLSv1.2-noroot
29test-24 = 24-server-auth-DTLSv1
30test-25 = 25-client-auth-DTLSv1-request
31test-26 = 26-client-auth-DTLSv1-require-fail
32test-27 = 27-client-auth-DTLSv1-require
33test-28 = 28-client-auth-DTLSv1-require-non-empty-names
34test-29 = 29-client-auth-DTLSv1-noroot
35test-30 = 30-server-auth-DTLSv1.2
36test-31 = 31-client-auth-DTLSv1.2-request
37test-32 = 32-client-auth-DTLSv1.2-require-fail
38test-33 = 33-client-auth-DTLSv1.2-require
39test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
40test-35 = 35-client-auth-DTLSv1.2-noroot
41# ===========================================================
42
43[0-server-auth-flex]
44ssl_conf = 0-server-auth-flex-ssl
45
46[0-server-auth-flex-ssl]
47server = 0-server-auth-flex-server
48client = 0-server-auth-flex-client
49
50[0-server-auth-flex-server]
51Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
52CipherString = DEFAULT:@SECLEVEL=0
53PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
54
55[0-server-auth-flex-client]
56CipherString = DEFAULT:@SECLEVEL=0
57VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
58VerifyMode = Peer
59
60[test-0]
61ExpectedResult = Success
62
63
64# ===========================================================
65
66[1-client-auth-flex-request]
67ssl_conf = 1-client-auth-flex-request-ssl
68
69[1-client-auth-flex-request-ssl]
70server = 1-client-auth-flex-request-server
71client = 1-client-auth-flex-request-client
72
73[1-client-auth-flex-request-server]
74Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
75CipherString = DEFAULT:@SECLEVEL=0
76PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
77VerifyMode = Request
78
79[1-client-auth-flex-request-client]
80CipherString = DEFAULT:@SECLEVEL=0
81VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
82VerifyMode = Peer
83
84[test-1]
85ExpectedResult = Success
86
87
88# ===========================================================
89
90[2-client-auth-flex-require-fail]
91ssl_conf = 2-client-auth-flex-require-fail-ssl
92
93[2-client-auth-flex-require-fail-ssl]
94server = 2-client-auth-flex-require-fail-server
95client = 2-client-auth-flex-require-fail-client
96
97[2-client-auth-flex-require-fail-server]
98Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
99CipherString = DEFAULT:@SECLEVEL=0
100PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
101VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
102VerifyMode = Require
103
104[2-client-auth-flex-require-fail-client]
105CipherString = DEFAULT:@SECLEVEL=0
106VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
107VerifyMode = Peer
108
109[test-2]
110ExpectedResult = ServerFail
111ExpectedServerAlert = CertificateRequired
112
113
114# ===========================================================
115
116[3-client-auth-flex-require]
117ssl_conf = 3-client-auth-flex-require-ssl
118
119[3-client-auth-flex-require-ssl]
120server = 3-client-auth-flex-require-server
121client = 3-client-auth-flex-require-client
122
123[3-client-auth-flex-require-server]
124Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
125CipherString = DEFAULT:@SECLEVEL=0
126PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
127VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
128VerifyMode = Request
129
130[3-client-auth-flex-require-client]
131Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
132CipherString = DEFAULT:@SECLEVEL=0
133PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
134VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
135VerifyMode = Peer
136
137[test-3]
138ExpectedClientCANames = empty
139ExpectedClientCertType = RSA
140ExpectedResult = Success
141
142
143# ===========================================================
144
145[4-client-auth-flex-require-non-empty-names]
146ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
147
148[4-client-auth-flex-require-non-empty-names-ssl]
149server = 4-client-auth-flex-require-non-empty-names-server
150client = 4-client-auth-flex-require-non-empty-names-client
151
152[4-client-auth-flex-require-non-empty-names-server]
153Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
154CipherString = DEFAULT:@SECLEVEL=0
155ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158VerifyMode = Request
159
160[4-client-auth-flex-require-non-empty-names-client]
161Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162CipherString = DEFAULT:@SECLEVEL=0
163PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
164VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
165VerifyMode = Peer
166
167[test-4]
168ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
169ExpectedClientCertType = RSA
170ExpectedResult = Success
171
172
173# ===========================================================
174
175[5-client-auth-flex-noroot]
176ssl_conf = 5-client-auth-flex-noroot-ssl
177
178[5-client-auth-flex-noroot-ssl]
179server = 5-client-auth-flex-noroot-server
180client = 5-client-auth-flex-noroot-client
181
182[5-client-auth-flex-noroot-server]
183Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
184CipherString = DEFAULT:@SECLEVEL=0
185PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
186VerifyMode = Require
187
188[5-client-auth-flex-noroot-client]
189Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
190CipherString = DEFAULT:@SECLEVEL=0
191PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
193VerifyMode = Peer
194
195[test-5]
196ExpectedResult = ServerFail
197ExpectedServerAlert = UnknownCA
198
199
200# ===========================================================
201
202[6-server-auth-TLSv1]
203ssl_conf = 6-server-auth-TLSv1-ssl
204
205[6-server-auth-TLSv1-ssl]
206server = 6-server-auth-TLSv1-server
207client = 6-server-auth-TLSv1-client
208
209[6-server-auth-TLSv1-server]
210Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
211CipherString = DEFAULT:@SECLEVEL=0
212MaxProtocol = TLSv1
213MinProtocol = TLSv1
214PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
215
216[6-server-auth-TLSv1-client]
217CipherString = DEFAULT:@SECLEVEL=0
218MaxProtocol = TLSv1
219MinProtocol = TLSv1
220VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
221VerifyMode = Peer
222
223[test-6]
224ExpectedResult = Success
225
226
227# ===========================================================
228
229[7-client-auth-TLSv1-request]
230ssl_conf = 7-client-auth-TLSv1-request-ssl
231
232[7-client-auth-TLSv1-request-ssl]
233server = 7-client-auth-TLSv1-request-server
234client = 7-client-auth-TLSv1-request-client
235
236[7-client-auth-TLSv1-request-server]
237Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
238CipherString = DEFAULT:@SECLEVEL=0
239MaxProtocol = TLSv1
240MinProtocol = TLSv1
241PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
242VerifyMode = Request
243
244[7-client-auth-TLSv1-request-client]
245CipherString = DEFAULT:@SECLEVEL=0
246MaxProtocol = TLSv1
247MinProtocol = TLSv1
248VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
249VerifyMode = Peer
250
251[test-7]
252ExpectedResult = Success
253
254
255# ===========================================================
256
257[8-client-auth-TLSv1-require-fail]
258ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
259
260[8-client-auth-TLSv1-require-fail-ssl]
261server = 8-client-auth-TLSv1-require-fail-server
262client = 8-client-auth-TLSv1-require-fail-client
263
264[8-client-auth-TLSv1-require-fail-server]
265Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
266CipherString = DEFAULT:@SECLEVEL=0
267MaxProtocol = TLSv1
268MinProtocol = TLSv1
269PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
270VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
271VerifyMode = Require
272
273[8-client-auth-TLSv1-require-fail-client]
274CipherString = DEFAULT:@SECLEVEL=0
275MaxProtocol = TLSv1
276MinProtocol = TLSv1
277VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
278VerifyMode = Peer
279
280[test-8]
281ExpectedResult = ServerFail
282ExpectedServerAlert = HandshakeFailure
283
284
285# ===========================================================
286
287[9-client-auth-TLSv1-require]
288ssl_conf = 9-client-auth-TLSv1-require-ssl
289
290[9-client-auth-TLSv1-require-ssl]
291server = 9-client-auth-TLSv1-require-server
292client = 9-client-auth-TLSv1-require-client
293
294[9-client-auth-TLSv1-require-server]
295Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
296CipherString = DEFAULT:@SECLEVEL=0
297MaxProtocol = TLSv1
298MinProtocol = TLSv1
299PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
300VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
301VerifyMode = Request
302
303[9-client-auth-TLSv1-require-client]
304Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
305CipherString = DEFAULT:@SECLEVEL=0
306MaxProtocol = TLSv1
307MinProtocol = TLSv1
308PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
309VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
310VerifyMode = Peer
311
312[test-9]
313ExpectedClientCANames = empty
314ExpectedClientCertType = RSA
315ExpectedResult = Success
316
317
318# ===========================================================
319
320[10-client-auth-TLSv1-require-non-empty-names]
321ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
322
323[10-client-auth-TLSv1-require-non-empty-names-ssl]
324server = 10-client-auth-TLSv1-require-non-empty-names-server
325client = 10-client-auth-TLSv1-require-non-empty-names-client
326
327[10-client-auth-TLSv1-require-non-empty-names-server]
328Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
329CipherString = DEFAULT:@SECLEVEL=0
330ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
331MaxProtocol = TLSv1
332MinProtocol = TLSv1
333PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
334VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335VerifyMode = Request
336
337[10-client-auth-TLSv1-require-non-empty-names-client]
338Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
339CipherString = DEFAULT:@SECLEVEL=0
340MaxProtocol = TLSv1
341MinProtocol = TLSv1
342PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
343VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
344VerifyMode = Peer
345
346[test-10]
347ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
348ExpectedClientCertType = RSA
349ExpectedResult = Success
350
351
352# ===========================================================
353
354[11-client-auth-TLSv1-noroot]
355ssl_conf = 11-client-auth-TLSv1-noroot-ssl
356
357[11-client-auth-TLSv1-noroot-ssl]
358server = 11-client-auth-TLSv1-noroot-server
359client = 11-client-auth-TLSv1-noroot-client
360
361[11-client-auth-TLSv1-noroot-server]
362Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
363CipherString = DEFAULT:@SECLEVEL=0
364MaxProtocol = TLSv1
365MinProtocol = TLSv1
366PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
367VerifyMode = Require
368
369[11-client-auth-TLSv1-noroot-client]
370Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
371CipherString = DEFAULT:@SECLEVEL=0
372MaxProtocol = TLSv1
373MinProtocol = TLSv1
374PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
375VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
376VerifyMode = Peer
377
378[test-11]
379ExpectedResult = ServerFail
380ExpectedServerAlert = UnknownCA
381
382
383# ===========================================================
384
385[12-server-auth-TLSv1.1]
386ssl_conf = 12-server-auth-TLSv1.1-ssl
387
388[12-server-auth-TLSv1.1-ssl]
389server = 12-server-auth-TLSv1.1-server
390client = 12-server-auth-TLSv1.1-client
391
392[12-server-auth-TLSv1.1-server]
393Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394CipherString = DEFAULT:@SECLEVEL=0
395MaxProtocol = TLSv1.1
396MinProtocol = TLSv1.1
397PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
398
399[12-server-auth-TLSv1.1-client]
400CipherString = DEFAULT:@SECLEVEL=0
401MaxProtocol = TLSv1.1
402MinProtocol = TLSv1.1
403VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
404VerifyMode = Peer
405
406[test-12]
407ExpectedResult = Success
408
409
410# ===========================================================
411
412[13-client-auth-TLSv1.1-request]
413ssl_conf = 13-client-auth-TLSv1.1-request-ssl
414
415[13-client-auth-TLSv1.1-request-ssl]
416server = 13-client-auth-TLSv1.1-request-server
417client = 13-client-auth-TLSv1.1-request-client
418
419[13-client-auth-TLSv1.1-request-server]
420Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421CipherString = DEFAULT:@SECLEVEL=0
422MaxProtocol = TLSv1.1
423MinProtocol = TLSv1.1
424PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
425VerifyMode = Request
426
427[13-client-auth-TLSv1.1-request-client]
428CipherString = DEFAULT:@SECLEVEL=0
429MaxProtocol = TLSv1.1
430MinProtocol = TLSv1.1
431VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
432VerifyMode = Peer
433
434[test-13]
435ExpectedResult = Success
436
437
438# ===========================================================
439
440[14-client-auth-TLSv1.1-require-fail]
441ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
442
443[14-client-auth-TLSv1.1-require-fail-ssl]
444server = 14-client-auth-TLSv1.1-require-fail-server
445client = 14-client-auth-TLSv1.1-require-fail-client
446
447[14-client-auth-TLSv1.1-require-fail-server]
448Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
449CipherString = DEFAULT:@SECLEVEL=0
450MaxProtocol = TLSv1.1
451MinProtocol = TLSv1.1
452PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
453VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
454VerifyMode = Require
455
456[14-client-auth-TLSv1.1-require-fail-client]
457CipherString = DEFAULT:@SECLEVEL=0
458MaxProtocol = TLSv1.1
459MinProtocol = TLSv1.1
460VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
461VerifyMode = Peer
462
463[test-14]
464ExpectedResult = ServerFail
465ExpectedServerAlert = HandshakeFailure
466
467
468# ===========================================================
469
470[15-client-auth-TLSv1.1-require]
471ssl_conf = 15-client-auth-TLSv1.1-require-ssl
472
473[15-client-auth-TLSv1.1-require-ssl]
474server = 15-client-auth-TLSv1.1-require-server
475client = 15-client-auth-TLSv1.1-require-client
476
477[15-client-auth-TLSv1.1-require-server]
478Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
479CipherString = DEFAULT:@SECLEVEL=0
480MaxProtocol = TLSv1.1
481MinProtocol = TLSv1.1
482PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
483VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
484VerifyMode = Request
485
486[15-client-auth-TLSv1.1-require-client]
487Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
488CipherString = DEFAULT:@SECLEVEL=0
489MaxProtocol = TLSv1.1
490MinProtocol = TLSv1.1
491PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
493VerifyMode = Peer
494
495[test-15]
496ExpectedClientCANames = empty
497ExpectedClientCertType = RSA
498ExpectedResult = Success
499
500
501# ===========================================================
502
503[16-client-auth-TLSv1.1-require-non-empty-names]
504ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
505
506[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
507server = 16-client-auth-TLSv1.1-require-non-empty-names-server
508client = 16-client-auth-TLSv1.1-require-non-empty-names-client
509
510[16-client-auth-TLSv1.1-require-non-empty-names-server]
511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512CipherString = DEFAULT:@SECLEVEL=0
513ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
514MaxProtocol = TLSv1.1
515MinProtocol = TLSv1.1
516PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
517VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
518VerifyMode = Request
519
520[16-client-auth-TLSv1.1-require-non-empty-names-client]
521Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
522CipherString = DEFAULT:@SECLEVEL=0
523MaxProtocol = TLSv1.1
524MinProtocol = TLSv1.1
525PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
526VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
527VerifyMode = Peer
528
529[test-16]
530ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
531ExpectedClientCertType = RSA
532ExpectedResult = Success
533
534
535# ===========================================================
536
537[17-client-auth-TLSv1.1-noroot]
538ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
539
540[17-client-auth-TLSv1.1-noroot-ssl]
541server = 17-client-auth-TLSv1.1-noroot-server
542client = 17-client-auth-TLSv1.1-noroot-client
543
544[17-client-auth-TLSv1.1-noroot-server]
545Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
546CipherString = DEFAULT:@SECLEVEL=0
547MaxProtocol = TLSv1.1
548MinProtocol = TLSv1.1
549PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
550VerifyMode = Require
551
552[17-client-auth-TLSv1.1-noroot-client]
553Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
554CipherString = DEFAULT:@SECLEVEL=0
555MaxProtocol = TLSv1.1
556MinProtocol = TLSv1.1
557PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
558VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
559VerifyMode = Peer
560
561[test-17]
562ExpectedResult = ServerFail
563ExpectedServerAlert = UnknownCA
564
565
566# ===========================================================
567
568[18-server-auth-TLSv1.2]
569ssl_conf = 18-server-auth-TLSv1.2-ssl
570
571[18-server-auth-TLSv1.2-ssl]
572server = 18-server-auth-TLSv1.2-server
573client = 18-server-auth-TLSv1.2-client
574
575[18-server-auth-TLSv1.2-server]
576Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577CipherString = DEFAULT:@SECLEVEL=0
578MaxProtocol = TLSv1.2
579MinProtocol = TLSv1.2
580PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
581
582[18-server-auth-TLSv1.2-client]
583CipherString = DEFAULT:@SECLEVEL=0
584MaxProtocol = TLSv1.2
585MinProtocol = TLSv1.2
586VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
587VerifyMode = Peer
588
589[test-18]
590ExpectedResult = Success
591
592
593# ===========================================================
594
595[19-client-auth-TLSv1.2-request]
596ssl_conf = 19-client-auth-TLSv1.2-request-ssl
597
598[19-client-auth-TLSv1.2-request-ssl]
599server = 19-client-auth-TLSv1.2-request-server
600client = 19-client-auth-TLSv1.2-request-client
601
602[19-client-auth-TLSv1.2-request-server]
603Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
604CipherString = DEFAULT:@SECLEVEL=0
605MaxProtocol = TLSv1.2
606MinProtocol = TLSv1.2
607PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
608VerifyMode = Request
609
610[19-client-auth-TLSv1.2-request-client]
611CipherString = DEFAULT:@SECLEVEL=0
612MaxProtocol = TLSv1.2
613MinProtocol = TLSv1.2
614VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
615VerifyMode = Peer
616
617[test-19]
618ExpectedResult = Success
619
620
621# ===========================================================
622
623[20-client-auth-TLSv1.2-require-fail]
624ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
625
626[20-client-auth-TLSv1.2-require-fail-ssl]
627server = 20-client-auth-TLSv1.2-require-fail-server
628client = 20-client-auth-TLSv1.2-require-fail-client
629
630[20-client-auth-TLSv1.2-require-fail-server]
631Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
632CipherString = DEFAULT:@SECLEVEL=0
633MaxProtocol = TLSv1.2
634MinProtocol = TLSv1.2
635PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
636VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
637VerifyMode = Require
638
639[20-client-auth-TLSv1.2-require-fail-client]
640CipherString = DEFAULT:@SECLEVEL=0
641MaxProtocol = TLSv1.2
642MinProtocol = TLSv1.2
643VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
644VerifyMode = Peer
645
646[test-20]
647ExpectedResult = ServerFail
648ExpectedServerAlert = HandshakeFailure
649
650
651# ===========================================================
652
653[21-client-auth-TLSv1.2-require]
654ssl_conf = 21-client-auth-TLSv1.2-require-ssl
655
656[21-client-auth-TLSv1.2-require-ssl]
657server = 21-client-auth-TLSv1.2-require-server
658client = 21-client-auth-TLSv1.2-require-client
659
660[21-client-auth-TLSv1.2-require-server]
661Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
662CipherString = DEFAULT:@SECLEVEL=0
663ClientSignatureAlgorithms = SHA256+RSA
664MaxProtocol = TLSv1.2
665MinProtocol = TLSv1.2
666PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
667VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
668VerifyMode = Request
669
670[21-client-auth-TLSv1.2-require-client]
671Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
672CipherString = DEFAULT:@SECLEVEL=0
673MaxProtocol = TLSv1.2
674MinProtocol = TLSv1.2
675PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
676VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
677VerifyMode = Peer
678
679[test-21]
680ExpectedClientCANames = empty
681ExpectedClientCertType = RSA
682ExpectedClientSignHash = SHA256
683ExpectedClientSignType = RSA
684ExpectedResult = Success
685
686
687# ===========================================================
688
689[22-client-auth-TLSv1.2-require-non-empty-names]
690ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
691
692[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
693server = 22-client-auth-TLSv1.2-require-non-empty-names-server
694client = 22-client-auth-TLSv1.2-require-non-empty-names-client
695
696[22-client-auth-TLSv1.2-require-non-empty-names-server]
697Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
698CipherString = DEFAULT:@SECLEVEL=0
699ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
700ClientSignatureAlgorithms = SHA256+RSA
701MaxProtocol = TLSv1.2
702MinProtocol = TLSv1.2
703PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
704VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
705VerifyMode = Request
706
707[22-client-auth-TLSv1.2-require-non-empty-names-client]
708Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
709CipherString = DEFAULT:@SECLEVEL=0
710MaxProtocol = TLSv1.2
711MinProtocol = TLSv1.2
712PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
713VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
714VerifyMode = Peer
715
716[test-22]
717ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
718ExpectedClientCertType = RSA
719ExpectedClientSignHash = SHA256
720ExpectedClientSignType = RSA
721ExpectedResult = Success
722
723
724# ===========================================================
725
726[23-client-auth-TLSv1.2-noroot]
727ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
728
729[23-client-auth-TLSv1.2-noroot-ssl]
730server = 23-client-auth-TLSv1.2-noroot-server
731client = 23-client-auth-TLSv1.2-noroot-client
732
733[23-client-auth-TLSv1.2-noroot-server]
734Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
735CipherString = DEFAULT:@SECLEVEL=0
736MaxProtocol = TLSv1.2
737MinProtocol = TLSv1.2
738PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
739VerifyMode = Require
740
741[23-client-auth-TLSv1.2-noroot-client]
742Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
743CipherString = DEFAULT:@SECLEVEL=0
744MaxProtocol = TLSv1.2
745MinProtocol = TLSv1.2
746PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
747VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
748VerifyMode = Peer
749
750[test-23]
751ExpectedResult = ServerFail
752ExpectedServerAlert = UnknownCA
753
754
755# ===========================================================
756
757[24-server-auth-DTLSv1]
758ssl_conf = 24-server-auth-DTLSv1-ssl
759
760[24-server-auth-DTLSv1-ssl]
761server = 24-server-auth-DTLSv1-server
762client = 24-server-auth-DTLSv1-client
763
764[24-server-auth-DTLSv1-server]
765Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
766CipherString = DEFAULT:@SECLEVEL=0
767MaxProtocol = DTLSv1
768MinProtocol = DTLSv1
769PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
770
771[24-server-auth-DTLSv1-client]
772CipherString = DEFAULT:@SECLEVEL=0
773MaxProtocol = DTLSv1
774MinProtocol = DTLSv1
775VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
776VerifyMode = Peer
777
778[test-24]
779ExpectedResult = Success
780Method = DTLS
781
782
783# ===========================================================
784
785[25-client-auth-DTLSv1-request]
786ssl_conf = 25-client-auth-DTLSv1-request-ssl
787
788[25-client-auth-DTLSv1-request-ssl]
789server = 25-client-auth-DTLSv1-request-server
790client = 25-client-auth-DTLSv1-request-client
791
792[25-client-auth-DTLSv1-request-server]
793Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
794CipherString = DEFAULT:@SECLEVEL=0
795MaxProtocol = DTLSv1
796MinProtocol = DTLSv1
797PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
798VerifyMode = Request
799
800[25-client-auth-DTLSv1-request-client]
801CipherString = DEFAULT:@SECLEVEL=0
802MaxProtocol = DTLSv1
803MinProtocol = DTLSv1
804VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
805VerifyMode = Peer
806
807[test-25]
808ExpectedResult = Success
809Method = DTLS
810
811
812# ===========================================================
813
814[26-client-auth-DTLSv1-require-fail]
815ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
816
817[26-client-auth-DTLSv1-require-fail-ssl]
818server = 26-client-auth-DTLSv1-require-fail-server
819client = 26-client-auth-DTLSv1-require-fail-client
820
821[26-client-auth-DTLSv1-require-fail-server]
822Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
823CipherString = DEFAULT:@SECLEVEL=0
824MaxProtocol = DTLSv1
825MinProtocol = DTLSv1
826PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
827VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
828VerifyMode = Require
829
830[26-client-auth-DTLSv1-require-fail-client]
831CipherString = DEFAULT:@SECLEVEL=0
832MaxProtocol = DTLSv1
833MinProtocol = DTLSv1
834VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
835VerifyMode = Peer
836
837[test-26]
838ExpectedResult = ServerFail
839ExpectedServerAlert = HandshakeFailure
840Method = DTLS
841
842
843# ===========================================================
844
845[27-client-auth-DTLSv1-require]
846ssl_conf = 27-client-auth-DTLSv1-require-ssl
847
848[27-client-auth-DTLSv1-require-ssl]
849server = 27-client-auth-DTLSv1-require-server
850client = 27-client-auth-DTLSv1-require-client
851
852[27-client-auth-DTLSv1-require-server]
853Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
854CipherString = DEFAULT:@SECLEVEL=0
855MaxProtocol = DTLSv1
856MinProtocol = DTLSv1
857PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
858VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
859VerifyMode = Request
860
861[27-client-auth-DTLSv1-require-client]
862Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
863CipherString = DEFAULT:@SECLEVEL=0
864MaxProtocol = DTLSv1
865MinProtocol = DTLSv1
866PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
867VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
868VerifyMode = Peer
869
870[test-27]
871ExpectedClientCANames = empty
872ExpectedClientCertType = RSA
873ExpectedResult = Success
874Method = DTLS
875
876
877# ===========================================================
878
879[28-client-auth-DTLSv1-require-non-empty-names]
880ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
881
882[28-client-auth-DTLSv1-require-non-empty-names-ssl]
883server = 28-client-auth-DTLSv1-require-non-empty-names-server
884client = 28-client-auth-DTLSv1-require-non-empty-names-client
885
886[28-client-auth-DTLSv1-require-non-empty-names-server]
887Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
888CipherString = DEFAULT:@SECLEVEL=0
889ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
890MaxProtocol = DTLSv1
891MinProtocol = DTLSv1
892PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
894VerifyMode = Request
895
896[28-client-auth-DTLSv1-require-non-empty-names-client]
897Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
898CipherString = DEFAULT:@SECLEVEL=0
899MaxProtocol = DTLSv1
900MinProtocol = DTLSv1
901PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
902VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
903VerifyMode = Peer
904
905[test-28]
906ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
907ExpectedClientCertType = RSA
908ExpectedResult = Success
909Method = DTLS
910
911
912# ===========================================================
913
914[29-client-auth-DTLSv1-noroot]
915ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
916
917[29-client-auth-DTLSv1-noroot-ssl]
918server = 29-client-auth-DTLSv1-noroot-server
919client = 29-client-auth-DTLSv1-noroot-client
920
921[29-client-auth-DTLSv1-noroot-server]
922Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
923CipherString = DEFAULT:@SECLEVEL=0
924MaxProtocol = DTLSv1
925MinProtocol = DTLSv1
926PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
927VerifyMode = Require
928
929[29-client-auth-DTLSv1-noroot-client]
930Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
931CipherString = DEFAULT:@SECLEVEL=0
932MaxProtocol = DTLSv1
933MinProtocol = DTLSv1
934PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
935VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
936VerifyMode = Peer
937
938[test-29]
939ExpectedResult = ServerFail
940ExpectedServerAlert = UnknownCA
941Method = DTLS
942
943
944# ===========================================================
945
946[30-server-auth-DTLSv1.2]
947ssl_conf = 30-server-auth-DTLSv1.2-ssl
948
949[30-server-auth-DTLSv1.2-ssl]
950server = 30-server-auth-DTLSv1.2-server
951client = 30-server-auth-DTLSv1.2-client
952
953[30-server-auth-DTLSv1.2-server]
954Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
955CipherString = DEFAULT:@SECLEVEL=0
956MaxProtocol = DTLSv1.2
957MinProtocol = DTLSv1.2
958PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
959
960[30-server-auth-DTLSv1.2-client]
961CipherString = DEFAULT:@SECLEVEL=0
962MaxProtocol = DTLSv1.2
963MinProtocol = DTLSv1.2
964VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
965VerifyMode = Peer
966
967[test-30]
968ExpectedResult = Success
969Method = DTLS
970
971
972# ===========================================================
973
974[31-client-auth-DTLSv1.2-request]
975ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
976
977[31-client-auth-DTLSv1.2-request-ssl]
978server = 31-client-auth-DTLSv1.2-request-server
979client = 31-client-auth-DTLSv1.2-request-client
980
981[31-client-auth-DTLSv1.2-request-server]
982Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
983CipherString = DEFAULT:@SECLEVEL=0
984MaxProtocol = DTLSv1.2
985MinProtocol = DTLSv1.2
986PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
987VerifyMode = Request
988
989[31-client-auth-DTLSv1.2-request-client]
990CipherString = DEFAULT:@SECLEVEL=0
991MaxProtocol = DTLSv1.2
992MinProtocol = DTLSv1.2
993VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
994VerifyMode = Peer
995
996[test-31]
997ExpectedResult = Success
998Method = DTLS
999
1000
1001# ===========================================================
1002
1003[32-client-auth-DTLSv1.2-require-fail]
1004ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
1005
1006[32-client-auth-DTLSv1.2-require-fail-ssl]
1007server = 32-client-auth-DTLSv1.2-require-fail-server
1008client = 32-client-auth-DTLSv1.2-require-fail-client
1009
1010[32-client-auth-DTLSv1.2-require-fail-server]
1011Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1012CipherString = DEFAULT:@SECLEVEL=0
1013MaxProtocol = DTLSv1.2
1014MinProtocol = DTLSv1.2
1015PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1016VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1017VerifyMode = Require
1018
1019[32-client-auth-DTLSv1.2-require-fail-client]
1020CipherString = DEFAULT:@SECLEVEL=0
1021MaxProtocol = DTLSv1.2
1022MinProtocol = DTLSv1.2
1023VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1024VerifyMode = Peer
1025
1026[test-32]
1027ExpectedResult = ServerFail
1028ExpectedServerAlert = HandshakeFailure
1029Method = DTLS
1030
1031
1032# ===========================================================
1033
1034[33-client-auth-DTLSv1.2-require]
1035ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
1036
1037[33-client-auth-DTLSv1.2-require-ssl]
1038server = 33-client-auth-DTLSv1.2-require-server
1039client = 33-client-auth-DTLSv1.2-require-client
1040
1041[33-client-auth-DTLSv1.2-require-server]
1042Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1043CipherString = DEFAULT:@SECLEVEL=0
1044MaxProtocol = DTLSv1.2
1045MinProtocol = DTLSv1.2
1046PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1047VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1048VerifyMode = Request
1049
1050[33-client-auth-DTLSv1.2-require-client]
1051Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1052CipherString = DEFAULT:@SECLEVEL=0
1053MaxProtocol = DTLSv1.2
1054MinProtocol = DTLSv1.2
1055PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1056VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057VerifyMode = Peer
1058
1059[test-33]
1060ExpectedClientCANames = empty
1061ExpectedClientCertType = RSA
1062ExpectedResult = Success
1063Method = DTLS
1064
1065
1066# ===========================================================
1067
1068[34-client-auth-DTLSv1.2-require-non-empty-names]
1069ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
1070
1071[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1072server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
1073client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
1074
1075[34-client-auth-DTLSv1.2-require-non-empty-names-server]
1076Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1077CipherString = DEFAULT:@SECLEVEL=0
1078ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1079MaxProtocol = DTLSv1.2
1080MinProtocol = DTLSv1.2
1081PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1082VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1083VerifyMode = Request
1084
1085[34-client-auth-DTLSv1.2-require-non-empty-names-client]
1086Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1087CipherString = DEFAULT:@SECLEVEL=0
1088MaxProtocol = DTLSv1.2
1089MinProtocol = DTLSv1.2
1090PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1091VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1092VerifyMode = Peer
1093
1094[test-34]
1095ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1096ExpectedClientCertType = RSA
1097ExpectedResult = Success
1098Method = DTLS
1099
1100
1101# ===========================================================
1102
1103[35-client-auth-DTLSv1.2-noroot]
1104ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
1105
1106[35-client-auth-DTLSv1.2-noroot-ssl]
1107server = 35-client-auth-DTLSv1.2-noroot-server
1108client = 35-client-auth-DTLSv1.2-noroot-client
1109
1110[35-client-auth-DTLSv1.2-noroot-server]
1111Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1112CipherString = DEFAULT:@SECLEVEL=0
1113MaxProtocol = DTLSv1.2
1114MinProtocol = DTLSv1.2
1115PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1116VerifyMode = Require
1117
1118[35-client-auth-DTLSv1.2-noroot-client]
1119Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1120CipherString = DEFAULT:@SECLEVEL=0
1121MaxProtocol = DTLSv1.2
1122MinProtocol = DTLSv1.2
1123PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1124VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1125VerifyMode = Peer
1126
1127[test-35]
1128ExpectedResult = ServerFail
1129ExpectedServerAlert = UnknownCA
1130Method = DTLS
1131
1132
1133