1*e0c4386eSCy Schubert# Generated with generate_ssl_tests.pl 2*e0c4386eSCy Schubert 3*e0c4386eSCy Schubertnum_tests = 14 4*e0c4386eSCy Schubert 5*e0c4386eSCy Schuberttest-0 = 0-server-auth-TLSv1.3 6*e0c4386eSCy Schuberttest-1 = 1-client-auth-TLSv1.3-request 7*e0c4386eSCy Schuberttest-2 = 2-client-auth-TLSv1.3-require-fail 8*e0c4386eSCy Schuberttest-3 = 3-client-auth-TLSv1.3-require 9*e0c4386eSCy Schuberttest-4 = 4-client-auth-TLSv1.3-require-non-empty-names 10*e0c4386eSCy Schuberttest-5 = 5-client-auth-TLSv1.3-noroot 11*e0c4386eSCy Schuberttest-6 = 6-client-auth-TLSv1.3-request-post-handshake 12*e0c4386eSCy Schuberttest-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake 13*e0c4386eSCy Schuberttest-8 = 8-client-auth-TLSv1.3-require-post-handshake 14*e0c4386eSCy Schuberttest-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake 15*e0c4386eSCy Schuberttest-10 = 10-client-auth-TLSv1.3-noroot-post-handshake 16*e0c4386eSCy Schuberttest-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake 17*e0c4386eSCy Schuberttest-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake 18*e0c4386eSCy Schuberttest-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake 19*e0c4386eSCy Schubert# =========================================================== 20*e0c4386eSCy Schubert 21*e0c4386eSCy Schubert[0-server-auth-TLSv1.3] 22*e0c4386eSCy Schubertssl_conf = 0-server-auth-TLSv1.3-ssl 23*e0c4386eSCy Schubert 24*e0c4386eSCy Schubert[0-server-auth-TLSv1.3-ssl] 25*e0c4386eSCy Schubertserver = 0-server-auth-TLSv1.3-server 26*e0c4386eSCy Schubertclient = 0-server-auth-TLSv1.3-client 27*e0c4386eSCy Schubert 28*e0c4386eSCy Schubert[0-server-auth-TLSv1.3-server] 29*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 30*e0c4386eSCy SchubertCipherString = DEFAULT 31*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 32*e0c4386eSCy SchubertMinProtocol = TLSv1.3 33*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 34*e0c4386eSCy Schubert 35*e0c4386eSCy Schubert[0-server-auth-TLSv1.3-client] 36*e0c4386eSCy SchubertCipherString = DEFAULT 37*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 38*e0c4386eSCy SchubertMinProtocol = TLSv1.3 39*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 40*e0c4386eSCy SchubertVerifyMode = Peer 41*e0c4386eSCy Schubert 42*e0c4386eSCy Schubert[test-0] 43*e0c4386eSCy SchubertExpectedResult = Success 44*e0c4386eSCy Schubert 45*e0c4386eSCy Schubert 46*e0c4386eSCy Schubert# =========================================================== 47*e0c4386eSCy Schubert 48*e0c4386eSCy Schubert[1-client-auth-TLSv1.3-request] 49*e0c4386eSCy Schubertssl_conf = 1-client-auth-TLSv1.3-request-ssl 50*e0c4386eSCy Schubert 51*e0c4386eSCy Schubert[1-client-auth-TLSv1.3-request-ssl] 52*e0c4386eSCy Schubertserver = 1-client-auth-TLSv1.3-request-server 53*e0c4386eSCy Schubertclient = 1-client-auth-TLSv1.3-request-client 54*e0c4386eSCy Schubert 55*e0c4386eSCy Schubert[1-client-auth-TLSv1.3-request-server] 56*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 57*e0c4386eSCy SchubertCipherString = DEFAULT 58*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 59*e0c4386eSCy SchubertMinProtocol = TLSv1.3 60*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 61*e0c4386eSCy SchubertVerifyMode = Request 62*e0c4386eSCy Schubert 63*e0c4386eSCy Schubert[1-client-auth-TLSv1.3-request-client] 64*e0c4386eSCy SchubertCipherString = DEFAULT 65*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 66*e0c4386eSCy SchubertMinProtocol = TLSv1.3 67*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 68*e0c4386eSCy SchubertVerifyMode = Peer 69*e0c4386eSCy Schubert 70*e0c4386eSCy Schubert[test-1] 71*e0c4386eSCy SchubertExpectedResult = Success 72*e0c4386eSCy Schubert 73*e0c4386eSCy Schubert 74*e0c4386eSCy Schubert# =========================================================== 75*e0c4386eSCy Schubert 76*e0c4386eSCy Schubert[2-client-auth-TLSv1.3-require-fail] 77*e0c4386eSCy Schubertssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl 78*e0c4386eSCy Schubert 79*e0c4386eSCy Schubert[2-client-auth-TLSv1.3-require-fail-ssl] 80*e0c4386eSCy Schubertserver = 2-client-auth-TLSv1.3-require-fail-server 81*e0c4386eSCy Schubertclient = 2-client-auth-TLSv1.3-require-fail-client 82*e0c4386eSCy Schubert 83*e0c4386eSCy Schubert[2-client-auth-TLSv1.3-require-fail-server] 84*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 85*e0c4386eSCy SchubertCipherString = DEFAULT 86*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 87*e0c4386eSCy SchubertMinProtocol = TLSv1.3 88*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 89*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 90*e0c4386eSCy SchubertVerifyMode = Require 91*e0c4386eSCy Schubert 92*e0c4386eSCy Schubert[2-client-auth-TLSv1.3-require-fail-client] 93*e0c4386eSCy SchubertCipherString = DEFAULT 94*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 95*e0c4386eSCy SchubertMinProtocol = TLSv1.3 96*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 97*e0c4386eSCy SchubertVerifyMode = Peer 98*e0c4386eSCy Schubert 99*e0c4386eSCy Schubert[test-2] 100*e0c4386eSCy SchubertExpectedResult = ServerFail 101*e0c4386eSCy SchubertExpectedServerAlert = CertificateRequired 102*e0c4386eSCy Schubert 103*e0c4386eSCy Schubert 104*e0c4386eSCy Schubert# =========================================================== 105*e0c4386eSCy Schubert 106*e0c4386eSCy Schubert[3-client-auth-TLSv1.3-require] 107*e0c4386eSCy Schubertssl_conf = 3-client-auth-TLSv1.3-require-ssl 108*e0c4386eSCy Schubert 109*e0c4386eSCy Schubert[3-client-auth-TLSv1.3-require-ssl] 110*e0c4386eSCy Schubertserver = 3-client-auth-TLSv1.3-require-server 111*e0c4386eSCy Schubertclient = 3-client-auth-TLSv1.3-require-client 112*e0c4386eSCy Schubert 113*e0c4386eSCy Schubert[3-client-auth-TLSv1.3-require-server] 114*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 115*e0c4386eSCy SchubertCipherString = DEFAULT 116*e0c4386eSCy SchubertClientSignatureAlgorithms = PSS+SHA256 117*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 118*e0c4386eSCy SchubertMinProtocol = TLSv1.3 119*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 120*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 121*e0c4386eSCy SchubertVerifyMode = Request 122*e0c4386eSCy Schubert 123*e0c4386eSCy Schubert[3-client-auth-TLSv1.3-require-client] 124*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 125*e0c4386eSCy SchubertCipherString = DEFAULT 126*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 127*e0c4386eSCy SchubertMinProtocol = TLSv1.3 128*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 129*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 130*e0c4386eSCy SchubertVerifyMode = Peer 131*e0c4386eSCy Schubert 132*e0c4386eSCy Schubert[test-3] 133*e0c4386eSCy SchubertExpectedClientCANames = empty 134*e0c4386eSCy SchubertExpectedClientCertType = RSA 135*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 136*e0c4386eSCy SchubertExpectedClientSignType = RSA-PSS 137*e0c4386eSCy SchubertExpectedResult = Success 138*e0c4386eSCy Schubert 139*e0c4386eSCy Schubert 140*e0c4386eSCy Schubert# =========================================================== 141*e0c4386eSCy Schubert 142*e0c4386eSCy Schubert[4-client-auth-TLSv1.3-require-non-empty-names] 143*e0c4386eSCy Schubertssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl 144*e0c4386eSCy Schubert 145*e0c4386eSCy Schubert[4-client-auth-TLSv1.3-require-non-empty-names-ssl] 146*e0c4386eSCy Schubertserver = 4-client-auth-TLSv1.3-require-non-empty-names-server 147*e0c4386eSCy Schubertclient = 4-client-auth-TLSv1.3-require-non-empty-names-client 148*e0c4386eSCy Schubert 149*e0c4386eSCy Schubert[4-client-auth-TLSv1.3-require-non-empty-names-server] 150*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 151*e0c4386eSCy SchubertCipherString = DEFAULT 152*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 153*e0c4386eSCy SchubertClientSignatureAlgorithms = PSS+SHA256 154*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 155*e0c4386eSCy SchubertMinProtocol = TLSv1.3 156*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158*e0c4386eSCy SchubertVerifyMode = Request 159*e0c4386eSCy Schubert 160*e0c4386eSCy Schubert[4-client-auth-TLSv1.3-require-non-empty-names-client] 161*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162*e0c4386eSCy SchubertCipherString = DEFAULT 163*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 164*e0c4386eSCy SchubertMinProtocol = TLSv1.3 165*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 166*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 167*e0c4386eSCy SchubertVerifyMode = Peer 168*e0c4386eSCy Schubert 169*e0c4386eSCy Schubert[test-4] 170*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 171*e0c4386eSCy SchubertExpectedClientCertType = RSA 172*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 173*e0c4386eSCy SchubertExpectedClientSignType = RSA-PSS 174*e0c4386eSCy SchubertExpectedResult = Success 175*e0c4386eSCy Schubert 176*e0c4386eSCy Schubert 177*e0c4386eSCy Schubert# =========================================================== 178*e0c4386eSCy Schubert 179*e0c4386eSCy Schubert[5-client-auth-TLSv1.3-noroot] 180*e0c4386eSCy Schubertssl_conf = 5-client-auth-TLSv1.3-noroot-ssl 181*e0c4386eSCy Schubert 182*e0c4386eSCy Schubert[5-client-auth-TLSv1.3-noroot-ssl] 183*e0c4386eSCy Schubertserver = 5-client-auth-TLSv1.3-noroot-server 184*e0c4386eSCy Schubertclient = 5-client-auth-TLSv1.3-noroot-client 185*e0c4386eSCy Schubert 186*e0c4386eSCy Schubert[5-client-auth-TLSv1.3-noroot-server] 187*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 188*e0c4386eSCy SchubertCipherString = DEFAULT 189*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 190*e0c4386eSCy SchubertMinProtocol = TLSv1.3 191*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 192*e0c4386eSCy SchubertVerifyMode = Require 193*e0c4386eSCy Schubert 194*e0c4386eSCy Schubert[5-client-auth-TLSv1.3-noroot-client] 195*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 196*e0c4386eSCy SchubertCipherString = DEFAULT 197*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 198*e0c4386eSCy SchubertMinProtocol = TLSv1.3 199*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 200*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 201*e0c4386eSCy SchubertVerifyMode = Peer 202*e0c4386eSCy Schubert 203*e0c4386eSCy Schubert[test-5] 204*e0c4386eSCy SchubertExpectedResult = ServerFail 205*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 206*e0c4386eSCy Schubert 207*e0c4386eSCy Schubert 208*e0c4386eSCy Schubert# =========================================================== 209*e0c4386eSCy Schubert 210*e0c4386eSCy Schubert[6-client-auth-TLSv1.3-request-post-handshake] 211*e0c4386eSCy Schubertssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl 212*e0c4386eSCy Schubert 213*e0c4386eSCy Schubert[6-client-auth-TLSv1.3-request-post-handshake-ssl] 214*e0c4386eSCy Schubertserver = 6-client-auth-TLSv1.3-request-post-handshake-server 215*e0c4386eSCy Schubertclient = 6-client-auth-TLSv1.3-request-post-handshake-client 216*e0c4386eSCy Schubert 217*e0c4386eSCy Schubert[6-client-auth-TLSv1.3-request-post-handshake-server] 218*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 219*e0c4386eSCy SchubertCipherString = DEFAULT 220*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 221*e0c4386eSCy SchubertMinProtocol = TLSv1.3 222*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 223*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 224*e0c4386eSCy Schubert 225*e0c4386eSCy Schubert[6-client-auth-TLSv1.3-request-post-handshake-client] 226*e0c4386eSCy SchubertCipherString = DEFAULT 227*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 228*e0c4386eSCy SchubertMinProtocol = TLSv1.3 229*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 230*e0c4386eSCy SchubertVerifyMode = Peer 231*e0c4386eSCy Schubert 232*e0c4386eSCy Schubert[test-6] 233*e0c4386eSCy SchubertExpectedResult = ServerFail 234*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 235*e0c4386eSCy Schubert 236*e0c4386eSCy Schubert 237*e0c4386eSCy Schubert# =========================================================== 238*e0c4386eSCy Schubert 239*e0c4386eSCy Schubert[7-client-auth-TLSv1.3-require-fail-post-handshake] 240*e0c4386eSCy Schubertssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl 241*e0c4386eSCy Schubert 242*e0c4386eSCy Schubert[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] 243*e0c4386eSCy Schubertserver = 7-client-auth-TLSv1.3-require-fail-post-handshake-server 244*e0c4386eSCy Schubertclient = 7-client-auth-TLSv1.3-require-fail-post-handshake-client 245*e0c4386eSCy Schubert 246*e0c4386eSCy Schubert[7-client-auth-TLSv1.3-require-fail-post-handshake-server] 247*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 248*e0c4386eSCy SchubertCipherString = DEFAULT 249*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 250*e0c4386eSCy SchubertMinProtocol = TLSv1.3 251*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 252*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 253*e0c4386eSCy SchubertVerifyMode = RequirePostHandshake 254*e0c4386eSCy Schubert 255*e0c4386eSCy Schubert[7-client-auth-TLSv1.3-require-fail-post-handshake-client] 256*e0c4386eSCy SchubertCipherString = DEFAULT 257*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 258*e0c4386eSCy SchubertMinProtocol = TLSv1.3 259*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 260*e0c4386eSCy SchubertVerifyMode = Peer 261*e0c4386eSCy Schubert 262*e0c4386eSCy Schubert[test-7] 263*e0c4386eSCy SchubertExpectedResult = ServerFail 264*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 265*e0c4386eSCy Schubert 266*e0c4386eSCy Schubert 267*e0c4386eSCy Schubert# =========================================================== 268*e0c4386eSCy Schubert 269*e0c4386eSCy Schubert[8-client-auth-TLSv1.3-require-post-handshake] 270*e0c4386eSCy Schubertssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl 271*e0c4386eSCy Schubert 272*e0c4386eSCy Schubert[8-client-auth-TLSv1.3-require-post-handshake-ssl] 273*e0c4386eSCy Schubertserver = 8-client-auth-TLSv1.3-require-post-handshake-server 274*e0c4386eSCy Schubertclient = 8-client-auth-TLSv1.3-require-post-handshake-client 275*e0c4386eSCy Schubert 276*e0c4386eSCy Schubert[8-client-auth-TLSv1.3-require-post-handshake-server] 277*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 278*e0c4386eSCy SchubertCipherString = DEFAULT 279*e0c4386eSCy SchubertClientSignatureAlgorithms = PSS+SHA256 280*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 281*e0c4386eSCy SchubertMinProtocol = TLSv1.3 282*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 283*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 284*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 285*e0c4386eSCy Schubert 286*e0c4386eSCy Schubert[8-client-auth-TLSv1.3-require-post-handshake-client] 287*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 288*e0c4386eSCy SchubertCipherString = DEFAULT 289*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 290*e0c4386eSCy SchubertMinProtocol = TLSv1.3 291*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 292*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 293*e0c4386eSCy SchubertVerifyMode = Peer 294*e0c4386eSCy Schubert 295*e0c4386eSCy Schubert[test-8] 296*e0c4386eSCy SchubertExpectedClientCANames = empty 297*e0c4386eSCy SchubertExpectedClientCertType = RSA 298*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 299*e0c4386eSCy SchubertExpectedClientSignType = RSA-PSS 300*e0c4386eSCy SchubertExpectedResult = Success 301*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 302*e0c4386eSCy Schubertclient = 8-client-auth-TLSv1.3-require-post-handshake-client-extra 303*e0c4386eSCy Schubert 304*e0c4386eSCy Schubert[8-client-auth-TLSv1.3-require-post-handshake-client-extra] 305*e0c4386eSCy SchubertEnablePHA = Yes 306*e0c4386eSCy Schubert 307*e0c4386eSCy Schubert 308*e0c4386eSCy Schubert# =========================================================== 309*e0c4386eSCy Schubert 310*e0c4386eSCy Schubert[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] 311*e0c4386eSCy Schubertssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl 312*e0c4386eSCy Schubert 313*e0c4386eSCy Schubert[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] 314*e0c4386eSCy Schubertserver = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server 315*e0c4386eSCy Schubertclient = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client 316*e0c4386eSCy Schubert 317*e0c4386eSCy Schubert[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] 318*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 319*e0c4386eSCy SchubertCipherString = DEFAULT 320*e0c4386eSCy SchubertClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 321*e0c4386eSCy SchubertClientSignatureAlgorithms = PSS+SHA256 322*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 323*e0c4386eSCy SchubertMinProtocol = TLSv1.3 324*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 325*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 326*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 327*e0c4386eSCy Schubert 328*e0c4386eSCy Schubert[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] 329*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 330*e0c4386eSCy SchubertCipherString = DEFAULT 331*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 332*e0c4386eSCy SchubertMinProtocol = TLSv1.3 333*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 334*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 335*e0c4386eSCy SchubertVerifyMode = Peer 336*e0c4386eSCy Schubert 337*e0c4386eSCy Schubert[test-9] 338*e0c4386eSCy SchubertExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 339*e0c4386eSCy SchubertExpectedClientCertType = RSA 340*e0c4386eSCy SchubertExpectedClientSignHash = SHA256 341*e0c4386eSCy SchubertExpectedClientSignType = RSA-PSS 342*e0c4386eSCy SchubertExpectedResult = Success 343*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 344*e0c4386eSCy Schubertclient = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra 345*e0c4386eSCy Schubert 346*e0c4386eSCy Schubert[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] 347*e0c4386eSCy SchubertEnablePHA = Yes 348*e0c4386eSCy Schubert 349*e0c4386eSCy Schubert 350*e0c4386eSCy Schubert# =========================================================== 351*e0c4386eSCy Schubert 352*e0c4386eSCy Schubert[10-client-auth-TLSv1.3-noroot-post-handshake] 353*e0c4386eSCy Schubertssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl 354*e0c4386eSCy Schubert 355*e0c4386eSCy Schubert[10-client-auth-TLSv1.3-noroot-post-handshake-ssl] 356*e0c4386eSCy Schubertserver = 10-client-auth-TLSv1.3-noroot-post-handshake-server 357*e0c4386eSCy Schubertclient = 10-client-auth-TLSv1.3-noroot-post-handshake-client 358*e0c4386eSCy Schubert 359*e0c4386eSCy Schubert[10-client-auth-TLSv1.3-noroot-post-handshake-server] 360*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 361*e0c4386eSCy SchubertCipherString = DEFAULT 362*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 363*e0c4386eSCy SchubertMinProtocol = TLSv1.3 364*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 365*e0c4386eSCy SchubertVerifyMode = RequirePostHandshake 366*e0c4386eSCy Schubert 367*e0c4386eSCy Schubert[10-client-auth-TLSv1.3-noroot-post-handshake-client] 368*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 369*e0c4386eSCy SchubertCipherString = DEFAULT 370*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 371*e0c4386eSCy SchubertMinProtocol = TLSv1.3 372*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 373*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 374*e0c4386eSCy SchubertVerifyMode = Peer 375*e0c4386eSCy Schubert 376*e0c4386eSCy Schubert[test-10] 377*e0c4386eSCy SchubertExpectedResult = ServerFail 378*e0c4386eSCy SchubertExpectedServerAlert = UnknownCA 379*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 380*e0c4386eSCy Schubertclient = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra 381*e0c4386eSCy Schubert 382*e0c4386eSCy Schubert[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] 383*e0c4386eSCy SchubertEnablePHA = Yes 384*e0c4386eSCy Schubert 385*e0c4386eSCy Schubert 386*e0c4386eSCy Schubert# =========================================================== 387*e0c4386eSCy Schubert 388*e0c4386eSCy Schubert[11-client-auth-TLSv1.3-request-force-client-post-handshake] 389*e0c4386eSCy Schubertssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl 390*e0c4386eSCy Schubert 391*e0c4386eSCy Schubert[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] 392*e0c4386eSCy Schubertserver = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server 393*e0c4386eSCy Schubertclient = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client 394*e0c4386eSCy Schubert 395*e0c4386eSCy Schubert[11-client-auth-TLSv1.3-request-force-client-post-handshake-server] 396*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 397*e0c4386eSCy SchubertCipherString = DEFAULT 398*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 399*e0c4386eSCy SchubertMinProtocol = TLSv1.3 400*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 401*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 402*e0c4386eSCy Schubert 403*e0c4386eSCy Schubert[11-client-auth-TLSv1.3-request-force-client-post-handshake-client] 404*e0c4386eSCy SchubertCipherString = DEFAULT 405*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 406*e0c4386eSCy SchubertMinProtocol = TLSv1.3 407*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 408*e0c4386eSCy SchubertVerifyMode = Peer 409*e0c4386eSCy Schubert 410*e0c4386eSCy Schubert[test-11] 411*e0c4386eSCy SchubertExpectedResult = Success 412*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 413*e0c4386eSCy Schubertclient = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra 414*e0c4386eSCy Schubert 415*e0c4386eSCy Schubert[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] 416*e0c4386eSCy SchubertEnablePHA = Yes 417*e0c4386eSCy Schubert 418*e0c4386eSCy Schubert 419*e0c4386eSCy Schubert# =========================================================== 420*e0c4386eSCy Schubert 421*e0c4386eSCy Schubert[12-client-auth-TLSv1.3-request-force-server-post-handshake] 422*e0c4386eSCy Schubertssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl 423*e0c4386eSCy Schubert 424*e0c4386eSCy Schubert[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] 425*e0c4386eSCy Schubertserver = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server 426*e0c4386eSCy Schubertclient = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client 427*e0c4386eSCy Schubert 428*e0c4386eSCy Schubert[12-client-auth-TLSv1.3-request-force-server-post-handshake-server] 429*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 430*e0c4386eSCy SchubertCipherString = DEFAULT 431*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 432*e0c4386eSCy SchubertMinProtocol = TLSv1.3 433*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 434*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 435*e0c4386eSCy Schubert 436*e0c4386eSCy Schubert[12-client-auth-TLSv1.3-request-force-server-post-handshake-client] 437*e0c4386eSCy SchubertCipherString = DEFAULT 438*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 439*e0c4386eSCy SchubertMinProtocol = TLSv1.3 440*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 441*e0c4386eSCy SchubertVerifyMode = Peer 442*e0c4386eSCy Schubert 443*e0c4386eSCy Schubert[test-12] 444*e0c4386eSCy SchubertExpectedResult = ClientFail 445*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 446*e0c4386eSCy Schubertserver = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra 447*e0c4386eSCy Schubert 448*e0c4386eSCy Schubert[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] 449*e0c4386eSCy SchubertForcePHA = Yes 450*e0c4386eSCy Schubert 451*e0c4386eSCy Schubert 452*e0c4386eSCy Schubert# =========================================================== 453*e0c4386eSCy Schubert 454*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake] 455*e0c4386eSCy Schubertssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl 456*e0c4386eSCy Schubert 457*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] 458*e0c4386eSCy Schubertserver = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server 459*e0c4386eSCy Schubertclient = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client 460*e0c4386eSCy Schubert 461*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake-server] 462*e0c4386eSCy SchubertCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 463*e0c4386eSCy SchubertCipherString = DEFAULT 464*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 465*e0c4386eSCy SchubertMinProtocol = TLSv1.3 466*e0c4386eSCy SchubertPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 467*e0c4386eSCy SchubertVerifyMode = RequestPostHandshake 468*e0c4386eSCy Schubert 469*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake-client] 470*e0c4386eSCy SchubertCipherString = DEFAULT 471*e0c4386eSCy SchubertMaxProtocol = TLSv1.3 472*e0c4386eSCy SchubertMinProtocol = TLSv1.3 473*e0c4386eSCy SchubertVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 474*e0c4386eSCy SchubertVerifyMode = Peer 475*e0c4386eSCy Schubert 476*e0c4386eSCy Schubert[test-13] 477*e0c4386eSCy SchubertExpectedResult = Success 478*e0c4386eSCy SchubertHandshakeMode = PostHandshakeAuth 479*e0c4386eSCy Schubertserver = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra 480*e0c4386eSCy Schubertclient = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra 481*e0c4386eSCy Schubert 482*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] 483*e0c4386eSCy SchubertForcePHA = Yes 484*e0c4386eSCy Schubert 485*e0c4386eSCy Schubert[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] 486*e0c4386eSCy SchubertEnablePHA = Yes 487*e0c4386eSCy Schubert 488*e0c4386eSCy Schubert 489