xref: /freebsd/crypto/openssl/test/ssl-tests/26-tls13_client_auth.cnf (revision a8089ea5aee578e08acab2438e82fc9a9ae50ed8)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 14
4
5test-0 = 0-server-auth-TLSv1.3
6test-1 = 1-client-auth-TLSv1.3-request
7test-2 = 2-client-auth-TLSv1.3-require-fail
8test-3 = 3-client-auth-TLSv1.3-require
9test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
10test-5 = 5-client-auth-TLSv1.3-noroot
11test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
19# ===========================================================
20
21[0-server-auth-TLSv1.3]
22ssl_conf = 0-server-auth-TLSv1.3-ssl
23
24[0-server-auth-TLSv1.3-ssl]
25server = 0-server-auth-TLSv1.3-server
26client = 0-server-auth-TLSv1.3-client
27
28[0-server-auth-TLSv1.3-server]
29Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
30CipherString = DEFAULT
31MaxProtocol = TLSv1.3
32MinProtocol = TLSv1.3
33PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
34
35[0-server-auth-TLSv1.3-client]
36CipherString = DEFAULT
37MaxProtocol = TLSv1.3
38MinProtocol = TLSv1.3
39VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
40VerifyMode = Peer
41
42[test-0]
43ExpectedResult = Success
44
45
46# ===========================================================
47
48[1-client-auth-TLSv1.3-request]
49ssl_conf = 1-client-auth-TLSv1.3-request-ssl
50
51[1-client-auth-TLSv1.3-request-ssl]
52server = 1-client-auth-TLSv1.3-request-server
53client = 1-client-auth-TLSv1.3-request-client
54
55[1-client-auth-TLSv1.3-request-server]
56Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
57CipherString = DEFAULT
58MaxProtocol = TLSv1.3
59MinProtocol = TLSv1.3
60PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
61VerifyMode = Request
62
63[1-client-auth-TLSv1.3-request-client]
64CipherString = DEFAULT
65MaxProtocol = TLSv1.3
66MinProtocol = TLSv1.3
67VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
68VerifyMode = Peer
69
70[test-1]
71ExpectedResult = Success
72
73
74# ===========================================================
75
76[2-client-auth-TLSv1.3-require-fail]
77ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
78
79[2-client-auth-TLSv1.3-require-fail-ssl]
80server = 2-client-auth-TLSv1.3-require-fail-server
81client = 2-client-auth-TLSv1.3-require-fail-client
82
83[2-client-auth-TLSv1.3-require-fail-server]
84Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
85CipherString = DEFAULT
86MaxProtocol = TLSv1.3
87MinProtocol = TLSv1.3
88PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
90VerifyMode = Require
91
92[2-client-auth-TLSv1.3-require-fail-client]
93CipherString = DEFAULT
94MaxProtocol = TLSv1.3
95MinProtocol = TLSv1.3
96VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
97VerifyMode = Peer
98
99[test-2]
100ExpectedResult = ServerFail
101ExpectedServerAlert = CertificateRequired
102
103
104# ===========================================================
105
106[3-client-auth-TLSv1.3-require]
107ssl_conf = 3-client-auth-TLSv1.3-require-ssl
108
109[3-client-auth-TLSv1.3-require-ssl]
110server = 3-client-auth-TLSv1.3-require-server
111client = 3-client-auth-TLSv1.3-require-client
112
113[3-client-auth-TLSv1.3-require-server]
114Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115CipherString = DEFAULT
116ClientSignatureAlgorithms = PSS+SHA256
117MaxProtocol = TLSv1.3
118MinProtocol = TLSv1.3
119PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
121VerifyMode = Request
122
123[3-client-auth-TLSv1.3-require-client]
124Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
125CipherString = DEFAULT
126MaxProtocol = TLSv1.3
127MinProtocol = TLSv1.3
128PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
129VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
130VerifyMode = Peer
131
132[test-3]
133ExpectedClientCANames = empty
134ExpectedClientCertType = RSA
135ExpectedClientSignHash = SHA256
136ExpectedClientSignType = RSA-PSS
137ExpectedResult = Success
138
139
140# ===========================================================
141
142[4-client-auth-TLSv1.3-require-non-empty-names]
143ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
144
145[4-client-auth-TLSv1.3-require-non-empty-names-ssl]
146server = 4-client-auth-TLSv1.3-require-non-empty-names-server
147client = 4-client-auth-TLSv1.3-require-non-empty-names-client
148
149[4-client-auth-TLSv1.3-require-non-empty-names-server]
150Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151CipherString = DEFAULT
152ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153ClientSignatureAlgorithms = PSS+SHA256
154MaxProtocol = TLSv1.3
155MinProtocol = TLSv1.3
156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158VerifyMode = Request
159
160[4-client-auth-TLSv1.3-require-non-empty-names-client]
161Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162CipherString = DEFAULT
163MaxProtocol = TLSv1.3
164MinProtocol = TLSv1.3
165PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
166VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
167VerifyMode = Peer
168
169[test-4]
170ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
171ExpectedClientCertType = RSA
172ExpectedClientSignHash = SHA256
173ExpectedClientSignType = RSA-PSS
174ExpectedResult = Success
175
176
177# ===========================================================
178
179[5-client-auth-TLSv1.3-noroot]
180ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
181
182[5-client-auth-TLSv1.3-noroot-ssl]
183server = 5-client-auth-TLSv1.3-noroot-server
184client = 5-client-auth-TLSv1.3-noroot-client
185
186[5-client-auth-TLSv1.3-noroot-server]
187Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
188CipherString = DEFAULT
189MaxProtocol = TLSv1.3
190MinProtocol = TLSv1.3
191PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192VerifyMode = Require
193
194[5-client-auth-TLSv1.3-noroot-client]
195Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
196CipherString = DEFAULT
197MaxProtocol = TLSv1.3
198MinProtocol = TLSv1.3
199PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
200VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201VerifyMode = Peer
202
203[test-5]
204ExpectedResult = ServerFail
205ExpectedServerAlert = UnknownCA
206
207
208# ===========================================================
209
210[6-client-auth-TLSv1.3-request-post-handshake]
211ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
212
213[6-client-auth-TLSv1.3-request-post-handshake-ssl]
214server = 6-client-auth-TLSv1.3-request-post-handshake-server
215client = 6-client-auth-TLSv1.3-request-post-handshake-client
216
217[6-client-auth-TLSv1.3-request-post-handshake-server]
218Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219CipherString = DEFAULT
220MaxProtocol = TLSv1.3
221MinProtocol = TLSv1.3
222PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223VerifyMode = RequestPostHandshake
224
225[6-client-auth-TLSv1.3-request-post-handshake-client]
226CipherString = DEFAULT
227MaxProtocol = TLSv1.3
228MinProtocol = TLSv1.3
229VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230VerifyMode = Peer
231
232[test-6]
233ExpectedResult = ServerFail
234HandshakeMode = PostHandshakeAuth
235
236
237# ===========================================================
238
239[7-client-auth-TLSv1.3-require-fail-post-handshake]
240ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
241
242[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
243server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
244client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
245
246[7-client-auth-TLSv1.3-require-fail-post-handshake-server]
247Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248CipherString = DEFAULT
249MaxProtocol = TLSv1.3
250MinProtocol = TLSv1.3
251PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253VerifyMode = RequirePostHandshake
254
255[7-client-auth-TLSv1.3-require-fail-post-handshake-client]
256CipherString = DEFAULT
257MaxProtocol = TLSv1.3
258MinProtocol = TLSv1.3
259VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
260VerifyMode = Peer
261
262[test-7]
263ExpectedResult = ServerFail
264HandshakeMode = PostHandshakeAuth
265
266
267# ===========================================================
268
269[8-client-auth-TLSv1.3-require-post-handshake]
270ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
271
272[8-client-auth-TLSv1.3-require-post-handshake-ssl]
273server = 8-client-auth-TLSv1.3-require-post-handshake-server
274client = 8-client-auth-TLSv1.3-require-post-handshake-client
275
276[8-client-auth-TLSv1.3-require-post-handshake-server]
277Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
278CipherString = DEFAULT
279ClientSignatureAlgorithms = PSS+SHA256
280MaxProtocol = TLSv1.3
281MinProtocol = TLSv1.3
282PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
284VerifyMode = RequestPostHandshake
285
286[8-client-auth-TLSv1.3-require-post-handshake-client]
287Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
288CipherString = DEFAULT
289MaxProtocol = TLSv1.3
290MinProtocol = TLSv1.3
291PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
292VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
293VerifyMode = Peer
294
295[test-8]
296ExpectedClientCANames = empty
297ExpectedClientCertType = RSA
298ExpectedClientSignHash = SHA256
299ExpectedClientSignType = RSA-PSS
300ExpectedResult = Success
301HandshakeMode = PostHandshakeAuth
302client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
303
304[8-client-auth-TLSv1.3-require-post-handshake-client-extra]
305EnablePHA = Yes
306
307
308# ===========================================================
309
310[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
311ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
312
313[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
314server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
315client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
316
317[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
318Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
319CipherString = DEFAULT
320ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
321ClientSignatureAlgorithms = PSS+SHA256
322MaxProtocol = TLSv1.3
323MinProtocol = TLSv1.3
324PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
325VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
326VerifyMode = RequestPostHandshake
327
328[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
329Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
330CipherString = DEFAULT
331MaxProtocol = TLSv1.3
332MinProtocol = TLSv1.3
333PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
334VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
335VerifyMode = Peer
336
337[test-9]
338ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
339ExpectedClientCertType = RSA
340ExpectedClientSignHash = SHA256
341ExpectedClientSignType = RSA-PSS
342ExpectedResult = Success
343HandshakeMode = PostHandshakeAuth
344client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
345
346[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
347EnablePHA = Yes
348
349
350# ===========================================================
351
352[10-client-auth-TLSv1.3-noroot-post-handshake]
353ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
354
355[10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
356server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
357client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
358
359[10-client-auth-TLSv1.3-noroot-post-handshake-server]
360Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361CipherString = DEFAULT
362MaxProtocol = TLSv1.3
363MinProtocol = TLSv1.3
364PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365VerifyMode = RequirePostHandshake
366
367[10-client-auth-TLSv1.3-noroot-post-handshake-client]
368Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
369CipherString = DEFAULT
370MaxProtocol = TLSv1.3
371MinProtocol = TLSv1.3
372PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
373VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
374VerifyMode = Peer
375
376[test-10]
377ExpectedResult = ServerFail
378ExpectedServerAlert = UnknownCA
379HandshakeMode = PostHandshakeAuth
380client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
381
382[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
383EnablePHA = Yes
384
385
386# ===========================================================
387
388[11-client-auth-TLSv1.3-request-force-client-post-handshake]
389ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
390
391[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
392server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
393client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
394
395[11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
396Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
397CipherString = DEFAULT
398MaxProtocol = TLSv1.3
399MinProtocol = TLSv1.3
400PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
401VerifyMode = RequestPostHandshake
402
403[11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
404CipherString = DEFAULT
405MaxProtocol = TLSv1.3
406MinProtocol = TLSv1.3
407VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
408VerifyMode = Peer
409
410[test-11]
411ExpectedResult = Success
412HandshakeMode = PostHandshakeAuth
413client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
414
415[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
416EnablePHA = Yes
417
418
419# ===========================================================
420
421[12-client-auth-TLSv1.3-request-force-server-post-handshake]
422ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
423
424[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
425server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
426client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
427
428[12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
429Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
430CipherString = DEFAULT
431MaxProtocol = TLSv1.3
432MinProtocol = TLSv1.3
433PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
434VerifyMode = RequestPostHandshake
435
436[12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
437CipherString = DEFAULT
438MaxProtocol = TLSv1.3
439MinProtocol = TLSv1.3
440VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
441VerifyMode = Peer
442
443[test-12]
444ExpectedResult = ClientFail
445HandshakeMode = PostHandshakeAuth
446server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
447
448[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
449ForcePHA = Yes
450
451
452# ===========================================================
453
454[13-client-auth-TLSv1.3-request-force-both-post-handshake]
455ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
456
457[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
458server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
459client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
460
461[13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
462Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
463CipherString = DEFAULT
464MaxProtocol = TLSv1.3
465MinProtocol = TLSv1.3
466PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
467VerifyMode = RequestPostHandshake
468
469[13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
470CipherString = DEFAULT
471MaxProtocol = TLSv1.3
472MinProtocol = TLSv1.3
473VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
474VerifyMode = Peer
475
476[test-13]
477ExpectedResult = Success
478HandshakeMode = PostHandshakeAuth
479server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
480client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
481
482[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
483ForcePHA = Yes
484
485[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
486EnablePHA = Yes
487
488
489