diff options
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf')
| -rw-r--r-- | roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf | 1132 |
1 files changed, 1132 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf new file mode 100644 index 000000000..8debb66fd --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/test/ssl-tests/04-client_auth.conf @@ -0,0 +1,1132 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 36 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-require-non-empty-names +test-5 = 5-client-auth-flex-noroot +test-6 = 6-server-auth-TLSv1 +test-7 = 7-client-auth-TLSv1-request +test-8 = 8-client-auth-TLSv1-require-fail +test-9 = 9-client-auth-TLSv1-require +test-10 = 10-client-auth-TLSv1-require-non-empty-names +test-11 = 11-client-auth-TLSv1-noroot +test-12 = 12-server-auth-TLSv1.1 +test-13 = 13-client-auth-TLSv1.1-request +test-14 = 14-client-auth-TLSv1.1-require-fail +test-15 = 15-client-auth-TLSv1.1-require +test-16 = 16-client-auth-TLSv1.1-require-non-empty-names +test-17 = 17-client-auth-TLSv1.1-noroot +test-18 = 18-server-auth-TLSv1.2 +test-19 = 19-client-auth-TLSv1.2-request +test-20 = 20-client-auth-TLSv1.2-require-fail +test-21 = 21-client-auth-TLSv1.2-require +test-22 = 22-client-auth-TLSv1.2-require-non-empty-names +test-23 = 23-client-auth-TLSv1.2-noroot +test-24 = 24-server-auth-DTLSv1 +test-25 = 25-client-auth-DTLSv1-request +test-26 = 26-client-auth-DTLSv1-require-fail +test-27 = 27-client-auth-DTLSv1-require +test-28 = 28-client-auth-DTLSv1-require-non-empty-names +test-29 = 29-client-auth-DTLSv1-noroot +test-30 = 30-server-auth-DTLSv1.2 +test-31 = 31-client-auth-DTLSv1.2-request +test-32 = 32-client-auth-DTLSv1.2-require-fail +test-33 = 33-client-auth-DTLSv1.2-require +test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names +test-35 = 35-client-auth-DTLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = CertificateRequired + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-require-non-empty-names] +ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl + +[4-client-auth-flex-require-non-empty-names-ssl] +server = 4-client-auth-flex-require-non-empty-names-server +client = 4-client-auth-flex-require-non-empty-names-client + +[4-client-auth-flex-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[4-client-auth-flex-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[5-client-auth-flex-noroot] +ssl_conf = 5-client-auth-flex-noroot-ssl + +[5-client-auth-flex-noroot-ssl] +server = 5-client-auth-flex-noroot-server +client = 5-client-auth-flex-noroot-client + +[5-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[5-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[6-server-auth-TLSv1] +ssl_conf = 6-server-auth-TLSv1-ssl + +[6-server-auth-TLSv1-ssl] +server = 6-server-auth-TLSv1-server +client = 6-server-auth-TLSv1-client + +[6-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-request] +ssl_conf = 7-client-auth-TLSv1-request-ssl + +[7-client-auth-TLSv1-request-ssl] +server = 7-client-auth-TLSv1-request-server +client = 7-client-auth-TLSv1-request-client + +[7-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[7-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = Success + + +# =========================================================== + +[8-client-auth-TLSv1-require-fail] +ssl_conf = 8-client-auth-TLSv1-require-fail-ssl + +[8-client-auth-TLSv1-require-fail-ssl] +server = 8-client-auth-TLSv1-require-fail-server +client = 8-client-auth-TLSv1-require-fail-client + +[8-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[8-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[9-client-auth-TLSv1-require] +ssl_conf = 9-client-auth-TLSv1-require-ssl + +[9-client-auth-TLSv1-require-ssl] +server = 9-client-auth-TLSv1-require-server +client = 9-client-auth-TLSv1-require-client + +[9-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[9-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[10-client-auth-TLSv1-require-non-empty-names] +ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl + +[10-client-auth-TLSv1-require-non-empty-names-ssl] +server = 10-client-auth-TLSv1-require-non-empty-names-server +client = 10-client-auth-TLSv1-require-non-empty-names-client + +[10-client-auth-TLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[10-client-auth-TLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1-noroot] +ssl_conf = 11-client-auth-TLSv1-noroot-ssl + +[11-client-auth-TLSv1-noroot-ssl] +server = 11-client-auth-TLSv1-noroot-server +client = 11-client-auth-TLSv1-noroot-client + +[11-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[11-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[12-server-auth-TLSv1.1] +ssl_conf = 12-server-auth-TLSv1.1-ssl + +[12-server-auth-TLSv1.1-ssl] +server = 12-server-auth-TLSv1.1-server +client = 12-server-auth-TLSv1.1-client + +[12-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = Success + + +# =========================================================== + +[13-client-auth-TLSv1.1-request] +ssl_conf = 13-client-auth-TLSv1.1-request-ssl + +[13-client-auth-TLSv1.1-request-ssl] +server = 13-client-auth-TLSv1.1-request-server +client = 13-client-auth-TLSv1.1-request-client + +[13-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-require-fail] +ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl + +[14-client-auth-TLSv1.1-require-fail-ssl] +server = 14-client-auth-TLSv1.1-require-fail-server +client = 14-client-auth-TLSv1.1-require-fail-client + +[14-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[15-client-auth-TLSv1.1-require] +ssl_conf = 15-client-auth-TLSv1.1-require-ssl + +[15-client-auth-TLSv1.1-require-ssl] +server = 15-client-auth-TLSv1.1-require-server +client = 15-client-auth-TLSv1.1-require-client + +[15-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[15-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.1-require-non-empty-names] +ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl + +[16-client-auth-TLSv1.1-require-non-empty-names-ssl] +server = 16-client-auth-TLSv1.1-require-non-empty-names-server +client = 16-client-auth-TLSv1.1-require-non-empty-names-client + +[16-client-auth-TLSv1.1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[16-client-auth-TLSv1.1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.1-noroot] +ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl + +[17-client-auth-TLSv1.1-noroot-ssl] +server = 17-client-auth-TLSv1.1-noroot-server +client = 17-client-auth-TLSv1.1-noroot-client + +[17-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[17-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[18-server-auth-TLSv1.2] +ssl_conf = 18-server-auth-TLSv1.2-ssl + +[18-server-auth-TLSv1.2-ssl] +server = 18-server-auth-TLSv1.2-server +client = 18-server-auth-TLSv1.2-client + +[18-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-request] +ssl_conf = 19-client-auth-TLSv1.2-request-ssl + +[19-client-auth-TLSv1.2-request-ssl] +server = 19-client-auth-TLSv1.2-request-server +client = 19-client-auth-TLSv1.2-request-client + +[19-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[19-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = Success + + +# =========================================================== + +[20-client-auth-TLSv1.2-require-fail] +ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl + +[20-client-auth-TLSv1.2-require-fail-ssl] +server = 20-client-auth-TLSv1.2-require-fail-server +client = 20-client-auth-TLSv1.2-require-fail-client + +[20-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[20-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-20] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[21-client-auth-TLSv1.2-require] +ssl_conf = 21-client-auth-TLSv1.2-require-ssl + +[21-client-auth-TLSv1.2-require-ssl] +server = 21-client-auth-TLSv1.2-require-server +client = 21-client-auth-TLSv1.2-require-client + +[21-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[21-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-21] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[22-client-auth-TLSv1.2-require-non-empty-names] +ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl + +[22-client-auth-TLSv1.2-require-non-empty-names-ssl] +server = 22-client-auth-TLSv1.2-require-non-empty-names-server +client = 22-client-auth-TLSv1.2-require-non-empty-names-client + +[22-client-auth-TLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ClientSignatureAlgorithms = SHA256+RSA +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[22-client-auth-TLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA +ExpectedResult = Success + + +# =========================================================== + +[23-client-auth-TLSv1.2-noroot] +ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl + +[23-client-auth-TLSv1.2-noroot-ssl] +server = 23-client-auth-TLSv1.2-noroot-server +client = 23-client-auth-TLSv1.2-noroot-client + +[23-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[23-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[24-server-auth-DTLSv1] +ssl_conf = 24-server-auth-DTLSv1-ssl + +[24-server-auth-DTLSv1-ssl] +server = 24-server-auth-DTLSv1-server +client = 24-server-auth-DTLSv1-client + +[24-server-auth-DTLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[24-server-auth-DTLSv1-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-24] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[25-client-auth-DTLSv1-request] +ssl_conf = 25-client-auth-DTLSv1-request-ssl + +[25-client-auth-DTLSv1-request-ssl] +server = 25-client-auth-DTLSv1-request-server +client = 25-client-auth-DTLSv1-request-client + +[25-client-auth-DTLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[25-client-auth-DTLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-25] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[26-client-auth-DTLSv1-require-fail] +ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl + +[26-client-auth-DTLSv1-require-fail-ssl] +server = 26-client-auth-DTLSv1-require-fail-server +client = 26-client-auth-DTLSv1-require-fail-client + +[26-client-auth-DTLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[26-client-auth-DTLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-26] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[27-client-auth-DTLSv1-require] +ssl_conf = 27-client-auth-DTLSv1-require-ssl + +[27-client-auth-DTLSv1-require-ssl] +server = 27-client-auth-DTLSv1-require-server +client = 27-client-auth-DTLSv1-require-client + +[27-client-auth-DTLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[27-client-auth-DTLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[28-client-auth-DTLSv1-require-non-empty-names] +ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl + +[28-client-auth-DTLSv1-require-non-empty-names-ssl] +server = 28-client-auth-DTLSv1-require-non-empty-names-server +client = 28-client-auth-DTLSv1-require-non-empty-names-client + +[28-client-auth-DTLSv1-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[28-client-auth-DTLSv1-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-28] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[29-client-auth-DTLSv1-noroot] +ssl_conf = 29-client-auth-DTLSv1-noroot-ssl + +[29-client-auth-DTLSv1-noroot-ssl] +server = 29-client-auth-DTLSv1-noroot-server +client = 29-client-auth-DTLSv1-noroot-client + +[29-client-auth-DTLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[29-client-auth-DTLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-29] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + +# =========================================================== + +[30-server-auth-DTLSv1.2] +ssl_conf = 30-server-auth-DTLSv1.2-ssl + +[30-server-auth-DTLSv1.2-ssl] +server = 30-server-auth-DTLSv1.2-server +client = 30-server-auth-DTLSv1.2-client + +[30-server-auth-DTLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-server-auth-DTLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[31-client-auth-DTLSv1.2-request] +ssl_conf = 31-client-auth-DTLSv1.2-request-ssl + +[31-client-auth-DTLSv1.2-request-ssl] +server = 31-client-auth-DTLSv1.2-request-server +client = 31-client-auth-DTLSv1.2-request-client + +[31-client-auth-DTLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[31-client-auth-DTLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[32-client-auth-DTLSv1.2-require-fail] +ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl + +[32-client-auth-DTLSv1.2-require-fail-ssl] +server = 32-client-auth-DTLSv1.2-require-fail-server +client = 32-client-auth-DTLSv1.2-require-fail-client + +[32-client-auth-DTLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[32-client-auth-DTLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure +Method = DTLS + + +# =========================================================== + +[33-client-auth-DTLSv1.2-require] +ssl_conf = 33-client-auth-DTLSv1.2-require-ssl + +[33-client-auth-DTLSv1.2-require-ssl] +server = 33-client-auth-DTLSv1.2-require-server +client = 33-client-auth-DTLSv1.2-require-client + +[33-client-auth-DTLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[33-client-auth-DTLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[34-client-auth-DTLSv1.2-require-non-empty-names] +ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl + +[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] +server = 34-client-auth-DTLSv1.2-require-non-empty-names-server +client = 34-client-auth-DTLSv1.2-require-non-empty-names-client + +[34-client-auth-DTLSv1.2-require-non-empty-names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[34-client-auth-DTLSv1.2-require-non-empty-names-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedResult = Success +Method = DTLS + + +# =========================================================== + +[35-client-auth-DTLSv1.2-noroot] +ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl + +[35-client-auth-DTLSv1.2-noroot-ssl] +server = 35-client-auth-DTLSv1.2-noroot-server +client = 35-client-auth-DTLSv1.2-noroot-client + +[35-client-auth-DTLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[35-client-auth-DTLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA +Method = DTLS + + |