source-git / openssl

Clone
Source Code
GIT

Blame test/ssl-tests/26-tls13_client_auth.conf.in

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   test
  3.   ssl-tests
  4.   26-tls13_client_auth.conf.in
Blob History Raw
Packit Service 084de1 
# -*- mode: perl; -*-
Packit Service 084de1 
# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1 
#
Packit Service 084de1 
# Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
# this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
# in the file LICENSE in the source distribution or at
Packit Service 084de1 
# https://www.openssl.org/source/license.html
Packit Service 084de1
Packit Service 084de1
Packit Service 084de1 
## Test TLSv1.3 certificate authentication
Packit Service 084de1 
## Similar to 04-client_auth.conf.in output, but specific for
Packit Service 084de1 
## TLSv1.3 and post-handshake authentication
Packit Service 084de1
Packit Service 084de1 
use strict;
Packit Service 084de1 
use warnings;
Packit Service 084de1
Packit Service 084de1 
package ssltests;
Packit Service 084de1 
use OpenSSL::Test::Utils;
Packit Service 084de1
Packit Service 084de1 
our @tests = (
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "server-auth-TLSv1.3",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-request",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "Request",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require-fail",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "Require",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ServerFail",
Packit Service 084de1 
            "ExpectedServerAlert" => "CertificateRequired",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "ClientSignatureAlgorithms" => "PSS+SHA256",
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "Request",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "ExpectedClientCertType" => "RSA",
Packit Service 084de1 
            "ExpectedClientSignType" => "RSA-PSS",
Packit Service 084de1 
            "ExpectedClientSignHash" => "SHA256",
Packit Service 084de1 
            "ExpectedClientCANames" => "empty"
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require-non-empty-names",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "ClientSignatureAlgorithms" => "PSS+SHA256",
Packit Service 084de1 
            "ClientCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "Request",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "ExpectedClientCertType" => "RSA",
Packit Service 084de1 
            "ExpectedClientSignType" => "RSA-PSS",
Packit Service 084de1 
            "ExpectedClientSignHash" => "SHA256",
Packit Service 084de1 
            "ExpectedClientCANames" => test_pem("root-cert.pem"),
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-noroot",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "Require",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ServerFail",
Packit Service 084de1 
            "ExpectedServerAlert" => "UnknownCA",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-request-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ServerFail",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require-fail-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "RequirePostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ServerFail",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "ClientSignatureAlgorithms" => "PSS+SHA256",
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "EnablePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
            "ExpectedClientCertType" => "RSA",
Packit Service 084de1 
            "ExpectedClientSignType" => "RSA-PSS",
Packit Service 084de1 
            "ExpectedClientSignHash" => "SHA256",
Packit Service 084de1 
            "ExpectedClientCANames" => "empty"
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "ClientSignatureAlgorithms" => "PSS+SHA256",
Packit Service 084de1 
            "ClientCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyCAFile" => test_pem("root-cert.pem"),
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "EnablePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
            "ExpectedClientCertType" => "RSA",
Packit Service 084de1 
            "ExpectedClientSignType" => "RSA-PSS",
Packit Service 084de1 
            "ExpectedClientSignHash" => "SHA256",
Packit Service 084de1 
            "ExpectedClientCANames" => test_pem("root-cert.pem"),
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-noroot-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "RequirePostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "Certificate" => test_pem("ee-client-chain.pem"),
Packit Service 084de1 
            "PrivateKey" => test_pem("ee-key.pem"),
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "EnablePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ServerFail",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
            "ExpectedServerAlert" => "UnknownCA",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-request-force-client-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "EnablePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-request-force-server-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "ForcePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "ClientFail",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
    {
Packit Service 084de1 
        name => "client-auth-TLSv1.3-request-force-both-post-handshake",
Packit Service 084de1 
        server => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            "VerifyMode" => "RequestPostHandshake",
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "ForcePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        client => {
Packit Service 084de1 
            "MinProtocol" => "TLSv1.3",
Packit Service 084de1 
            "MaxProtocol" => "TLSv1.3",
Packit Service 084de1 
            extra => {
Packit Service 084de1 
                "EnablePHA" => "Yes",
Packit Service 084de1 
            },
Packit Service 084de1 
        },
Packit Service 084de1 
        test => {
Packit Service 084de1 
            "ExpectedResult" => "Success",
Packit Service 084de1 
            "HandshakeMode" => "PostHandshakeAuth",
Packit Service 084de1 
        },
Packit Service 084de1 
    },
Packit Service 084de1 
);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation