add DSA cert tests

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2667)
2017-02-17 15:28:36 +00:00 · 2017-02-17 15:28:36 +00:00 · 7a08b764cc
parent 7a02661ac1
commit 7a08b764cc
2 changed files with 77 additions and 1 deletions
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl

-num_tests = 8
+num_tests = 9

 test-0 = 0-ECDSA CipherString Selection
 test-1 = 1-RSA CipherString Selection
@ -10,6 +10,7 @@ test-4 = 4-ECDSA Signature Algorithm Selection SHA384
 test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate
 test-6 = 6-RSA Signature Algorithm Selection
 test-7 = 7-RSA-PSS Signature Algorithm Selection
+test-8 = 8-TLS 1.2 DSA Certificate Test
 # ===========================================================

 [0-ECDSA CipherString Selection]
@ -235,3 +236,32 @@ ExpectedServerSignHash = SHA256
 ExpectedServerSignType = RSA-PSS


+# ===========================================================
+
+[8-TLS 1.2 DSA Certificate Test]
+ssl_conf = 8-TLS 1.2 DSA Certificate Test-ssl
+
+[8-TLS 1.2 DSA Certificate Test-ssl]
+server = 8-TLS 1.2 DSA Certificate Test-server
+client = 8-TLS 1.2 DSA Certificate Test-client
+
+[8-TLS 1.2 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-TLS 1.2 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA256:DSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+
+
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -244,3 +244,49 @@ my @tests_tls_1_3 = (
 );

 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
+
+my @tests_dsa_tls_1_2 = (
+    {
+        name => "TLS 1.2 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "DHParameters" => test_pem("dhp2048.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "Success"
+        },
+    },
+);
+
+my @tests_dsa_tls_1_3 = (
+    {
+        name => "TLS 1.3 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
+
+if (!disabled("dsa")) {
+    push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
+    push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
+}