root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add client auth TLS 1.3 certificate selection tests 

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
This commit is contained in:
Dr. Stephen Henson 2017-02-15 22:16:09 +00:00
parent b4cb7eb7df
commit 86de658a84
1 changed files with 46 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
test/ssl-tests/20-cert-select.conf.in
View File

@ -11,9 +11,11 @@ use OpenSSL::Test::Utils;
my $dir_sep = $^O ne "VMS" ? "/" : ""; my $dir_sep = $^O ne "VMS" ? "/" : "";
my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
my $server = { my $server = {
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
"MaxProtocol" => "TLSv1.2" "MaxProtocol" => "TLSv1.2"
}; };
@ -122,8 +124,17 @@ our @tests = (
my $server_tls_1_3 = { my $server_tls_1_3 = {
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
};
my $client_tls_1_3 = {
"RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
"RSA.PrivateKey" => "${cert_dir}ee-key.pem",
"ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
"ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
"MinProtocol" => "TLSv1.3", "MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3" "MaxProtocol" => "TLSv1.3"
}; };
@ -203,7 +214,37 @@ my @tests_tls_1_3 = (
"ExpectedServerSignType" => "RSA-PSS", "ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
} },
{
name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
server => {
"ClientSignatureAlgorithms" => "PSS+SHA256",
"VerifyCAFile" => "${cert_dir}root-cert.pem",
"VerifyMode" => "Require"
},
client => $client_tls_1_3,
test => {
"ExpectedClientCertType" => "RSA",
"ExpectedClientSignHash" => "SHA256",
"ExpectedClientSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
server => {
"ClientSignatureAlgorithms" => "ECDSA+SHA256",
"VerifyCAFile" => "${cert_dir}root-cert.pem",
"VerifyMode" => "Require"
},
client => $client_tls_1_3,
test => {
"ExpectedClientCertType" => "P-256",
"ExpectedClientSignHash" => "SHA256",
"ExpectedClientSignType" => "EC",
"ExpectedResult" => "Success"
},
},
); );
push @tests, @tests_tls_1_3 unless disabled("tls1_3"); push @tests, @tests_tls_1_3 unless disabled("tls1_3");