From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/test/ssl-tests/04-client_auth.conf | 592 ++++++++++++++++++++++ 1 file changed, 592 insertions(+) create mode 100644 openssl-1.1.0h/test/ssl-tests/04-client_auth.conf (limited to 'openssl-1.1.0h/test/ssl-tests/04-client_auth.conf') diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf new file mode 100644 index 0000000..0e91bed --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf @@ -0,0 +1,592 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 20 + +test-0 = 0-server-auth-flex +test-1 = 1-client-auth-flex-request +test-2 = 2-client-auth-flex-require-fail +test-3 = 3-client-auth-flex-require +test-4 = 4-client-auth-flex-noroot +test-5 = 5-server-auth-TLSv1 +test-6 = 6-client-auth-TLSv1-request +test-7 = 7-client-auth-TLSv1-require-fail +test-8 = 8-client-auth-TLSv1-require +test-9 = 9-client-auth-TLSv1-noroot +test-10 = 10-server-auth-TLSv1.1 +test-11 = 11-client-auth-TLSv1.1-request +test-12 = 12-client-auth-TLSv1.1-require-fail +test-13 = 13-client-auth-TLSv1.1-require +test-14 = 14-client-auth-TLSv1.1-noroot +test-15 = 15-server-auth-TLSv1.2 +test-16 = 16-client-auth-TLSv1.2-request +test-17 = 17-client-auth-TLSv1.2-require-fail +test-18 = 18-client-auth-TLSv1.2-require +test-19 = 19-client-auth-TLSv1.2-noroot +# =========================================================== + +[0-server-auth-flex] +ssl_conf = 0-server-auth-flex-ssl + +[0-server-auth-flex-ssl] +server = 0-server-auth-flex-server +client = 0-server-auth-flex-client + +[0-server-auth-flex-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-server-auth-flex-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ExpectedResult = Success + + +# =========================================================== + +[1-client-auth-flex-request] +ssl_conf = 1-client-auth-flex-request-ssl + +[1-client-auth-flex-request-ssl] +server = 1-client-auth-flex-request-server +client = 1-client-auth-flex-request-client + +[1-client-auth-flex-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[1-client-auth-flex-request-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-client-auth-flex-require-fail] +ssl_conf = 2-client-auth-flex-require-fail-ssl + +[2-client-auth-flex-require-fail-ssl] +server = 2-client-auth-flex-require-fail-server +client = 2-client-auth-flex-require-fail-client + +[2-client-auth-flex-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[2-client-auth-flex-require-fail-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[3-client-auth-flex-require] +ssl_conf = 3-client-auth-flex-require-ssl + +[3-client-auth-flex-require-ssl] +server = 3-client-auth-flex-require-server +client = 3-client-auth-flex-require-client + +[3-client-auth-flex-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[3-client-auth-flex-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success + + +# =========================================================== + +[4-client-auth-flex-noroot] +ssl_conf = 4-client-auth-flex-noroot-ssl + +[4-client-auth-flex-noroot-ssl] +server = 4-client-auth-flex-noroot-server +client = 4-client-auth-flex-noroot-client + +[4-client-auth-flex-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[4-client-auth-flex-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[5-server-auth-TLSv1] +ssl_conf = 5-server-auth-TLSv1-ssl + +[5-server-auth-TLSv1-ssl] +server = 5-server-auth-TLSv1-server +client = 5-server-auth-TLSv1-client + +[5-server-auth-TLSv1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-server-auth-TLSv1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success + + +# =========================================================== + +[6-client-auth-TLSv1-request] +ssl_conf = 6-client-auth-TLSv1-request-ssl + +[6-client-auth-TLSv1-request-ssl] +server = 6-client-auth-TLSv1-request-server +client = 6-client-auth-TLSv1-request-client + +[6-client-auth-TLSv1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[6-client-auth-TLSv1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success + + +# =========================================================== + +[7-client-auth-TLSv1-require-fail] +ssl_conf = 7-client-auth-TLSv1-require-fail-ssl + +[7-client-auth-TLSv1-require-fail-ssl] +server = 7-client-auth-TLSv1-require-fail-server +client = 7-client-auth-TLSv1-require-fail-client + +[7-client-auth-TLSv1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[7-client-auth-TLSv1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[8-client-auth-TLSv1-require] +ssl_conf = 8-client-auth-TLSv1-require-ssl + +[8-client-auth-TLSv1-require-ssl] +server = 8-client-auth-TLSv1-require-server +client = 8-client-auth-TLSv1-require-client + +[8-client-auth-TLSv1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[8-client-auth-TLSv1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success + + +# =========================================================== + +[9-client-auth-TLSv1-noroot] +ssl_conf = 9-client-auth-TLSv1-noroot-ssl + +[9-client-auth-TLSv1-noroot-ssl] +server = 9-client-auth-TLSv1-noroot-server +client = 9-client-auth-TLSv1-noroot-client + +[9-client-auth-TLSv1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[9-client-auth-TLSv1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[10-server-auth-TLSv1.1] +ssl_conf = 10-server-auth-TLSv1.1-ssl + +[10-server-auth-TLSv1.1-ssl] +server = 10-server-auth-TLSv1.1-server +client = 10-server-auth-TLSv1.1-client + +[10-server-auth-TLSv1.1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-server-auth-TLSv1.1-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedResult = Success + + +# =========================================================== + +[11-client-auth-TLSv1.1-request] +ssl_conf = 11-client-auth-TLSv1.1-request-ssl + +[11-client-auth-TLSv1.1-request-ssl] +server = 11-client-auth-TLSv1.1-request-server +client = 11-client-auth-TLSv1.1-request-client + +[11-client-auth-TLSv1.1-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[11-client-auth-TLSv1.1-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedResult = Success + + +# =========================================================== + +[12-client-auth-TLSv1.1-require-fail] +ssl_conf = 12-client-auth-TLSv1.1-require-fail-ssl + +[12-client-auth-TLSv1.1-require-fail-ssl] +server = 12-client-auth-TLSv1.1-require-fail-server +client = 12-client-auth-TLSv1.1-require-fail-client + +[12-client-auth-TLSv1.1-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[12-client-auth-TLSv1.1-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[13-client-auth-TLSv1.1-require] +ssl_conf = 13-client-auth-TLSv1.1-require-ssl + +[13-client-auth-TLSv1.1-require-ssl] +server = 13-client-auth-TLSv1.1-require-server +client = 13-client-auth-TLSv1.1-require-client + +[13-client-auth-TLSv1.1-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[13-client-auth-TLSv1.1-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = Success + + +# =========================================================== + +[14-client-auth-TLSv1.1-noroot] +ssl_conf = 14-client-auth-TLSv1.1-noroot-ssl + +[14-client-auth-TLSv1.1-noroot-ssl] +server = 14-client-auth-TLSv1.1-noroot-server +client = 14-client-auth-TLSv1.1-noroot-client + +[14-client-auth-TLSv1.1-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[14-client-auth-TLSv1.1-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + +# =========================================================== + +[15-server-auth-TLSv1.2] +ssl_conf = 15-server-auth-TLSv1.2-ssl + +[15-server-auth-TLSv1.2-ssl] +server = 15-server-auth-TLSv1.2-server +client = 15-server-auth-TLSv1.2-client + +[15-server-auth-TLSv1.2-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-server-auth-TLSv1.2-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success + + +# =========================================================== + +[16-client-auth-TLSv1.2-request] +ssl_conf = 16-client-auth-TLSv1.2-request-ssl + +[16-client-auth-TLSv1.2-request-ssl] +server = 16-client-auth-TLSv1.2-request-server +client = 16-client-auth-TLSv1.2-request-client + +[16-client-auth-TLSv1.2-request-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Request + +[16-client-auth-TLSv1.2-request-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = Success + + +# =========================================================== + +[17-client-auth-TLSv1.2-require-fail] +ssl_conf = 17-client-auth-TLSv1.2-require-fail-ssl + +[17-client-auth-TLSv1.2-require-fail-ssl] +server = 17-client-auth-TLSv1.2-require-fail-server +client = 17-client-auth-TLSv1.2-require-fail-client + +[17-client-auth-TLSv1.2-require-fail-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[17-client-auth-TLSv1.2-require-fail-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +ExpectedServerAlert = HandshakeFailure + + +# =========================================================== + +[18-client-auth-TLSv1.2-require] +ssl_conf = 18-client-auth-TLSv1.2-require-ssl + +[18-client-auth-TLSv1.2-require-ssl] +server = 18-client-auth-TLSv1.2-require-server +client = 18-client-auth-TLSv1.2-require-client + +[18-client-auth-TLSv1.2-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[18-client-auth-TLSv1.2-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success + + +# =========================================================== + +[19-client-auth-TLSv1.2-noroot] +ssl_conf = 19-client-auth-TLSv1.2-noroot-ssl + +[19-client-auth-TLSv1.2-noroot-ssl] +server = 19-client-auth-TLSv1.2-noroot-server +client = 19-client-auth-TLSv1.2-noroot-client + +[19-client-auth-TLSv1.2-noroot-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyMode = Require + +[19-client-auth-TLSv1.2-noroot-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] +ExpectedResult = ServerFail +ExpectedServerAlert = UnknownCA + + -- cgit v1.2.3