Commit 2c1b0f1e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add Client CA names tests 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2969)
parent 2e21539b

test/ssl-tests/04-client_auth.conf

+452 −235

File changed.

Preview size limit exceeded, changes collapsed.

test/ssl-tests/04-client_auth.conf.in

+28 −0
Original line number Diff line number Diff line
@@ -119,6 +119,34 @@ sub generate_tests() { 
                    "ExpectedClientCertType" => "RSA",

                    "ExpectedClientSignType" => $clisigtype,

                    "ExpectedClientSignHash" => $clihash,

                    "ExpectedClientCANames" => "empty",

                    "Method" => $method,

                },

            };



            # Successful handshake with client authentication non-empty names

            push @tests, {

                name => "client-auth-${protocol_name}-require-non-empty-names",

                server => {

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "ClientSignatureAlgorithms" => $clisigalgs,

                    "ClientCAFile" => test_pem("root-cert.pem"),

                    "VerifyCAFile" => test_pem("root-cert.pem"),

                    "VerifyMode" => "Request",

                },

                client => {

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "Certificate" => test_pem("ee-client-chain.pem"),

                    "PrivateKey"  => test_pem("ee-key.pem"),

                },

                test   => {

                    "ExpectedResult" => "Success",

                    "ExpectedClientCertType" => "RSA",

                    "ExpectedClientSignType" => $clisigtype,

                    "ExpectedClientSignHash" => $clihash,

                    "ExpectedClientCANames" => test_pem("root-cert.pem"),

                    "Method" => $method,

                },

            };

test/ssl-tests/20-cert-select.conf.in

+18 −0
Original line number Diff line number Diff line
@@ -316,6 +316,24 @@ my @tests_tls_1_3 = ( 
            "ExpectedClientCertType" => "RSA",

            "ExpectedClientSignHash" => "SHA256",

            "ExpectedClientSignType" => "RSA-PSS",

            "ExpectedClientCANames" => "empty",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",

        server => {

            "ClientSignatureAlgorithms" => "PSS+SHA256",

            "VerifyCAFile" => test_pem("root-cert.pem"),

            "ClientCAFile" => test_pem("root-cert.pem"),

            "VerifyMode" => "Require"

        },

        client => $client_tls_1_3,

        test   => {

            "ExpectedClientCertType" => "RSA",

            "ExpectedClientSignHash" => "SHA256",

            "ExpectedClientSignType" => "RSA-PSS",

            "ExpectedClientCANames" => test_pem("root-cert.pem"),

            "ExpectedResult" => "Success"

        },

    },