Add additional ECDSA/Ed25519 selection tests. (50a3a1f0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/ssl-tests/20-cert-select.conf

+176 −108

Original line number	Diff line number	Diff line
		# Generated with generate_ssl_tests.pl

		num_tests = 15
		num_tests = 17

		test-0 = 0-ECDSA CipherString Selection
		test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
		test-2 = 2-RSA CipherString Selection
		test-3 = 3-ECDSA CipherString Selection, no ECDSA certificate
		test-4 = 4-ECDSA Signature Algorithm Selection
		test-5 = 5-ECDSA Signature Algorithm Selection SHA384
		test-6 = 6-ECDSA Signature Algorithm Selection SHA1
		test-7 = 7-ECDSA Signature Algorithm Selection compressed point
		test-8 = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate
		test-9 = 9-RSA Signature Algorithm Selection
		test-10 = 10-RSA-PSS Signature Algorithm Selection
		test-11 = 11-Suite B P-256 Hash Algorithm Selection
		test-12 = 12-Suite B P-384 Hash Algorithm Selection
		test-13 = 13-TLS 1.2 Ed25519 Client Auth
		test-14 = 14-TLS 1.2 DSA Certificate Test
		test-3 = 3-P-256 CipherString and Signature Algorithm Selection
		test-4 = 4-Ed25519 CipherString and Curves Selection
		test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
		test-6 = 6-ECDSA Signature Algorithm Selection
		test-7 = 7-ECDSA Signature Algorithm Selection SHA384
		test-8 = 8-ECDSA Signature Algorithm Selection SHA1
		test-9 = 9-ECDSA Signature Algorithm Selection compressed point
		test-10 = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate
		test-11 = 11-RSA Signature Algorithm Selection
		test-12 = 12-RSA-PSS Signature Algorithm Selection
		test-13 = 13-Suite B P-256 Hash Algorithm Selection
		test-14 = 14-Suite B P-384 Hash Algorithm Selection
		test-15 = 15-TLS 1.2 Ed25519 Client Auth
		test-16 = 16-TLS 1.2 DSA Certificate Test
		# ===========================================================

		[0-ECDSA CipherString Selection]
		@@ -117,39 +119,105 @@ ExpectedServerSignType = RSA-PSS

		# ===========================================================

		[3-ECDSA CipherString Selection, no ECDSA certificate]
		ssl_conf = 3-ECDSA CipherString Selection, no ECDSA certificate-ssl
		[3-P-256 CipherString and Signature Algorithm Selection]
		ssl_conf = 3-P-256 CipherString and Signature Algorithm Selection-ssl

		[3-ECDSA CipherString Selection, no ECDSA certificate-ssl]
		server = 3-ECDSA CipherString Selection, no ECDSA certificate-server
		client = 3-ECDSA CipherString Selection, no ECDSA certificate-client
		[3-P-256 CipherString and Signature Algorithm Selection-ssl]
		server = 3-P-256 CipherString and Signature Algorithm Selection-server
		client = 3-P-256 CipherString and Signature Algorithm Selection-client

		[3-ECDSA CipherString Selection, no ECDSA certificate-server]
		[3-P-256 CipherString and Signature Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
		EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
		EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[3-ECDSA CipherString Selection, no ECDSA certificate-client]
		[3-P-256 CipherString and Signature Algorithm Selection-client]
		CipherString = aECDSA
		MaxProtocol = TLSv1.2
		SignatureAlgorithms = ECDSA+SHA256:ed25519
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-3]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA256
		ExpectedServerSignType = EC


		# ===========================================================

		[4-Ed25519 CipherString and Curves Selection]
		ssl_conf = 4-Ed25519 CipherString and Curves Selection-ssl

		[4-Ed25519 CipherString and Curves Selection-ssl]
		server = 4-Ed25519 CipherString and Curves Selection-server
		client = 4-Ed25519 CipherString and Curves Selection-client

		[4-Ed25519 CipherString and Curves Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
		EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
		EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[4-Ed25519 CipherString and Curves Selection-client]
		CipherString = aECDSA
		Curves = X25519
		MaxProtocol = TLSv1.2
		SignatureAlgorithms = ECDSA+SHA256:ed25519
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-4]
		ExpectedResult = Success
		ExpectedServerCertType = Ed25519
		ExpectedServerSignType = Ed25519


		# ===========================================================

		[5-ECDSA CipherString Selection, no ECDSA certificate]
		ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl

		[5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
		server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
		client = 5-ECDSA CipherString Selection, no ECDSA certificate-client

		[5-ECDSA CipherString Selection, no ECDSA certificate-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[5-ECDSA CipherString Selection, no ECDSA certificate-client]
		CipherString = aECDSA
		MaxProtocol = TLSv1.2
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-5]
		ExpectedResult = ServerFail


		# ===========================================================

		[4-ECDSA Signature Algorithm Selection]
		ssl_conf = 4-ECDSA Signature Algorithm Selection-ssl
		[6-ECDSA Signature Algorithm Selection]
		ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl

		[4-ECDSA Signature Algorithm Selection-ssl]
		server = 4-ECDSA Signature Algorithm Selection-server
		client = 4-ECDSA Signature Algorithm Selection-client
		[6-ECDSA Signature Algorithm Selection-ssl]
		server = 6-ECDSA Signature Algorithm Selection-server
		client = 6-ECDSA Signature Algorithm Selection-client

		[4-ECDSA Signature Algorithm Selection-server]
		[6-ECDSA Signature Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		@@ -159,13 +227,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[4-ECDSA Signature Algorithm Selection-client]
		[6-ECDSA Signature Algorithm Selection-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-4]
		[test-6]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA256
		@@ -174,14 +242,14 @@ ExpectedServerSignType = EC

		# ===========================================================

		[5-ECDSA Signature Algorithm Selection SHA384]
		ssl_conf = 5-ECDSA Signature Algorithm Selection SHA384-ssl
		[7-ECDSA Signature Algorithm Selection SHA384]
		ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl

		[5-ECDSA Signature Algorithm Selection SHA384-ssl]
		server = 5-ECDSA Signature Algorithm Selection SHA384-server
		client = 5-ECDSA Signature Algorithm Selection SHA384-client
		[7-ECDSA Signature Algorithm Selection SHA384-ssl]
		server = 7-ECDSA Signature Algorithm Selection SHA384-server
		client = 7-ECDSA Signature Algorithm Selection SHA384-client

		[5-ECDSA Signature Algorithm Selection SHA384-server]
		[7-ECDSA Signature Algorithm Selection SHA384-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		@@ -191,13 +259,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[5-ECDSA Signature Algorithm Selection SHA384-client]
		[7-ECDSA Signature Algorithm Selection SHA384-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA384
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-5]
		[test-7]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA384
		@@ -206,14 +274,14 @@ ExpectedServerSignType = EC

		# ===========================================================

		[6-ECDSA Signature Algorithm Selection SHA1]
		ssl_conf = 6-ECDSA Signature Algorithm Selection SHA1-ssl
		[8-ECDSA Signature Algorithm Selection SHA1]
		ssl_conf = 8-ECDSA Signature Algorithm Selection SHA1-ssl

		[6-ECDSA Signature Algorithm Selection SHA1-ssl]
		server = 6-ECDSA Signature Algorithm Selection SHA1-server
		client = 6-ECDSA Signature Algorithm Selection SHA1-client
		[8-ECDSA Signature Algorithm Selection SHA1-ssl]
		server = 8-ECDSA Signature Algorithm Selection SHA1-server
		client = 8-ECDSA Signature Algorithm Selection SHA1-client

		[6-ECDSA Signature Algorithm Selection SHA1-server]
		[8-ECDSA Signature Algorithm Selection SHA1-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		@@ -223,13 +291,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[6-ECDSA Signature Algorithm Selection SHA1-client]
		[8-ECDSA Signature Algorithm Selection SHA1-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA1
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-6]
		[test-8]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA1
		@@ -238,14 +306,14 @@ ExpectedServerSignType = EC

		# ===========================================================

		[7-ECDSA Signature Algorithm Selection compressed point]
		ssl_conf = 7-ECDSA Signature Algorithm Selection compressed point-ssl
		[9-ECDSA Signature Algorithm Selection compressed point]
		ssl_conf = 9-ECDSA Signature Algorithm Selection compressed point-ssl

		[7-ECDSA Signature Algorithm Selection compressed point-ssl]
		server = 7-ECDSA Signature Algorithm Selection compressed point-server
		client = 7-ECDSA Signature Algorithm Selection compressed point-client
		[9-ECDSA Signature Algorithm Selection compressed point-ssl]
		server = 9-ECDSA Signature Algorithm Selection compressed point-server
		client = 9-ECDSA Signature Algorithm Selection compressed point-client

		[7-ECDSA Signature Algorithm Selection compressed point-server]
		[9-ECDSA Signature Algorithm Selection compressed point-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
		@@ -253,13 +321,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[7-ECDSA Signature Algorithm Selection compressed point-client]
		[9-ECDSA Signature Algorithm Selection compressed point-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-7]
		[test-9]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA256
		@@ -268,39 +336,39 @@ ExpectedServerSignType = EC

		# ===========================================================

		[8-ECDSA Signature Algorithm Selection, no ECDSA certificate]
		ssl_conf = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
		[10-ECDSA Signature Algorithm Selection, no ECDSA certificate]
		ssl_conf = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl

		[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
		server = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
		client = 8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
		[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
		server = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
		client = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client

		[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
		[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[8-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
		[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-8]
		[test-10]
		ExpectedResult = ServerFail


		# ===========================================================

		[9-RSA Signature Algorithm Selection]
		ssl_conf = 9-RSA Signature Algorithm Selection-ssl
		[11-RSA Signature Algorithm Selection]
		ssl_conf = 11-RSA Signature Algorithm Selection-ssl

		[9-RSA Signature Algorithm Selection-ssl]
		server = 9-RSA Signature Algorithm Selection-server
		client = 9-RSA Signature Algorithm Selection-client
		[11-RSA Signature Algorithm Selection-ssl]
		server = 11-RSA Signature Algorithm Selection-server
		client = 11-RSA Signature Algorithm Selection-client

		[9-RSA Signature Algorithm Selection-server]
		[11-RSA Signature Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		@@ -310,13 +378,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[9-RSA Signature Algorithm Selection-client]
		[11-RSA Signature Algorithm Selection-client]
		CipherString = DEFAULT
		SignatureAlgorithms = RSA+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-9]
		[test-11]
		ExpectedResult = Success
		ExpectedServerCertType = RSA
		ExpectedServerSignHash = SHA256
		@@ -325,14 +393,14 @@ ExpectedServerSignType = RSA

		# ===========================================================

		[10-RSA-PSS Signature Algorithm Selection]
		ssl_conf = 10-RSA-PSS Signature Algorithm Selection-ssl
		[12-RSA-PSS Signature Algorithm Selection]
		ssl_conf = 12-RSA-PSS Signature Algorithm Selection-ssl

		[10-RSA-PSS Signature Algorithm Selection-ssl]
		server = 10-RSA-PSS Signature Algorithm Selection-server
		client = 10-RSA-PSS Signature Algorithm Selection-client
		[12-RSA-PSS Signature Algorithm Selection-ssl]
		server = 12-RSA-PSS Signature Algorithm Selection-server
		client = 12-RSA-PSS Signature Algorithm Selection-client

		[10-RSA-PSS Signature Algorithm Selection-server]
		[12-RSA-PSS Signature Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
		@@ -342,13 +410,13 @@ EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[10-RSA-PSS Signature Algorithm Selection-client]
		[12-RSA-PSS Signature Algorithm Selection-client]
		CipherString = DEFAULT
		SignatureAlgorithms = RSA-PSS+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-10]
		[test-12]
		ExpectedResult = Success
		ExpectedServerCertType = RSA
		ExpectedServerSignHash = SHA256
		@@ -357,14 +425,14 @@ ExpectedServerSignType = RSA-PSS

		# ===========================================================

		[11-Suite B P-256 Hash Algorithm Selection]
		ssl_conf = 11-Suite B P-256 Hash Algorithm Selection-ssl
		[13-Suite B P-256 Hash Algorithm Selection]
		ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl

		[11-Suite B P-256 Hash Algorithm Selection-ssl]
		server = 11-Suite B P-256 Hash Algorithm Selection-server
		client = 11-Suite B P-256 Hash Algorithm Selection-client
		[13-Suite B P-256 Hash Algorithm Selection-ssl]
		server = 13-Suite B P-256 Hash Algorithm Selection-server
		client = 13-Suite B P-256 Hash Algorithm Selection-client

		[11-Suite B P-256 Hash Algorithm Selection-server]
		[13-Suite B P-256 Hash Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = SUITEB128
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
		@@ -372,13 +440,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[11-Suite B P-256 Hash Algorithm Selection-client]
		[13-Suite B P-256 Hash Algorithm Selection-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
		VerifyMode = Peer

		[test-11]
		[test-13]
		ExpectedResult = Success
		ExpectedServerCertType = P-256
		ExpectedServerSignHash = SHA256
		@@ -387,14 +455,14 @@ ExpectedServerSignType = EC

		# ===========================================================

		[12-Suite B P-384 Hash Algorithm Selection]
		ssl_conf = 12-Suite B P-384 Hash Algorithm Selection-ssl
		[14-Suite B P-384 Hash Algorithm Selection]
		ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl

		[12-Suite B P-384 Hash Algorithm Selection-ssl]
		server = 12-Suite B P-384 Hash Algorithm Selection-server
		client = 12-Suite B P-384 Hash Algorithm Selection-client
		[14-Suite B P-384 Hash Algorithm Selection-ssl]
		server = 14-Suite B P-384 Hash Algorithm Selection-server
		client = 14-Suite B P-384 Hash Algorithm Selection-client

		[12-Suite B P-384 Hash Algorithm Selection-server]
		[14-Suite B P-384 Hash Algorithm Selection-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = SUITEB128
		ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
		@@ -402,13 +470,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
		MaxProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[12-Suite B P-384 Hash Algorithm Selection-client]
		[14-Suite B P-384 Hash Algorithm Selection-client]
		CipherString = DEFAULT
		SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
		VerifyMode = Peer

		[test-12]
		[test-14]
		ExpectedResult = Success
		ExpectedServerCertType = P-384
		ExpectedServerSignHash = SHA384
		@@ -417,21 +485,21 @@ ExpectedServerSignType = EC

		# ===========================================================

		[13-TLS 1.2 Ed25519 Client Auth]
		ssl_conf = 13-TLS 1.2 Ed25519 Client Auth-ssl
		[15-TLS 1.2 Ed25519 Client Auth]
		ssl_conf = 15-TLS 1.2 Ed25519 Client Auth-ssl

		[13-TLS 1.2 Ed25519 Client Auth-ssl]
		server = 13-TLS 1.2 Ed25519 Client Auth-server
		client = 13-TLS 1.2 Ed25519 Client Auth-client
		[15-TLS 1.2 Ed25519 Client Auth-ssl]
		server = 15-TLS 1.2 Ed25519 Client Auth-server
		client = 15-TLS 1.2 Ed25519 Client Auth-client

		[13-TLS 1.2 Ed25519 Client Auth-server]
		[15-TLS 1.2 Ed25519 Client Auth-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
		VerifyMode = Require

		[13-TLS 1.2 Ed25519 Client Auth-client]
		[15-TLS 1.2 Ed25519 Client Auth-client]
		CipherString = DEFAULT
		EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
		EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
		@@ -440,7 +508,7 @@ MinProtocol = TLSv1.2
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-13]
		[test-15]
		ExpectedClientCertType = Ed25519
		ExpectedClientSignType = Ed25519
		ExpectedResult = Success
		@@ -448,14 +516,14 @@ ExpectedResult = Success

		# ===========================================================

		[14-TLS 1.2 DSA Certificate Test]
		ssl_conf = 14-TLS 1.2 DSA Certificate Test-ssl
		[16-TLS 1.2 DSA Certificate Test]
		ssl_conf = 16-TLS 1.2 DSA Certificate Test-ssl

		[14-TLS 1.2 DSA Certificate Test-ssl]
		server = 14-TLS 1.2 DSA Certificate Test-server
		client = 14-TLS 1.2 DSA Certificate Test-client
		[16-TLS 1.2 DSA Certificate Test-ssl]
		server = 16-TLS 1.2 DSA Certificate Test-server
		client = 16-TLS 1.2 DSA Certificate Test-client

		[14-TLS 1.2 DSA Certificate Test-server]
		[16-TLS 1.2 DSA Certificate Test-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = ALL
		DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
		@@ -465,13 +533,13 @@ MaxProtocol = TLSv1.2
		MinProtocol = TLSv1.2
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

		[14-TLS 1.2 DSA Certificate Test-client]
		[16-TLS 1.2 DSA Certificate Test-client]
		CipherString = ALL
		SignatureAlgorithms = DSA+SHA256:DSA+SHA1
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-14]
		[test-16]
		ExpectedResult = Success

test/ssl-tests/20-cert-select.conf.in

+48 −0

Original line number	Diff line number	Diff line
		@@ -64,6 +64,38 @@ our @tests = (
		"ExpectedResult" => "Success"
		},
		},
		{
		name => "P-256 CipherString and Signature Algorithm Selection",
		server => $server,
		client => {
		"CipherString" => "aECDSA",
		"MaxProtocol" => "TLSv1.2",
		"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
		},
		test => {
		"ExpectedServerCertType" => "P-256",
		"ExpectedServerSignHash" => "SHA256",
		"ExpectedServerSignType" => "EC",
		"ExpectedResult" => "Success"
		},
		},
		{
		name => "Ed25519 CipherString and Curves Selection",
		server => $server,
		client => {
		"CipherString" => "aECDSA",
		"MaxProtocol" => "TLSv1.2",
		"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
		# Excluding P-256 from the supported curves list means server
		# certificate should be Ed25519 and not P-256
		"Curves" => "X25519"
		},
		test => {
		"ExpectedServerCertType" =>, "Ed25519",
		"ExpectedServerSignType" =>, "Ed25519",
		"ExpectedResult" => "Success"
		},
		},
		{
		name => "ECDSA CipherString Selection, no ECDSA certificate",
		server => {
		@@ -364,6 +396,22 @@ my @tests_tls_1_3 = (
		"ExpectedResult" => "Success"
		},
		},
		{
		name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
		server => $server_tls_1_3,
		client => {
		"SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
		# Excluding P-256 from the supported groups list should
		# mean server still uses a P-256 certificate because supported
		# groups is not used in signature selection for TLS 1.3
		"Groups" => "X25519"
		},
		test => {
		"ExpectedServerCertType" =>, "P-256",
		"ExpectedServerSignType" =>, "EC",
		"ExpectedResult" => "Success"
		},
		},
		{
		name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
		server => {