Commit 86de658a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add client auth TLS 1.3 certificate selection tests 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2643)
parent b4cb7eb7

test/ssl-tests/20-cert-select.conf.in

+46 −5
Original line number Diff line number Diff line
@@ -11,9 +11,11 @@ use OpenSSL::Test::Utils; 


my $dir_sep = $^O ne "VMS" ? "/" : "";



my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";



my $server = {

    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",

    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",

    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",

    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",

    "MaxProtocol" => "TLSv1.2"

};
@@ -122,8 +124,17 @@ our @tests = ( 




my $server_tls_1_3 = {

    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",

    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",

    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",

    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",

    "MinProtocol" => "TLSv1.3",

    "MaxProtocol" => "TLSv1.3"

};



my $client_tls_1_3 = {

    "RSA.Certificate" => "${cert_dir}ee-client-chain.pem",

    "RSA.PrivateKey" => "${cert_dir}ee-key.pem",

    "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",

    "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",

    "MinProtocol" => "TLSv1.3",

    "MaxProtocol" => "TLSv1.3"

};
@@ -203,7 +214,37 @@ my @tests_tls_1_3 = ( 
            "ExpectedServerSignType" => "RSA-PSS",

            "ExpectedResult" => "Success"

        },

    }

    },

    {

        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",

        server => {

            "ClientSignatureAlgorithms" => "PSS+SHA256",

            "VerifyCAFile" => "${cert_dir}root-cert.pem",

            "VerifyMode" => "Require"

        },

        client => $client_tls_1_3,

        test   => {

            "ExpectedClientCertType" => "RSA",

            "ExpectedClientSignHash" => "SHA256",

            "ExpectedClientSignType" => "RSA-PSS",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",

        server => {

            "ClientSignatureAlgorithms" => "ECDSA+SHA256",

            "VerifyCAFile" => "${cert_dir}root-cert.pem",

            "VerifyMode" => "Require"

        },

        client => $client_tls_1_3,

        test   => {

            "ExpectedClientCertType" => "P-256",

            "ExpectedClientSignHash" => "SHA256",

            "ExpectedClientSignType" => "EC",

            "ExpectedResult" => "Success"

        },

    },

);



push @tests, @tests_tls_1_3 unless disabled("tls1_3");