Commit 89d0853a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add server signature algorithm bug test. 



Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2297)
parent 3f60b8fb

test/ssl-tests/01-simple.conf

+35 −9
Original line number Diff line number Diff line 
# Generated with generate_ssl_tests.pl



num_tests = 2

num_tests = 3



test-0 = 0-default

test-1 = 1-verify-cert

test-1 = 1-Server signature algorithms bug

test-2 = 2-verify-cert

# ===========================================================



[0-default]
@@ -29,23 +30,48 @@ ExpectedResult = Success 


# ===========================================================



[1-verify-cert]

ssl_conf = 1-verify-cert-ssl

[1-Server signature algorithms bug]

ssl_conf = 1-Server signature algorithms bug-ssl



[1-verify-cert-ssl]

server = 1-verify-cert-server

client = 1-verify-cert-client

[1-Server signature algorithms bug-ssl]

server = 1-Server signature algorithms bug-server

client = 1-Server signature algorithms bug-client



[1-verify-cert-server]

[1-Server signature algorithms bug-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ClientSignatureAlgorithms = ECDSA+SHA256

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[1-verify-cert-client]

[1-Server signature algorithms bug-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-1]

ExpectedResult = Success





# ===========================================================



[2-verify-cert]

ssl_conf = 2-verify-cert-ssl



[2-verify-cert-ssl]

server = 2-verify-cert-server

client = 2-verify-cert-client



[2-verify-cert-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[2-verify-cert-client]

CipherString = DEFAULT

VerifyMode = Peer



[test-2]

ExpectedClientAlert = UnknownCA

ExpectedResult = ClientFail

test/ssl-tests/01-simple.conf.in

+8 −0
Original line number Diff line number Diff line
@@ -19,6 +19,14 @@ our @tests = ( 
        test   => { "ExpectedResult" => "Success" },

    },



    {

        name => "Server signature algorithms bug",

        # Should have no effect as we aren't doing client auth

        server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },

        client => { "SignatureAlgorithms" => "RSA+SHA256" },

        test   => { "ExpectedResult" => "Success" },

    },



    {

        name => "verify-cert",

        server => { },