04-client_auth.cnf@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 5 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 36.1 KB

行
1	# Generated with generate_ssl_tests.pl
2
3	num_tests = 40
4
5	test-0 = 0-server-auth-flex
6	test-1 = 1-client-auth-flex-request
7	test-2 = 2-client-auth-flex-require-fail
8	test-3 = 3-client-auth-flex-require
9	test-4 = 4-client-auth-flex-rsa-pss
10	test-5 = 5-client-auth-flex-rsa-pss-bad
11	test-6 = 6-client-auth-flex-require-non-empty-names
12	test-7 = 7-client-auth-flex-noroot
13	test-8 = 8-server-auth-TLSv1
14	test-9 = 9-client-auth-TLSv1-request
15	test-10 = 10-client-auth-TLSv1-require-fail
16	test-11 = 11-client-auth-TLSv1-require
17	test-12 = 12-client-auth-TLSv1-require-non-empty-names
18	test-13 = 13-client-auth-TLSv1-noroot
19	test-14 = 14-server-auth-TLSv1.1
20	test-15 = 15-client-auth-TLSv1.1-request
21	test-16 = 16-client-auth-TLSv1.1-require-fail
22	test-17 = 17-client-auth-TLSv1.1-require
23	test-18 = 18-client-auth-TLSv1.1-require-non-empty-names
24	test-19 = 19-client-auth-TLSv1.1-noroot
25	test-20 = 20-server-auth-TLSv1.2
26	test-21 = 21-client-auth-TLSv1.2-request
27	test-22 = 22-client-auth-TLSv1.2-require-fail
28	test-23 = 23-client-auth-TLSv1.2-require
29	test-24 = 24-client-auth-TLSv1.2-rsa-pss
30	test-25 = 25-client-auth-TLSv1.2-rsa-pss-bad
31	test-26 = 26-client-auth-TLSv1.2-require-non-empty-names
32	test-27 = 27-client-auth-TLSv1.2-noroot
33	test-28 = 28-server-auth-DTLSv1
34	test-29 = 29-client-auth-DTLSv1-request
35	test-30 = 30-client-auth-DTLSv1-require-fail
36	test-31 = 31-client-auth-DTLSv1-require
37	test-32 = 32-client-auth-DTLSv1-require-non-empty-names
38	test-33 = 33-client-auth-DTLSv1-noroot
39	test-34 = 34-server-auth-DTLSv1.2
40	test-35 = 35-client-auth-DTLSv1.2-request
41	test-36 = 36-client-auth-DTLSv1.2-require-fail
42	test-37 = 37-client-auth-DTLSv1.2-require
43	test-38 = 38-client-auth-DTLSv1.2-require-non-empty-names
44	test-39 = 39-client-auth-DTLSv1.2-noroot
45	# ===========================================================
46
47	[0-server-auth-flex]
48	ssl_conf = 0-server-auth-flex-ssl
49
50	[0-server-auth-flex-ssl]
51	server = 0-server-auth-flex-server
52	client = 0-server-auth-flex-client
53
54	[0-server-auth-flex-server]
55	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
56	CipherString = DEFAULT:@SECLEVEL=0
57	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
58
59	[0-server-auth-flex-client]
60	CipherString = DEFAULT:@SECLEVEL=0
61	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
62	VerifyMode = Peer
63
64	[test-0]
65	ExpectedResult = Success
66
67
68	# ===========================================================
69
70	[1-client-auth-flex-request]
71	ssl_conf = 1-client-auth-flex-request-ssl
72
73	[1-client-auth-flex-request-ssl]
74	server = 1-client-auth-flex-request-server
75	client = 1-client-auth-flex-request-client
76
77	[1-client-auth-flex-request-server]
78	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
79	CipherString = DEFAULT:@SECLEVEL=0
80	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
81	VerifyMode = Request
82
83	[1-client-auth-flex-request-client]
84	CipherString = DEFAULT:@SECLEVEL=0
85	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
86	VerifyMode = Peer
87
88	[test-1]
89	ExpectedResult = Success
90
91
92	# ===========================================================
93
94	[2-client-auth-flex-require-fail]
95	ssl_conf = 2-client-auth-flex-require-fail-ssl
96
97	[2-client-auth-flex-require-fail-ssl]
98	server = 2-client-auth-flex-require-fail-server
99	client = 2-client-auth-flex-require-fail-client
100
101	[2-client-auth-flex-require-fail-server]
102	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
103	CipherString = DEFAULT:@SECLEVEL=0
104	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
105	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
106	VerifyMode = Require
107
108	[2-client-auth-flex-require-fail-client]
109	CipherString = DEFAULT:@SECLEVEL=0
110	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
111	VerifyMode = Peer
112
113	[test-2]
114	ExpectedResult = ServerFail
115	ExpectedServerAlert = CertificateRequired
116
117
118	# ===========================================================
119
120	[3-client-auth-flex-require]
121	ssl_conf = 3-client-auth-flex-require-ssl
122
123	[3-client-auth-flex-require-ssl]
124	server = 3-client-auth-flex-require-server
125	client = 3-client-auth-flex-require-client
126
127	[3-client-auth-flex-require-server]
128	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
129	CipherString = DEFAULT:@SECLEVEL=0
130	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
131	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
132	VerifyMode = Request
133
134	[3-client-auth-flex-require-client]
135	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
136	CipherString = DEFAULT:@SECLEVEL=0
137	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
138	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
139	VerifyMode = Peer
140
141	[test-3]
142	ExpectedClientCANames = empty
143	ExpectedClientCertType = RSA
144	ExpectedResult = Success
145
146
147	# ===========================================================
148
149	[4-client-auth-flex-rsa-pss]
150	ssl_conf = 4-client-auth-flex-rsa-pss-ssl
151
152	[4-client-auth-flex-rsa-pss-ssl]
153	server = 4-client-auth-flex-rsa-pss-server
154	client = 4-client-auth-flex-rsa-pss-client
155
156	[4-client-auth-flex-rsa-pss-server]
157	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
158	CipherString = DEFAULT:@SECLEVEL=0
159	ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
160	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
161	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
162	VerifyMode = Require
163
164	[4-client-auth-flex-rsa-pss-client]
165	Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
166	CipherString = DEFAULT:@SECLEVEL=0
167	Options = StrictCertCheck
168	PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
169	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
170	VerifyMode = Peer
171
172	[test-4]
173	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
174	ExpectedClientCertType = RSA-PSS
175	ExpectedResult = Success
176
177
178	# ===========================================================
179
180	[5-client-auth-flex-rsa-pss-bad]
181	ssl_conf = 5-client-auth-flex-rsa-pss-bad-ssl
182
183	[5-client-auth-flex-rsa-pss-bad-ssl]
184	server = 5-client-auth-flex-rsa-pss-bad-server
185	client = 5-client-auth-flex-rsa-pss-bad-client
186
187	[5-client-auth-flex-rsa-pss-bad-server]
188	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
189	CipherString = DEFAULT:@SECLEVEL=0
190	ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
191	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
193	VerifyMode = Require
194
195	[5-client-auth-flex-rsa-pss-bad-client]
196	Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
197	CipherString = DEFAULT:@SECLEVEL=0
198	Options = StrictCertCheck
199	PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
200	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201	VerifyMode = Peer
202
203	[test-5]
204	ExpectedResult = ServerFail
205	ExpectedServerAlert = CertificateRequired
206
207
208	# ===========================================================
209
210	[6-client-auth-flex-require-non-empty-names]
211	ssl_conf = 6-client-auth-flex-require-non-empty-names-ssl
212
213	[6-client-auth-flex-require-non-empty-names-ssl]
214	server = 6-client-auth-flex-require-non-empty-names-server
215	client = 6-client-auth-flex-require-non-empty-names-client
216
217	[6-client-auth-flex-require-non-empty-names-server]
218	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219	CipherString = DEFAULT:@SECLEVEL=0
220	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
221	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
222	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
223	VerifyMode = Request
224
225	[6-client-auth-flex-require-non-empty-names-client]
226	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
227	CipherString = DEFAULT:@SECLEVEL=0
228	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
229	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230	VerifyMode = Peer
231
232	[test-6]
233	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
234	ExpectedClientCertType = RSA
235	ExpectedResult = Success
236
237
238	# ===========================================================
239
240	[7-client-auth-flex-noroot]
241	ssl_conf = 7-client-auth-flex-noroot-ssl
242
243	[7-client-auth-flex-noroot-ssl]
244	server = 7-client-auth-flex-noroot-server
245	client = 7-client-auth-flex-noroot-client
246
247	[7-client-auth-flex-noroot-server]
248	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
249	CipherString = DEFAULT:@SECLEVEL=0
250	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
251	VerifyMode = Require
252
253	[7-client-auth-flex-noroot-client]
254	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
255	CipherString = DEFAULT:@SECLEVEL=0
256	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
257	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
258	VerifyMode = Peer
259
260	[test-7]
261	ExpectedResult = ServerFail
262	ExpectedServerAlert = UnknownCA
263
264
265	# ===========================================================
266
267	[8-server-auth-TLSv1]
268	ssl_conf = 8-server-auth-TLSv1-ssl
269
270	[8-server-auth-TLSv1-ssl]
271	server = 8-server-auth-TLSv1-server
272	client = 8-server-auth-TLSv1-client
273
274	[8-server-auth-TLSv1-server]
275	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
276	CipherString = DEFAULT:@SECLEVEL=0
277	MaxProtocol = TLSv1
278	MinProtocol = TLSv1
279	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
280
281	[8-server-auth-TLSv1-client]
282	CipherString = DEFAULT:@SECLEVEL=0
283	MaxProtocol = TLSv1
284	MinProtocol = TLSv1
285	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
286	VerifyMode = Peer
287
288	[test-8]
289	ExpectedResult = Success
290
291
292	# ===========================================================
293
294	[9-client-auth-TLSv1-request]
295	ssl_conf = 9-client-auth-TLSv1-request-ssl
296
297	[9-client-auth-TLSv1-request-ssl]
298	server = 9-client-auth-TLSv1-request-server
299	client = 9-client-auth-TLSv1-request-client
300
301	[9-client-auth-TLSv1-request-server]
302	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
303	CipherString = DEFAULT:@SECLEVEL=0
304	MaxProtocol = TLSv1
305	MinProtocol = TLSv1
306	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
307	VerifyMode = Request
308
309	[9-client-auth-TLSv1-request-client]
310	CipherString = DEFAULT:@SECLEVEL=0
311	MaxProtocol = TLSv1
312	MinProtocol = TLSv1
313	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
314	VerifyMode = Peer
315
316	[test-9]
317	ExpectedResult = Success
318
319
320	# ===========================================================
321
322	[10-client-auth-TLSv1-require-fail]
323	ssl_conf = 10-client-auth-TLSv1-require-fail-ssl
324
325	[10-client-auth-TLSv1-require-fail-ssl]
326	server = 10-client-auth-TLSv1-require-fail-server
327	client = 10-client-auth-TLSv1-require-fail-client
328
329	[10-client-auth-TLSv1-require-fail-server]
330	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
331	CipherString = DEFAULT:@SECLEVEL=0
332	MaxProtocol = TLSv1
333	MinProtocol = TLSv1
334	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
335	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
336	VerifyMode = Require
337
338	[10-client-auth-TLSv1-require-fail-client]
339	CipherString = DEFAULT:@SECLEVEL=0
340	MaxProtocol = TLSv1
341	MinProtocol = TLSv1
342	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
343	VerifyMode = Peer
344
345	[test-10]
346	ExpectedResult = ServerFail
347	ExpectedServerAlert = HandshakeFailure
348
349
350	# ===========================================================
351
352	[11-client-auth-TLSv1-require]
353	ssl_conf = 11-client-auth-TLSv1-require-ssl
354
355	[11-client-auth-TLSv1-require-ssl]
356	server = 11-client-auth-TLSv1-require-server
357	client = 11-client-auth-TLSv1-require-client
358
359	[11-client-auth-TLSv1-require-server]
360	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361	CipherString = DEFAULT:@SECLEVEL=0
362	MaxProtocol = TLSv1
363	MinProtocol = TLSv1
364	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
366	VerifyMode = Request
367
368	[11-client-auth-TLSv1-require-client]
369	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
370	CipherString = DEFAULT:@SECLEVEL=0
371	MaxProtocol = TLSv1
372	MinProtocol = TLSv1
373	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
374	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
375	VerifyMode = Peer
376
377	[test-11]
378	ExpectedClientCANames = empty
379	ExpectedClientCertType = RSA
380	ExpectedResult = Success
381
382
383	# ===========================================================
384
385	[12-client-auth-TLSv1-require-non-empty-names]
386	ssl_conf = 12-client-auth-TLSv1-require-non-empty-names-ssl
387
388	[12-client-auth-TLSv1-require-non-empty-names-ssl]
389	server = 12-client-auth-TLSv1-require-non-empty-names-server
390	client = 12-client-auth-TLSv1-require-non-empty-names-client
391
392	[12-client-auth-TLSv1-require-non-empty-names-server]
393	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394	CipherString = DEFAULT:@SECLEVEL=0
395	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
396	MaxProtocol = TLSv1
397	MinProtocol = TLSv1
398	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
399	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
400	VerifyMode = Request
401
402	[12-client-auth-TLSv1-require-non-empty-names-client]
403	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
404	CipherString = DEFAULT:@SECLEVEL=0
405	MaxProtocol = TLSv1
406	MinProtocol = TLSv1
407	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
408	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
409	VerifyMode = Peer
410
411	[test-12]
412	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
413	ExpectedClientCertType = RSA
414	ExpectedResult = Success
415
416
417	# ===========================================================
418
419	[13-client-auth-TLSv1-noroot]
420	ssl_conf = 13-client-auth-TLSv1-noroot-ssl
421
422	[13-client-auth-TLSv1-noroot-ssl]
423	server = 13-client-auth-TLSv1-noroot-server
424	client = 13-client-auth-TLSv1-noroot-client
425
426	[13-client-auth-TLSv1-noroot-server]
427	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
428	CipherString = DEFAULT:@SECLEVEL=0
429	MaxProtocol = TLSv1
430	MinProtocol = TLSv1
431	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
432	VerifyMode = Require
433
434	[13-client-auth-TLSv1-noroot-client]
435	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
436	CipherString = DEFAULT:@SECLEVEL=0
437	MaxProtocol = TLSv1
438	MinProtocol = TLSv1
439	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
440	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
441	VerifyMode = Peer
442
443	[test-13]
444	ExpectedResult = ServerFail
445	ExpectedServerAlert = UnknownCA
446
447
448	# ===========================================================
449
450	[14-server-auth-TLSv1.1]
451	ssl_conf = 14-server-auth-TLSv1.1-ssl
452
453	[14-server-auth-TLSv1.1-ssl]
454	server = 14-server-auth-TLSv1.1-server
455	client = 14-server-auth-TLSv1.1-client
456
457	[14-server-auth-TLSv1.1-server]
458	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
459	CipherString = DEFAULT:@SECLEVEL=0
460	MaxProtocol = TLSv1.1
461	MinProtocol = TLSv1.1
462	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
463
464	[14-server-auth-TLSv1.1-client]
465	CipherString = DEFAULT:@SECLEVEL=0
466	MaxProtocol = TLSv1.1
467	MinProtocol = TLSv1.1
468	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
469	VerifyMode = Peer
470
471	[test-14]
472	ExpectedResult = Success
473
474
475	# ===========================================================
476
477	[15-client-auth-TLSv1.1-request]
478	ssl_conf = 15-client-auth-TLSv1.1-request-ssl
479
480	[15-client-auth-TLSv1.1-request-ssl]
481	server = 15-client-auth-TLSv1.1-request-server
482	client = 15-client-auth-TLSv1.1-request-client
483
484	[15-client-auth-TLSv1.1-request-server]
485	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
486	CipherString = DEFAULT:@SECLEVEL=0
487	MaxProtocol = TLSv1.1
488	MinProtocol = TLSv1.1
489	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
490	VerifyMode = Request
491
492	[15-client-auth-TLSv1.1-request-client]
493	CipherString = DEFAULT:@SECLEVEL=0
494	MaxProtocol = TLSv1.1
495	MinProtocol = TLSv1.1
496	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
497	VerifyMode = Peer
498
499	[test-15]
500	ExpectedResult = Success
501
502
503	# ===========================================================
504
505	[16-client-auth-TLSv1.1-require-fail]
506	ssl_conf = 16-client-auth-TLSv1.1-require-fail-ssl
507
508	[16-client-auth-TLSv1.1-require-fail-ssl]
509	server = 16-client-auth-TLSv1.1-require-fail-server
510	client = 16-client-auth-TLSv1.1-require-fail-client
511
512	[16-client-auth-TLSv1.1-require-fail-server]
513	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
514	CipherString = DEFAULT:@SECLEVEL=0
515	MaxProtocol = TLSv1.1
516	MinProtocol = TLSv1.1
517	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
518	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
519	VerifyMode = Require
520
521	[16-client-auth-TLSv1.1-require-fail-client]
522	CipherString = DEFAULT:@SECLEVEL=0
523	MaxProtocol = TLSv1.1
524	MinProtocol = TLSv1.1
525	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
526	VerifyMode = Peer
527
528	[test-16]
529	ExpectedResult = ServerFail
530	ExpectedServerAlert = HandshakeFailure
531
532
533	# ===========================================================
534
535	[17-client-auth-TLSv1.1-require]
536	ssl_conf = 17-client-auth-TLSv1.1-require-ssl
537
538	[17-client-auth-TLSv1.1-require-ssl]
539	server = 17-client-auth-TLSv1.1-require-server
540	client = 17-client-auth-TLSv1.1-require-client
541
542	[17-client-auth-TLSv1.1-require-server]
543	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
544	CipherString = DEFAULT:@SECLEVEL=0
545	MaxProtocol = TLSv1.1
546	MinProtocol = TLSv1.1
547	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
548	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
549	VerifyMode = Request
550
551	[17-client-auth-TLSv1.1-require-client]
552	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
553	CipherString = DEFAULT:@SECLEVEL=0
554	MaxProtocol = TLSv1.1
555	MinProtocol = TLSv1.1
556	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
557	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
558	VerifyMode = Peer
559
560	[test-17]
561	ExpectedClientCANames = empty
562	ExpectedClientCertType = RSA
563	ExpectedResult = Success
564
565
566	# ===========================================================
567
568	[18-client-auth-TLSv1.1-require-non-empty-names]
569	ssl_conf = 18-client-auth-TLSv1.1-require-non-empty-names-ssl
570
571	[18-client-auth-TLSv1.1-require-non-empty-names-ssl]
572	server = 18-client-auth-TLSv1.1-require-non-empty-names-server
573	client = 18-client-auth-TLSv1.1-require-non-empty-names-client
574
575	[18-client-auth-TLSv1.1-require-non-empty-names-server]
576	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577	CipherString = DEFAULT:@SECLEVEL=0
578	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
579	MaxProtocol = TLSv1.1
580	MinProtocol = TLSv1.1
581	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
582	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
583	VerifyMode = Request
584
585	[18-client-auth-TLSv1.1-require-non-empty-names-client]
586	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
587	CipherString = DEFAULT:@SECLEVEL=0
588	MaxProtocol = TLSv1.1
589	MinProtocol = TLSv1.1
590	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
591	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
592	VerifyMode = Peer
593
594	[test-18]
595	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
596	ExpectedClientCertType = RSA
597	ExpectedResult = Success
598
599
600	# ===========================================================
601
602	[19-client-auth-TLSv1.1-noroot]
603	ssl_conf = 19-client-auth-TLSv1.1-noroot-ssl
604
605	[19-client-auth-TLSv1.1-noroot-ssl]
606	server = 19-client-auth-TLSv1.1-noroot-server
607	client = 19-client-auth-TLSv1.1-noroot-client
608
609	[19-client-auth-TLSv1.1-noroot-server]
610	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
611	CipherString = DEFAULT:@SECLEVEL=0
612	MaxProtocol = TLSv1.1
613	MinProtocol = TLSv1.1
614	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
615	VerifyMode = Require
616
617	[19-client-auth-TLSv1.1-noroot-client]
618	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
619	CipherString = DEFAULT:@SECLEVEL=0
620	MaxProtocol = TLSv1.1
621	MinProtocol = TLSv1.1
622	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
623	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
624	VerifyMode = Peer
625
626	[test-19]
627	ExpectedResult = ServerFail
628	ExpectedServerAlert = UnknownCA
629
630
631	# ===========================================================
632
633	[20-server-auth-TLSv1.2]
634	ssl_conf = 20-server-auth-TLSv1.2-ssl
635
636	[20-server-auth-TLSv1.2-ssl]
637	server = 20-server-auth-TLSv1.2-server
638	client = 20-server-auth-TLSv1.2-client
639
640	[20-server-auth-TLSv1.2-server]
641	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
642	CipherString = DEFAULT:@SECLEVEL=0
643	MaxProtocol = TLSv1.2
644	MinProtocol = TLSv1.2
645	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
646
647	[20-server-auth-TLSv1.2-client]
648	CipherString = DEFAULT:@SECLEVEL=0
649	MaxProtocol = TLSv1.2
650	MinProtocol = TLSv1.2
651	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
652	VerifyMode = Peer
653
654	[test-20]
655	ExpectedResult = Success
656
657
658	# ===========================================================
659
660	[21-client-auth-TLSv1.2-request]
661	ssl_conf = 21-client-auth-TLSv1.2-request-ssl
662
663	[21-client-auth-TLSv1.2-request-ssl]
664	server = 21-client-auth-TLSv1.2-request-server
665	client = 21-client-auth-TLSv1.2-request-client
666
667	[21-client-auth-TLSv1.2-request-server]
668	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
669	CipherString = DEFAULT:@SECLEVEL=0
670	MaxProtocol = TLSv1.2
671	MinProtocol = TLSv1.2
672	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
673	VerifyMode = Request
674
675	[21-client-auth-TLSv1.2-request-client]
676	CipherString = DEFAULT:@SECLEVEL=0
677	MaxProtocol = TLSv1.2
678	MinProtocol = TLSv1.2
679	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
680	VerifyMode = Peer
681
682	[test-21]
683	ExpectedResult = Success
684
685
686	# ===========================================================
687
688	[22-client-auth-TLSv1.2-require-fail]
689	ssl_conf = 22-client-auth-TLSv1.2-require-fail-ssl
690
691	[22-client-auth-TLSv1.2-require-fail-ssl]
692	server = 22-client-auth-TLSv1.2-require-fail-server
693	client = 22-client-auth-TLSv1.2-require-fail-client
694
695	[22-client-auth-TLSv1.2-require-fail-server]
696	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
697	CipherString = DEFAULT:@SECLEVEL=0
698	MaxProtocol = TLSv1.2
699	MinProtocol = TLSv1.2
700	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
701	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
702	VerifyMode = Require
703
704	[22-client-auth-TLSv1.2-require-fail-client]
705	CipherString = DEFAULT:@SECLEVEL=0
706	MaxProtocol = TLSv1.2
707	MinProtocol = TLSv1.2
708	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
709	VerifyMode = Peer
710
711	[test-22]
712	ExpectedResult = ServerFail
713	ExpectedServerAlert = HandshakeFailure
714
715
716	# ===========================================================
717
718	[23-client-auth-TLSv1.2-require]
719	ssl_conf = 23-client-auth-TLSv1.2-require-ssl
720
721	[23-client-auth-TLSv1.2-require-ssl]
722	server = 23-client-auth-TLSv1.2-require-server
723	client = 23-client-auth-TLSv1.2-require-client
724
725	[23-client-auth-TLSv1.2-require-server]
726	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
727	CipherString = DEFAULT:@SECLEVEL=0
728	ClientSignatureAlgorithms = SHA256+RSA
729	MaxProtocol = TLSv1.2
730	MinProtocol = TLSv1.2
731	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
732	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
733	VerifyMode = Request
734
735	[23-client-auth-TLSv1.2-require-client]
736	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
737	CipherString = DEFAULT:@SECLEVEL=0
738	MaxProtocol = TLSv1.2
739	MinProtocol = TLSv1.2
740	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
741	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
742	VerifyMode = Peer
743
744	[test-23]
745	ExpectedClientCANames = empty
746	ExpectedClientCertType = RSA
747	ExpectedClientSignHash = SHA256
748	ExpectedClientSignType = RSA
749	ExpectedResult = Success
750
751
752	# ===========================================================
753
754	[24-client-auth-TLSv1.2-rsa-pss]
755	ssl_conf = 24-client-auth-TLSv1.2-rsa-pss-ssl
756
757	[24-client-auth-TLSv1.2-rsa-pss-ssl]
758	server = 24-client-auth-TLSv1.2-rsa-pss-server
759	client = 24-client-auth-TLSv1.2-rsa-pss-client
760
761	[24-client-auth-TLSv1.2-rsa-pss-server]
762	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
763	CipherString = DEFAULT:@SECLEVEL=0
764	ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
765	MaxProtocol = TLSv1.2
766	MinProtocol = TLSv1.2
767	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
768	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
769	VerifyMode = Require
770
771	[24-client-auth-TLSv1.2-rsa-pss-client]
772	Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
773	CipherString = DEFAULT:@SECLEVEL=0
774	MaxProtocol = TLSv1.2
775	MinProtocol = TLSv1.2
776	Options = StrictCertCheck
777	PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
778	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
779	VerifyMode = Peer
780
781	[test-24]
782	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/rootcert.pem
783	ExpectedClientCertType = RSA-PSS
784	ExpectedResult = Success
785
786
787	# ===========================================================
788
789	[25-client-auth-TLSv1.2-rsa-pss-bad]
790	ssl_conf = 25-client-auth-TLSv1.2-rsa-pss-bad-ssl
791
792	[25-client-auth-TLSv1.2-rsa-pss-bad-ssl]
793	server = 25-client-auth-TLSv1.2-rsa-pss-bad-server
794	client = 25-client-auth-TLSv1.2-rsa-pss-bad-client
795
796	[25-client-auth-TLSv1.2-rsa-pss-bad-server]
797	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
798	CipherString = DEFAULT:@SECLEVEL=0
799	ClientCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
800	MaxProtocol = TLSv1.2
801	MinProtocol = TLSv1.2
802	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
803	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootCA.pem
804	VerifyMode = Require
805
806	[25-client-auth-TLSv1.2-rsa-pss-bad-client]
807	Certificate = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-cert.pem
808	CipherString = DEFAULT:@SECLEVEL=0
809	MaxProtocol = TLSv1.2
810	MinProtocol = TLSv1.2
811	Options = StrictCertCheck
812	PrivateKey = ${ENV::TEST_CERTS_DIR}/client-pss-restrict-key.pem
813	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
814	VerifyMode = Peer
815
816	[test-25]
817	ExpectedResult = ServerFail
818	ExpectedServerAlert = HandshakeFailure
819
820
821	# ===========================================================
822
823	[26-client-auth-TLSv1.2-require-non-empty-names]
824	ssl_conf = 26-client-auth-TLSv1.2-require-non-empty-names-ssl
825
826	[26-client-auth-TLSv1.2-require-non-empty-names-ssl]
827	server = 26-client-auth-TLSv1.2-require-non-empty-names-server
828	client = 26-client-auth-TLSv1.2-require-non-empty-names-client
829
830	[26-client-auth-TLSv1.2-require-non-empty-names-server]
831	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
832	CipherString = DEFAULT:@SECLEVEL=0
833	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
834	ClientSignatureAlgorithms = SHA256+RSA
835	MaxProtocol = TLSv1.2
836	MinProtocol = TLSv1.2
837	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
838	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
839	VerifyMode = Request
840
841	[26-client-auth-TLSv1.2-require-non-empty-names-client]
842	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
843	CipherString = DEFAULT:@SECLEVEL=0
844	MaxProtocol = TLSv1.2
845	MinProtocol = TLSv1.2
846	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
847	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
848	VerifyMode = Peer
849
850	[test-26]
851	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
852	ExpectedClientCertType = RSA
853	ExpectedClientSignHash = SHA256
854	ExpectedClientSignType = RSA
855	ExpectedResult = Success
856
857
858	# ===========================================================
859
860	[27-client-auth-TLSv1.2-noroot]
861	ssl_conf = 27-client-auth-TLSv1.2-noroot-ssl
862
863	[27-client-auth-TLSv1.2-noroot-ssl]
864	server = 27-client-auth-TLSv1.2-noroot-server
865	client = 27-client-auth-TLSv1.2-noroot-client
866
867	[27-client-auth-TLSv1.2-noroot-server]
868	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
869	CipherString = DEFAULT:@SECLEVEL=0
870	MaxProtocol = TLSv1.2
871	MinProtocol = TLSv1.2
872	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
873	VerifyMode = Require
874
875	[27-client-auth-TLSv1.2-noroot-client]
876	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
877	CipherString = DEFAULT:@SECLEVEL=0
878	MaxProtocol = TLSv1.2
879	MinProtocol = TLSv1.2
880	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
881	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
882	VerifyMode = Peer
883
884	[test-27]
885	ExpectedResult = ServerFail
886	ExpectedServerAlert = UnknownCA
887
888
889	# ===========================================================
890
891	[28-server-auth-DTLSv1]
892	ssl_conf = 28-server-auth-DTLSv1-ssl
893
894	[28-server-auth-DTLSv1-ssl]
895	server = 28-server-auth-DTLSv1-server
896	client = 28-server-auth-DTLSv1-client
897
898	[28-server-auth-DTLSv1-server]
899	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
900	CipherString = DEFAULT:@SECLEVEL=0
901	MaxProtocol = DTLSv1
902	MinProtocol = DTLSv1
903	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
904
905	[28-server-auth-DTLSv1-client]
906	CipherString = DEFAULT:@SECLEVEL=0
907	MaxProtocol = DTLSv1
908	MinProtocol = DTLSv1
909	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
910	VerifyMode = Peer
911
912	[test-28]
913	ExpectedResult = Success
914	Method = DTLS
915
916
917	# ===========================================================
918
919	[29-client-auth-DTLSv1-request]
920	ssl_conf = 29-client-auth-DTLSv1-request-ssl
921
922	[29-client-auth-DTLSv1-request-ssl]
923	server = 29-client-auth-DTLSv1-request-server
924	client = 29-client-auth-DTLSv1-request-client
925
926	[29-client-auth-DTLSv1-request-server]
927	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
928	CipherString = DEFAULT:@SECLEVEL=0
929	MaxProtocol = DTLSv1
930	MinProtocol = DTLSv1
931	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
932	VerifyMode = Request
933
934	[29-client-auth-DTLSv1-request-client]
935	CipherString = DEFAULT:@SECLEVEL=0
936	MaxProtocol = DTLSv1
937	MinProtocol = DTLSv1
938	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
939	VerifyMode = Peer
940
941	[test-29]
942	ExpectedResult = Success
943	Method = DTLS
944
945
946	# ===========================================================
947
948	[30-client-auth-DTLSv1-require-fail]
949	ssl_conf = 30-client-auth-DTLSv1-require-fail-ssl
950
951	[30-client-auth-DTLSv1-require-fail-ssl]
952	server = 30-client-auth-DTLSv1-require-fail-server
953	client = 30-client-auth-DTLSv1-require-fail-client
954
955	[30-client-auth-DTLSv1-require-fail-server]
956	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
957	CipherString = DEFAULT:@SECLEVEL=0
958	MaxProtocol = DTLSv1
959	MinProtocol = DTLSv1
960	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
961	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
962	VerifyMode = Require
963
964	[30-client-auth-DTLSv1-require-fail-client]
965	CipherString = DEFAULT:@SECLEVEL=0
966	MaxProtocol = DTLSv1
967	MinProtocol = DTLSv1
968	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
969	VerifyMode = Peer
970
971	[test-30]
972	ExpectedResult = ServerFail
973	ExpectedServerAlert = HandshakeFailure
974	Method = DTLS
975
976
977	# ===========================================================
978
979	[31-client-auth-DTLSv1-require]
980	ssl_conf = 31-client-auth-DTLSv1-require-ssl
981
982	[31-client-auth-DTLSv1-require-ssl]
983	server = 31-client-auth-DTLSv1-require-server
984	client = 31-client-auth-DTLSv1-require-client
985
986	[31-client-auth-DTLSv1-require-server]
987	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
988	CipherString = DEFAULT:@SECLEVEL=0
989	MaxProtocol = DTLSv1
990	MinProtocol = DTLSv1
991	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
992	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
993	VerifyMode = Request
994
995	[31-client-auth-DTLSv1-require-client]
996	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
997	CipherString = DEFAULT:@SECLEVEL=0
998	MaxProtocol = DTLSv1
999	MinProtocol = DTLSv1
1000	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1001	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1002	VerifyMode = Peer
1003
1004	[test-31]
1005	ExpectedClientCANames = empty
1006	ExpectedClientCertType = RSA
1007	ExpectedResult = Success
1008	Method = DTLS
1009
1010
1011	# ===========================================================
1012
1013	[32-client-auth-DTLSv1-require-non-empty-names]
1014	ssl_conf = 32-client-auth-DTLSv1-require-non-empty-names-ssl
1015
1016	[32-client-auth-DTLSv1-require-non-empty-names-ssl]
1017	server = 32-client-auth-DTLSv1-require-non-empty-names-server
1018	client = 32-client-auth-DTLSv1-require-non-empty-names-client
1019
1020	[32-client-auth-DTLSv1-require-non-empty-names-server]
1021	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1022	CipherString = DEFAULT:@SECLEVEL=0
1023	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1024	MaxProtocol = DTLSv1
1025	MinProtocol = DTLSv1
1026	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1027	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1028	VerifyMode = Request
1029
1030	[32-client-auth-DTLSv1-require-non-empty-names-client]
1031	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1032	CipherString = DEFAULT:@SECLEVEL=0
1033	MaxProtocol = DTLSv1
1034	MinProtocol = DTLSv1
1035	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1036	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1037	VerifyMode = Peer
1038
1039	[test-32]
1040	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1041	ExpectedClientCertType = RSA
1042	ExpectedResult = Success
1043	Method = DTLS
1044
1045
1046	# ===========================================================
1047
1048	[33-client-auth-DTLSv1-noroot]
1049	ssl_conf = 33-client-auth-DTLSv1-noroot-ssl
1050
1051	[33-client-auth-DTLSv1-noroot-ssl]
1052	server = 33-client-auth-DTLSv1-noroot-server
1053	client = 33-client-auth-DTLSv1-noroot-client
1054
1055	[33-client-auth-DTLSv1-noroot-server]
1056	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1057	CipherString = DEFAULT:@SECLEVEL=0
1058	MaxProtocol = DTLSv1
1059	MinProtocol = DTLSv1
1060	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1061	VerifyMode = Require
1062
1063	[33-client-auth-DTLSv1-noroot-client]
1064	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1065	CipherString = DEFAULT:@SECLEVEL=0
1066	MaxProtocol = DTLSv1
1067	MinProtocol = DTLSv1
1068	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1069	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1070	VerifyMode = Peer
1071
1072	[test-33]
1073	ExpectedResult = ServerFail
1074	ExpectedServerAlert = UnknownCA
1075	Method = DTLS
1076
1077
1078	# ===========================================================
1079
1080	[34-server-auth-DTLSv1.2]
1081	ssl_conf = 34-server-auth-DTLSv1.2-ssl
1082
1083	[34-server-auth-DTLSv1.2-ssl]
1084	server = 34-server-auth-DTLSv1.2-server
1085	client = 34-server-auth-DTLSv1.2-client
1086
1087	[34-server-auth-DTLSv1.2-server]
1088	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1089	CipherString = DEFAULT:@SECLEVEL=0
1090	MaxProtocol = DTLSv1.2
1091	MinProtocol = DTLSv1.2
1092	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1093
1094	[34-server-auth-DTLSv1.2-client]
1095	CipherString = DEFAULT:@SECLEVEL=0
1096	MaxProtocol = DTLSv1.2
1097	MinProtocol = DTLSv1.2
1098	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1099	VerifyMode = Peer
1100
1101	[test-34]
1102	ExpectedResult = Success
1103	Method = DTLS
1104
1105
1106	# ===========================================================
1107
1108	[35-client-auth-DTLSv1.2-request]
1109	ssl_conf = 35-client-auth-DTLSv1.2-request-ssl
1110
1111	[35-client-auth-DTLSv1.2-request-ssl]
1112	server = 35-client-auth-DTLSv1.2-request-server
1113	client = 35-client-auth-DTLSv1.2-request-client
1114
1115	[35-client-auth-DTLSv1.2-request-server]
1116	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1117	CipherString = DEFAULT:@SECLEVEL=0
1118	MaxProtocol = DTLSv1.2
1119	MinProtocol = DTLSv1.2
1120	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1121	VerifyMode = Request
1122
1123	[35-client-auth-DTLSv1.2-request-client]
1124	CipherString = DEFAULT:@SECLEVEL=0
1125	MaxProtocol = DTLSv1.2
1126	MinProtocol = DTLSv1.2
1127	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1128	VerifyMode = Peer
1129
1130	[test-35]
1131	ExpectedResult = Success
1132	Method = DTLS
1133
1134
1135	# ===========================================================
1136
1137	[36-client-auth-DTLSv1.2-require-fail]
1138	ssl_conf = 36-client-auth-DTLSv1.2-require-fail-ssl
1139
1140	[36-client-auth-DTLSv1.2-require-fail-ssl]
1141	server = 36-client-auth-DTLSv1.2-require-fail-server
1142	client = 36-client-auth-DTLSv1.2-require-fail-client
1143
1144	[36-client-auth-DTLSv1.2-require-fail-server]
1145	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1146	CipherString = DEFAULT:@SECLEVEL=0
1147	MaxProtocol = DTLSv1.2
1148	MinProtocol = DTLSv1.2
1149	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1150	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1151	VerifyMode = Require
1152
1153	[36-client-auth-DTLSv1.2-require-fail-client]
1154	CipherString = DEFAULT:@SECLEVEL=0
1155	MaxProtocol = DTLSv1.2
1156	MinProtocol = DTLSv1.2
1157	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1158	VerifyMode = Peer
1159
1160	[test-36]
1161	ExpectedResult = ServerFail
1162	ExpectedServerAlert = HandshakeFailure
1163	Method = DTLS
1164
1165
1166	# ===========================================================
1167
1168	[37-client-auth-DTLSv1.2-require]
1169	ssl_conf = 37-client-auth-DTLSv1.2-require-ssl
1170
1171	[37-client-auth-DTLSv1.2-require-ssl]
1172	server = 37-client-auth-DTLSv1.2-require-server
1173	client = 37-client-auth-DTLSv1.2-require-client
1174
1175	[37-client-auth-DTLSv1.2-require-server]
1176	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1177	CipherString = DEFAULT:@SECLEVEL=0
1178	MaxProtocol = DTLSv1.2
1179	MinProtocol = DTLSv1.2
1180	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1181	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1182	VerifyMode = Request
1183
1184	[37-client-auth-DTLSv1.2-require-client]
1185	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1186	CipherString = DEFAULT:@SECLEVEL=0
1187	MaxProtocol = DTLSv1.2
1188	MinProtocol = DTLSv1.2
1189	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1190	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1191	VerifyMode = Peer
1192
1193	[test-37]
1194	ExpectedClientCANames = empty
1195	ExpectedClientCertType = RSA
1196	ExpectedResult = Success
1197	Method = DTLS
1198
1199
1200	# ===========================================================
1201
1202	[38-client-auth-DTLSv1.2-require-non-empty-names]
1203	ssl_conf = 38-client-auth-DTLSv1.2-require-non-empty-names-ssl
1204
1205	[38-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1206	server = 38-client-auth-DTLSv1.2-require-non-empty-names-server
1207	client = 38-client-auth-DTLSv1.2-require-non-empty-names-client
1208
1209	[38-client-auth-DTLSv1.2-require-non-empty-names-server]
1210	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1211	CipherString = DEFAULT:@SECLEVEL=0
1212	ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1213	MaxProtocol = DTLSv1.2
1214	MinProtocol = DTLSv1.2
1215	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1216	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1217	VerifyMode = Request
1218
1219	[38-client-auth-DTLSv1.2-require-non-empty-names-client]
1220	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1221	CipherString = DEFAULT:@SECLEVEL=0
1222	MaxProtocol = DTLSv1.2
1223	MinProtocol = DTLSv1.2
1224	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1225	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1226	VerifyMode = Peer
1227
1228	[test-38]
1229	ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1230	ExpectedClientCertType = RSA
1231	ExpectedResult = Success
1232	Method = DTLS
1233
1234
1235	# ===========================================================
1236
1237	[39-client-auth-DTLSv1.2-noroot]
1238	ssl_conf = 39-client-auth-DTLSv1.2-noroot-ssl
1239
1240	[39-client-auth-DTLSv1.2-noroot-ssl]
1241	server = 39-client-auth-DTLSv1.2-noroot-server
1242	client = 39-client-auth-DTLSv1.2-noroot-client
1243
1244	[39-client-auth-DTLSv1.2-noroot-server]
1245	Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1246	CipherString = DEFAULT:@SECLEVEL=0
1247	MaxProtocol = DTLSv1.2
1248	MinProtocol = DTLSv1.2
1249	PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1250	VerifyMode = Require
1251
1252	[39-client-auth-DTLSv1.2-noroot-client]
1253	Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1254	CipherString = DEFAULT:@SECLEVEL=0
1255	MaxProtocol = DTLSv1.2
1256	MinProtocol = DTLSv1.2
1257	PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1258	VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1259	VerifyMode = Peer
1260
1261	[test-39]
1262	ExpectedResult = ServerFail
1263	ExpectedServerAlert = UnknownCA
1264	Method = DTLS
1265
1266

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

以其他格式下載:

原來格式