1# Tests using a longer certificate chain (with intermediate CA's) 2# The tests with chains have the CRL checking disabled 3# CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted 4 5# For these tests we are loading root and sending intermediate and peer certs 6# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain 7-v 3 8-l DHE-RSA-AES128-GCM-SHA256 9-A ./certs/ca-cert.pem 10-k ./certs/server-key.pem 11-c ./certs/intermediate/server-chain.pem 12-V 13 14# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain 15-v 3 16-l DHE-RSA-AES128-GCM-SHA256 17-A ./certs/ca-cert.pem 18-k ./certs/client-key.pem 19-c ./certs/intermediate/client-chain.pem 20-C 21 22# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain 23-v 3 24-l ECDHE-RSA-AES128-GCM-SHA256 25-A ./certs/ca-cert.pem 26-k ./certs/server-key.pem 27-c ./certs/intermediate/server-chain.pem 28-V 29 30# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain 31-v 3 32-l ECDHE-RSA-AES128-GCM-SHA256 33-A ./certs/ca-cert.pem 34-k ./certs/client-key.pem 35-c ./certs/intermediate/client-chain.pem 36-C 37 38# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain 39-v 3 40-l ECDHE-ECDSA-AES128-GCM-SHA256 41-A ./certs/ca-ecc-cert.pem 42-k ./certs/ecc-key.pem 43-c ./certs/intermediate/server-chain-ecc.pem 44-V 45 46# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain 47-v 3 48-l ECDHE-ECDSA-AES128-GCM-SHA256 49-A ./certs/ca-ecc-cert.pem 50-k ./certs/ecc-client-key.pem 51-c ./certs/intermediate/client-chain-ecc.pem 52-C 53 54# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain 55-v 4 56-l TLS13-AES128-GCM-SHA256 57-A ./certs/ca-cert.pem 58-k ./certs/server-key.pem 59-c ./certs/intermediate/server-chain.pem 60-V 61 62# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain 63-v 4 64-l TLS13-AES128-GCM-SHA256 65-A ./certs/ca-cert.pem 66-k ./certs/client-key.pem 67-c ./certs/intermediate/client-chain.pem 68-C 69 70# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain 71-v 4 72-l TLS13-AES128-GCM-SHA256 73-A ./certs/ca-ecc-cert.pem 74-k ./certs/ecc-key.pem 75-c ./certs/intermediate/server-chain-ecc.pem 76-V 77 78# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain 79-v 4 80-l TLS13-AES128-GCM-SHA256 81-A ./certs/ca-ecc-cert.pem 82-k ./certs/ecc-client-key.pem 83-c ./certs/intermediate/client-chain-ecc.pem 84-C 85 86 87# Test will load intermediate CA as trusted and only present the peer cert (partial chain) 88# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain 89-v 3 90-l DHE-RSA-AES128-GCM-SHA256 91-A ./certs/intermediate/ca-int2-cert.pem 92-k ./certs/server-key.pem 93-c ./certs/intermediate/server-int-cert.pem 94-V 95 96# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain 97-v 3 98-l DHE-RSA-AES128-GCM-SHA256 99-A ./certs/intermediate/ca-int2-cert.pem 100-k ./certs/client-key.pem 101-c ./certs/intermediate/client-int-cert.pem 102-C 103 104# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain 105-v 3 106-l ECDHE-RSA-AES128-GCM-SHA256 107-A ./certs/intermediate/ca-int2-cert.pem 108-k ./certs/server-key.pem 109-c ./certs/intermediate/server-int-cert.pem 110-V 111 112# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain 113-v 3 114-l ECDHE-RSA-AES128-GCM-SHA256 115-A ./certs/intermediate/ca-int2-cert.pem 116-k ./certs/client-key.pem 117-c ./certs/intermediate/client-int-cert.pem 118-C 119 120# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain 121-v 3 122-l ECDHE-ECDSA-AES128-GCM-SHA256 123-A ./certs/intermediate/ca-int2-ecc-cert.pem 124-k ./certs/ecc-key.pem 125-c ./certs/intermediate/server-int-ecc-cert.pem 126-V 127 128# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain 129-v 3 130-l ECDHE-ECDSA-AES128-GCM-SHA256 131-A ./certs/intermediate/ca-int2-ecc-cert.pem 132-k ./certs/ecc-client-key.pem 133-c ./certs/intermediate/client-int-ecc-cert.pem 134-C 135 136# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain 137-v 4 138-l TLS13-AES128-GCM-SHA256 139-A ./certs/intermediate/ca-int2-cert.pem 140-k ./certs/server-key.pem 141-c ./certs/intermediate/server-int-cert.pem 142-V 143 144# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain 145-v 4 146-l TLS13-AES128-GCM-SHA256 147-A ./certs/intermediate/ca-int2-cert.pem 148-k ./certs/client-key.pem 149-c ./certs/intermediate/client-int-cert.pem 150-C 151 152# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain 153-v 4 154-l TLS13-AES128-GCM-SHA256 155-A ./certs/intermediate/ca-int2-ecc-cert.pem 156-k ./certs/ecc-key.pem 157-c ./certs/intermediate/server-int-ecc-cert.pem 158-V 159 160# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain 161-v 4 162-l TLS13-AES128-GCM-SHA256 163-A ./certs/intermediate/ca-int2-ecc-cert.pem 164-k ./certs/ecc-client-key.pem 165-c ./certs/intermediate/client-int-ecc-cert.pem 166-C 167 168 169# Test will use alternate chain where chain contains extra cert 170# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain 171-v 3 172-l DHE-RSA-AES128-GCM-SHA256 173-A ./certs/ca-cert.pem 174-k ./certs/server-key.pem 175-c ./certs/intermediate/server-chain-alt.pem 176-V 177 178# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain 179-v 3 180-l DHE-RSA-AES128-GCM-SHA256 181-A ./certs/ca-cert.pem 182-k ./certs/client-key.pem 183-c ./certs/intermediate/client-chain-alt.pem 184-C 185 186# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain 187-v 3 188-l ECDHE-RSA-AES128-GCM-SHA256 189-A ./certs/ca-cert.pem 190-k ./certs/server-key.pem 191-c ./certs/intermediate/server-chain-alt.pem 192-V 193 194# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain 195-v 3 196-l ECDHE-RSA-AES128-GCM-SHA256 197-A ./certs/ca-cert.pem 198-k ./certs/client-key.pem 199-c ./certs/intermediate/client-chain-alt.pem 200-C 201 202# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain 203-v 3 204-l ECDHE-ECDSA-AES128-GCM-SHA256 205-A ./certs/ca-ecc-cert.pem 206-k ./certs/ecc-key.pem 207-c ./certs/intermediate/server-chain-alt-ecc.pem 208-V 209 210# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain 211-v 3 212-l ECDHE-ECDSA-AES128-GCM-SHA256 213-A ./certs/ca-ecc-cert.pem 214-k ./certs/ecc-client-key.pem 215-c ./certs/intermediate/client-chain-alt-ecc.pem 216-C 217 218# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain 219-v 4 220-l TLS13-AES128-GCM-SHA256 221-A ./certs/ca-cert.pem 222-k ./certs/server-key.pem 223-c ./certs/intermediate/server-chain-alt.pem 224-V 225 226# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain 227-v 4 228-l TLS13-AES128-GCM-SHA256 229-A ./certs/ca-cert.pem 230-k ./certs/client-key.pem 231-c ./certs/intermediate/client-chain-alt.pem 232-C 233 234# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain 235-v 4 236-l TLS13-AES128-GCM-SHA256 237-A ./certs/ca-ecc-cert.pem 238-k ./certs/ecc-key.pem 239-c ./certs/intermediate/server-chain-alt-ecc.pem 240-V 241 242# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain 243-v 4 244-l TLS13-AES128-GCM-SHA256 245-A ./certs/ca-ecc-cert.pem 246-k ./certs/ecc-client-key.pem 247-c ./certs/intermediate/client-chain-alt-ecc.pem 248-C 249 250 251# Test will load intermediate2 CA as trusted and present full chain (where intermediate CA is not trusted) 252# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 253-v 3 254-l DHE-RSA-AES128-GCM-SHA256 255-A ./certs/intermediate/ca-int2-cert.pem 256-k ./certs/server-key.pem 257-c ./certs/intermediate/server-chain.pem 258-V 259 260# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 261-v 3 262-l DHE-RSA-AES128-GCM-SHA256 263-A ./certs/intermediate/ca-int2-cert.pem 264-k ./certs/client-key.pem 265-c ./certs/intermediate/client-chain.pem 266-C 267 268# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 269-v 3 270-l ECDHE-RSA-AES128-GCM-SHA256 271-A ./certs/intermediate/ca-int2-cert.pem 272-k ./certs/server-key.pem 273-c ./certs/intermediate/server-chain.pem 274-V 275 276# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 277-v 3 278-l ECDHE-RSA-AES128-GCM-SHA256 279-A ./certs/intermediate/ca-int2-cert.pem 280-k ./certs/client-key.pem 281-c ./certs/intermediate/client-chain.pem 282-C 283 284# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain 285-v 3 286-l ECDHE-ECDSA-AES128-GCM-SHA256 287-A ./certs/intermediate/ca-int2-ecc-cert.pem 288-k ./certs/ecc-key.pem 289-c ./certs/intermediate/server-chain-ecc.pem 290-V 291 292# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain 293-v 3 294-l ECDHE-ECDSA-AES128-GCM-SHA256 295-A ./certs/intermediate/ca-int2-ecc-cert.pem 296-k ./certs/ecc-client-key.pem 297-c ./certs/intermediate/client-chain-ecc.pem 298-C 299 300# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain 301-v 4 302-l TLS13-AES128-GCM-SHA256 303-A ./certs/intermediate/ca-int2-cert.pem 304-k ./certs/server-key.pem 305-c ./certs/intermediate/server-chain.pem 306-V 307 308# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain 309-v 4 310-l TLS13-AES128-GCM-SHA256 311-A ./certs/intermediate/ca-int2-cert.pem 312-k ./certs/client-key.pem 313-c ./certs/intermediate/client-chain.pem 314-C 315 316# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain 317-v 4 318-l TLS13-AES128-GCM-SHA256 319-A ./certs/intermediate/ca-int2-ecc-cert.pem 320-k ./certs/ecc-key.pem 321-c ./certs/intermediate/server-chain-ecc.pem 322-V 323 324# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain 325-v 4 326-l TLS13-AES128-GCM-SHA256 327-A ./certs/intermediate/ca-int2-ecc-cert.pem 328-k ./certs/ecc-client-key.pem 329-c ./certs/intermediate/client-chain-ecc.pem 330-C 331 332 333# Test will load intermediate2 CA as trusted and present full chain (where intermediate CA is not trusted) 334# These tests use the verify callback, but pass the preverify as result in myVerify callback 335# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 336-v 3 337-l DHE-RSA-AES128-GCM-SHA256 338-A ./certs/intermediate/ca-int2-cert.pem 339-k ./certs/server-key.pem 340-c ./certs/intermediate/server-chain.pem 341-V 342 343# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 344-v 3 345-l DHE-RSA-AES128-GCM-SHA256 346-A ./certs/intermediate/ca-int2-cert.pem 347-k ./certs/client-key.pem 348-c ./certs/intermediate/client-chain.pem 349-C 350-H verifyInfo 351 352# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 353-v 3 354-l ECDHE-RSA-AES128-GCM-SHA256 355-A ./certs/intermediate/ca-int2-cert.pem 356-k ./certs/server-key.pem 357-c ./certs/intermediate/server-chain.pem 358-V 359 360# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Trusted Chain 361-v 3 362-l ECDHE-RSA-AES128-GCM-SHA256 363-A ./certs/intermediate/ca-int2-cert.pem 364-k ./certs/client-key.pem 365-c ./certs/intermediate/client-chain.pem 366-C 367-H verifyInfo 368 369# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain 370-v 3 371-l ECDHE-ECDSA-AES128-GCM-SHA256 372-A ./certs/intermediate/ca-int2-ecc-cert.pem 373-k ./certs/ecc-key.pem 374-c ./certs/intermediate/server-chain-ecc.pem 375-V 376 377# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Trusted Chain 378-v 3 379-l ECDHE-ECDSA-AES128-GCM-SHA256 380-A ./certs/intermediate/ca-int2-ecc-cert.pem 381-k ./certs/ecc-client-key.pem 382-c ./certs/intermediate/client-chain-ecc.pem 383-C 384-H verifyInfo 385 386# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain 387-v 4 388-l TLS13-AES128-GCM-SHA256 389-A ./certs/intermediate/ca-int2-cert.pem 390-k ./certs/server-key.pem 391-c ./certs/intermediate/server-chain.pem 392-V 393 394# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Trusted Chain 395-v 4 396-l TLS13-AES128-GCM-SHA256 397-A ./certs/intermediate/ca-int2-cert.pem 398-k ./certs/client-key.pem 399-c ./certs/intermediate/client-chain.pem 400-C 401-H verifyInfo 402 403# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain 404-v 4 405-l TLS13-AES128-GCM-SHA256 406-A ./certs/intermediate/ca-int2-ecc-cert.pem 407-k ./certs/ecc-key.pem 408-c ./certs/intermediate/server-chain-ecc.pem 409-V 410 411# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Trusted Chain 412-v 4 413-l TLS13-AES128-GCM-SHA256 414-A ./certs/intermediate/ca-int2-ecc-cert.pem 415-k ./certs/ecc-client-key.pem 416-c ./certs/intermediate/client-chain-ecc.pem 417-C 418-H verifyInfo 419