1*66bae5e7Schristos# Generated with generate_ssl_tests.pl 2*66bae5e7Schristos 3*66bae5e7Schristosnum_tests = 36 4*66bae5e7Schristos 5*66bae5e7Schristostest-0 = 0-server-auth-flex 6*66bae5e7Schristostest-1 = 1-client-auth-flex-request 7*66bae5e7Schristostest-2 = 2-client-auth-flex-require-fail 8*66bae5e7Schristostest-3 = 3-client-auth-flex-require 9*66bae5e7Schristostest-4 = 4-client-auth-flex-require-non-empty-names 10*66bae5e7Schristostest-5 = 5-client-auth-flex-noroot 11*66bae5e7Schristostest-6 = 6-server-auth-TLSv1 12*66bae5e7Schristostest-7 = 7-client-auth-TLSv1-request 13*66bae5e7Schristostest-8 = 8-client-auth-TLSv1-require-fail 14*66bae5e7Schristostest-9 = 9-client-auth-TLSv1-require 15*66bae5e7Schristostest-10 = 10-client-auth-TLSv1-require-non-empty-names 16*66bae5e7Schristostest-11 = 11-client-auth-TLSv1-noroot 17*66bae5e7Schristostest-12 = 12-server-auth-TLSv1.1 18*66bae5e7Schristostest-13 = 13-client-auth-TLSv1.1-request 19*66bae5e7Schristostest-14 = 14-client-auth-TLSv1.1-require-fail 20*66bae5e7Schristostest-15 = 15-client-auth-TLSv1.1-require 21*66bae5e7Schristostest-16 = 16-client-auth-TLSv1.1-require-non-empty-names 22*66bae5e7Schristostest-17 = 17-client-auth-TLSv1.1-noroot 23*66bae5e7Schristostest-18 = 18-server-auth-TLSv1.2 24*66bae5e7Schristostest-19 = 19-client-auth-TLSv1.2-request 25*66bae5e7Schristostest-20 = 20-client-auth-TLSv1.2-require-fail 26*66bae5e7Schristostest-21 = 21-client-auth-TLSv1.2-require 27*66bae5e7Schristostest-22 = 22-client-auth-TLSv1.2-require-non-empty-names 28*66bae5e7Schristostest-23 = 23-client-auth-TLSv1.2-noroot 29*66bae5e7Schristostest-24 = 24-server-auth-DTLSv1 30*66bae5e7Schristostest-25 = 25-client-auth-DTLSv1-request 31*66bae5e7Schristostest-26 = 26-client-auth-DTLSv1-require-fail 32*66bae5e7Schristostest-27 = 27-client-auth-DTLSv1-require 33*66bae5e7Schristostest-28 = 28-client-auth-DTLSv1-require-non-empty-names 34*66bae5e7Schristostest-29 = 29-client-auth-DTLSv1-noroot 35*66bae5e7Schristostest-30 = 30-server-auth-DTLSv1.2 36*66bae5e7Schristostest-31 = 31-client-auth-DTLSv1.2-request 37*66bae5e7Schristostest-32 = 32-client-auth-DTLSv1.2-require-fail 38*66bae5e7Schristostest-33 = 33-client-auth-DTLSv1.2-require 39*66bae5e7Schristostest-34 = 34-client-auth-DTLSv1.2-require-non-empty-names 40*66bae5e7Schristostest-35 = 35-client-auth-DTLSv1.2-noroot 41*66bae5e7Schristos# =========================================================== 42*66bae5e7Schristos 43*66bae5e7Schristos[0-server-auth-flex] 44*66bae5e7Schristosssl_conf = 0-server-auth-flex-ssl 45*66bae5e7Schristos 46*66bae5e7Schristos[0-server-auth-flex-ssl] 47*66bae5e7Schristosserver = 0-server-auth-flex-server 48*66bae5e7Schristosclient = 0-server-auth-flex-client 49*66bae5e7Schristos 50*66bae5e7Schristos[0-server-auth-flex-server] 51*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 52*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 53*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 54*66bae5e7Schristos 55*66bae5e7Schristos[0-server-auth-flex-client] 56*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 57*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 58*66bae5e7SchristosVerifyMode = Peer 59*66bae5e7Schristos 60*66bae5e7Schristos[test-0] 61*66bae5e7SchristosExpectedResult = Success 62*66bae5e7Schristos 63*66bae5e7Schristos 64*66bae5e7Schristos# =========================================================== 65*66bae5e7Schristos 66*66bae5e7Schristos[1-client-auth-flex-request] 67*66bae5e7Schristosssl_conf = 1-client-auth-flex-request-ssl 68*66bae5e7Schristos 69*66bae5e7Schristos[1-client-auth-flex-request-ssl] 70*66bae5e7Schristosserver = 1-client-auth-flex-request-server 71*66bae5e7Schristosclient = 1-client-auth-flex-request-client 72*66bae5e7Schristos 73*66bae5e7Schristos[1-client-auth-flex-request-server] 74*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 75*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 76*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 77*66bae5e7SchristosVerifyMode = Request 78*66bae5e7Schristos 79*66bae5e7Schristos[1-client-auth-flex-request-client] 80*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 81*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 82*66bae5e7SchristosVerifyMode = Peer 83*66bae5e7Schristos 84*66bae5e7Schristos[test-1] 85*66bae5e7SchristosExpectedResult = Success 86*66bae5e7Schristos 87*66bae5e7Schristos 88*66bae5e7Schristos# =========================================================== 89*66bae5e7Schristos 90*66bae5e7Schristos[2-client-auth-flex-require-fail] 91*66bae5e7Schristosssl_conf = 2-client-auth-flex-require-fail-ssl 92*66bae5e7Schristos 93*66bae5e7Schristos[2-client-auth-flex-require-fail-ssl] 94*66bae5e7Schristosserver = 2-client-auth-flex-require-fail-server 95*66bae5e7Schristosclient = 2-client-auth-flex-require-fail-client 96*66bae5e7Schristos 97*66bae5e7Schristos[2-client-auth-flex-require-fail-server] 98*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 99*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 100*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 101*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 102*66bae5e7SchristosVerifyMode = Require 103*66bae5e7Schristos 104*66bae5e7Schristos[2-client-auth-flex-require-fail-client] 105*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 106*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 107*66bae5e7SchristosVerifyMode = Peer 108*66bae5e7Schristos 109*66bae5e7Schristos[test-2] 110*66bae5e7SchristosExpectedResult = ServerFail 111*66bae5e7SchristosExpectedServerAlert = CertificateRequired 112*66bae5e7Schristos 113*66bae5e7Schristos 114*66bae5e7Schristos# =========================================================== 115*66bae5e7Schristos 116*66bae5e7Schristos[3-client-auth-flex-require] 117*66bae5e7Schristosssl_conf = 3-client-auth-flex-require-ssl 118*66bae5e7Schristos 119*66bae5e7Schristos[3-client-auth-flex-require-ssl] 120*66bae5e7Schristosserver = 3-client-auth-flex-require-server 121*66bae5e7Schristosclient = 3-client-auth-flex-require-client 122*66bae5e7Schristos 123*66bae5e7Schristos[3-client-auth-flex-require-server] 124*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 125*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 126*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 127*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 128*66bae5e7SchristosVerifyMode = Request 129*66bae5e7Schristos 130*66bae5e7Schristos[3-client-auth-flex-require-client] 131*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 132*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 133*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 134*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 135*66bae5e7SchristosVerifyMode = Peer 136*66bae5e7Schristos 137*66bae5e7Schristos[test-3] 138*66bae5e7SchristosExpectedClientCANames = empty 139*66bae5e7SchristosExpectedClientCertType = RSA 140*66bae5e7SchristosExpectedResult = Success 141*66bae5e7Schristos 142*66bae5e7Schristos 143*66bae5e7Schristos# =========================================================== 144*66bae5e7Schristos 145*66bae5e7Schristos[4-client-auth-flex-require-non-empty-names] 146*66bae5e7Schristosssl_conf = 4-client-auth-flex-require-non-empty-names-ssl 147*66bae5e7Schristos 148*66bae5e7Schristos[4-client-auth-flex-require-non-empty-names-ssl] 149*66bae5e7Schristosserver = 4-client-auth-flex-require-non-empty-names-server 150*66bae5e7Schristosclient = 4-client-auth-flex-require-non-empty-names-client 151*66bae5e7Schristos 152*66bae5e7Schristos[4-client-auth-flex-require-non-empty-names-server] 153*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 154*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 155*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 156*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158*66bae5e7SchristosVerifyMode = Request 159*66bae5e7Schristos 160*66bae5e7Schristos[4-client-auth-flex-require-non-empty-names-client] 161*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 163*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 164*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 165*66bae5e7SchristosVerifyMode = Peer 166*66bae5e7Schristos 167*66bae5e7Schristos[test-4] 168*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 169*66bae5e7SchristosExpectedClientCertType = RSA 170*66bae5e7SchristosExpectedResult = Success 171*66bae5e7Schristos 172*66bae5e7Schristos 173*66bae5e7Schristos# =========================================================== 174*66bae5e7Schristos 175*66bae5e7Schristos[5-client-auth-flex-noroot] 176*66bae5e7Schristosssl_conf = 5-client-auth-flex-noroot-ssl 177*66bae5e7Schristos 178*66bae5e7Schristos[5-client-auth-flex-noroot-ssl] 179*66bae5e7Schristosserver = 5-client-auth-flex-noroot-server 180*66bae5e7Schristosclient = 5-client-auth-flex-noroot-client 181*66bae5e7Schristos 182*66bae5e7Schristos[5-client-auth-flex-noroot-server] 183*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 184*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 185*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 186*66bae5e7SchristosVerifyMode = Require 187*66bae5e7Schristos 188*66bae5e7Schristos[5-client-auth-flex-noroot-client] 189*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 190*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 191*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 192*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 193*66bae5e7SchristosVerifyMode = Peer 194*66bae5e7Schristos 195*66bae5e7Schristos[test-5] 196*66bae5e7SchristosExpectedResult = ServerFail 197*66bae5e7SchristosExpectedServerAlert = UnknownCA 198*66bae5e7Schristos 199*66bae5e7Schristos 200*66bae5e7Schristos# =========================================================== 201*66bae5e7Schristos 202*66bae5e7Schristos[6-server-auth-TLSv1] 203*66bae5e7Schristosssl_conf = 6-server-auth-TLSv1-ssl 204*66bae5e7Schristos 205*66bae5e7Schristos[6-server-auth-TLSv1-ssl] 206*66bae5e7Schristosserver = 6-server-auth-TLSv1-server 207*66bae5e7Schristosclient = 6-server-auth-TLSv1-client 208*66bae5e7Schristos 209*66bae5e7Schristos[6-server-auth-TLSv1-server] 210*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 211*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 212*66bae5e7SchristosMaxProtocol = TLSv1 213*66bae5e7SchristosMinProtocol = TLSv1 214*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 215*66bae5e7Schristos 216*66bae5e7Schristos[6-server-auth-TLSv1-client] 217*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 218*66bae5e7SchristosMaxProtocol = TLSv1 219*66bae5e7SchristosMinProtocol = TLSv1 220*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 221*66bae5e7SchristosVerifyMode = Peer 222*66bae5e7Schristos 223*66bae5e7Schristos[test-6] 224*66bae5e7SchristosExpectedResult = Success 225*66bae5e7Schristos 226*66bae5e7Schristos 227*66bae5e7Schristos# =========================================================== 228*66bae5e7Schristos 229*66bae5e7Schristos[7-client-auth-TLSv1-request] 230*66bae5e7Schristosssl_conf = 7-client-auth-TLSv1-request-ssl 231*66bae5e7Schristos 232*66bae5e7Schristos[7-client-auth-TLSv1-request-ssl] 233*66bae5e7Schristosserver = 7-client-auth-TLSv1-request-server 234*66bae5e7Schristosclient = 7-client-auth-TLSv1-request-client 235*66bae5e7Schristos 236*66bae5e7Schristos[7-client-auth-TLSv1-request-server] 237*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 238*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 239*66bae5e7SchristosMaxProtocol = TLSv1 240*66bae5e7SchristosMinProtocol = TLSv1 241*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 242*66bae5e7SchristosVerifyMode = Request 243*66bae5e7Schristos 244*66bae5e7Schristos[7-client-auth-TLSv1-request-client] 245*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 246*66bae5e7SchristosMaxProtocol = TLSv1 247*66bae5e7SchristosMinProtocol = TLSv1 248*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 249*66bae5e7SchristosVerifyMode = Peer 250*66bae5e7Schristos 251*66bae5e7Schristos[test-7] 252*66bae5e7SchristosExpectedResult = Success 253*66bae5e7Schristos 254*66bae5e7Schristos 255*66bae5e7Schristos# =========================================================== 256*66bae5e7Schristos 257*66bae5e7Schristos[8-client-auth-TLSv1-require-fail] 258*66bae5e7Schristosssl_conf = 8-client-auth-TLSv1-require-fail-ssl 259*66bae5e7Schristos 260*66bae5e7Schristos[8-client-auth-TLSv1-require-fail-ssl] 261*66bae5e7Schristosserver = 8-client-auth-TLSv1-require-fail-server 262*66bae5e7Schristosclient = 8-client-auth-TLSv1-require-fail-client 263*66bae5e7Schristos 264*66bae5e7Schristos[8-client-auth-TLSv1-require-fail-server] 265*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 266*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 267*66bae5e7SchristosMaxProtocol = TLSv1 268*66bae5e7SchristosMinProtocol = TLSv1 269*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 270*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 271*66bae5e7SchristosVerifyMode = Require 272*66bae5e7Schristos 273*66bae5e7Schristos[8-client-auth-TLSv1-require-fail-client] 274*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 275*66bae5e7SchristosMaxProtocol = TLSv1 276*66bae5e7SchristosMinProtocol = TLSv1 277*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 278*66bae5e7SchristosVerifyMode = Peer 279*66bae5e7Schristos 280*66bae5e7Schristos[test-8] 281*66bae5e7SchristosExpectedResult = ServerFail 282*66bae5e7SchristosExpectedServerAlert = HandshakeFailure 283*66bae5e7Schristos 284*66bae5e7Schristos 285*66bae5e7Schristos# =========================================================== 286*66bae5e7Schristos 287*66bae5e7Schristos[9-client-auth-TLSv1-require] 288*66bae5e7Schristosssl_conf = 9-client-auth-TLSv1-require-ssl 289*66bae5e7Schristos 290*66bae5e7Schristos[9-client-auth-TLSv1-require-ssl] 291*66bae5e7Schristosserver = 9-client-auth-TLSv1-require-server 292*66bae5e7Schristosclient = 9-client-auth-TLSv1-require-client 293*66bae5e7Schristos 294*66bae5e7Schristos[9-client-auth-TLSv1-require-server] 295*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 296*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 297*66bae5e7SchristosMaxProtocol = TLSv1 298*66bae5e7SchristosMinProtocol = TLSv1 299*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 300*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 301*66bae5e7SchristosVerifyMode = Request 302*66bae5e7Schristos 303*66bae5e7Schristos[9-client-auth-TLSv1-require-client] 304*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 305*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 306*66bae5e7SchristosMaxProtocol = TLSv1 307*66bae5e7SchristosMinProtocol = TLSv1 308*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 309*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 310*66bae5e7SchristosVerifyMode = Peer 311*66bae5e7Schristos 312*66bae5e7Schristos[test-9] 313*66bae5e7SchristosExpectedClientCANames = empty 314*66bae5e7SchristosExpectedClientCertType = RSA 315*66bae5e7SchristosExpectedResult = Success 316*66bae5e7Schristos 317*66bae5e7Schristos 318*66bae5e7Schristos# =========================================================== 319*66bae5e7Schristos 320*66bae5e7Schristos[10-client-auth-TLSv1-require-non-empty-names] 321*66bae5e7Schristosssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl 322*66bae5e7Schristos 323*66bae5e7Schristos[10-client-auth-TLSv1-require-non-empty-names-ssl] 324*66bae5e7Schristosserver = 10-client-auth-TLSv1-require-non-empty-names-server 325*66bae5e7Schristosclient = 10-client-auth-TLSv1-require-non-empty-names-client 326*66bae5e7Schristos 327*66bae5e7Schristos[10-client-auth-TLSv1-require-non-empty-names-server] 328*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 329*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 330*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 331*66bae5e7SchristosMaxProtocol = TLSv1 332*66bae5e7SchristosMinProtocol = TLSv1 333*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 334*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 335*66bae5e7SchristosVerifyMode = Request 336*66bae5e7Schristos 337*66bae5e7Schristos[10-client-auth-TLSv1-require-non-empty-names-client] 338*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 339*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 340*66bae5e7SchristosMaxProtocol = TLSv1 341*66bae5e7SchristosMinProtocol = TLSv1 342*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 343*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 344*66bae5e7SchristosVerifyMode = Peer 345*66bae5e7Schristos 346*66bae5e7Schristos[test-10] 347*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 348*66bae5e7SchristosExpectedClientCertType = RSA 349*66bae5e7SchristosExpectedResult = Success 350*66bae5e7Schristos 351*66bae5e7Schristos 352*66bae5e7Schristos# =========================================================== 353*66bae5e7Schristos 354*66bae5e7Schristos[11-client-auth-TLSv1-noroot] 355*66bae5e7Schristosssl_conf = 11-client-auth-TLSv1-noroot-ssl 356*66bae5e7Schristos 357*66bae5e7Schristos[11-client-auth-TLSv1-noroot-ssl] 358*66bae5e7Schristosserver = 11-client-auth-TLSv1-noroot-server 359*66bae5e7Schristosclient = 11-client-auth-TLSv1-noroot-client 360*66bae5e7Schristos 361*66bae5e7Schristos[11-client-auth-TLSv1-noroot-server] 362*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 363*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 364*66bae5e7SchristosMaxProtocol = TLSv1 365*66bae5e7SchristosMinProtocol = TLSv1 366*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 367*66bae5e7SchristosVerifyMode = Require 368*66bae5e7Schristos 369*66bae5e7Schristos[11-client-auth-TLSv1-noroot-client] 370*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 371*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 372*66bae5e7SchristosMaxProtocol = TLSv1 373*66bae5e7SchristosMinProtocol = TLSv1 374*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 375*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 376*66bae5e7SchristosVerifyMode = Peer 377*66bae5e7Schristos 378*66bae5e7Schristos[test-11] 379*66bae5e7SchristosExpectedResult = ServerFail 380*66bae5e7SchristosExpectedServerAlert = UnknownCA 381*66bae5e7Schristos 382*66bae5e7Schristos 383*66bae5e7Schristos# =========================================================== 384*66bae5e7Schristos 385*66bae5e7Schristos[12-server-auth-TLSv1.1] 386*66bae5e7Schristosssl_conf = 12-server-auth-TLSv1.1-ssl 387*66bae5e7Schristos 388*66bae5e7Schristos[12-server-auth-TLSv1.1-ssl] 389*66bae5e7Schristosserver = 12-server-auth-TLSv1.1-server 390*66bae5e7Schristosclient = 12-server-auth-TLSv1.1-client 391*66bae5e7Schristos 392*66bae5e7Schristos[12-server-auth-TLSv1.1-server] 393*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 394*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 395*66bae5e7SchristosMaxProtocol = TLSv1.1 396*66bae5e7SchristosMinProtocol = TLSv1.1 397*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 398*66bae5e7Schristos 399*66bae5e7Schristos[12-server-auth-TLSv1.1-client] 400*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 401*66bae5e7SchristosMaxProtocol = TLSv1.1 402*66bae5e7SchristosMinProtocol = TLSv1.1 403*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 404*66bae5e7SchristosVerifyMode = Peer 405*66bae5e7Schristos 406*66bae5e7Schristos[test-12] 407*66bae5e7SchristosExpectedResult = Success 408*66bae5e7Schristos 409*66bae5e7Schristos 410*66bae5e7Schristos# =========================================================== 411*66bae5e7Schristos 412*66bae5e7Schristos[13-client-auth-TLSv1.1-request] 413*66bae5e7Schristosssl_conf = 13-client-auth-TLSv1.1-request-ssl 414*66bae5e7Schristos 415*66bae5e7Schristos[13-client-auth-TLSv1.1-request-ssl] 416*66bae5e7Schristosserver = 13-client-auth-TLSv1.1-request-server 417*66bae5e7Schristosclient = 13-client-auth-TLSv1.1-request-client 418*66bae5e7Schristos 419*66bae5e7Schristos[13-client-auth-TLSv1.1-request-server] 420*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 421*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 422*66bae5e7SchristosMaxProtocol = TLSv1.1 423*66bae5e7SchristosMinProtocol = TLSv1.1 424*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 425*66bae5e7SchristosVerifyMode = Request 426*66bae5e7Schristos 427*66bae5e7Schristos[13-client-auth-TLSv1.1-request-client] 428*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 429*66bae5e7SchristosMaxProtocol = TLSv1.1 430*66bae5e7SchristosMinProtocol = TLSv1.1 431*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 432*66bae5e7SchristosVerifyMode = Peer 433*66bae5e7Schristos 434*66bae5e7Schristos[test-13] 435*66bae5e7SchristosExpectedResult = Success 436*66bae5e7Schristos 437*66bae5e7Schristos 438*66bae5e7Schristos# =========================================================== 439*66bae5e7Schristos 440*66bae5e7Schristos[14-client-auth-TLSv1.1-require-fail] 441*66bae5e7Schristosssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl 442*66bae5e7Schristos 443*66bae5e7Schristos[14-client-auth-TLSv1.1-require-fail-ssl] 444*66bae5e7Schristosserver = 14-client-auth-TLSv1.1-require-fail-server 445*66bae5e7Schristosclient = 14-client-auth-TLSv1.1-require-fail-client 446*66bae5e7Schristos 447*66bae5e7Schristos[14-client-auth-TLSv1.1-require-fail-server] 448*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 449*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 450*66bae5e7SchristosMaxProtocol = TLSv1.1 451*66bae5e7SchristosMinProtocol = TLSv1.1 452*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 453*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 454*66bae5e7SchristosVerifyMode = Require 455*66bae5e7Schristos 456*66bae5e7Schristos[14-client-auth-TLSv1.1-require-fail-client] 457*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 458*66bae5e7SchristosMaxProtocol = TLSv1.1 459*66bae5e7SchristosMinProtocol = TLSv1.1 460*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 461*66bae5e7SchristosVerifyMode = Peer 462*66bae5e7Schristos 463*66bae5e7Schristos[test-14] 464*66bae5e7SchristosExpectedResult = ServerFail 465*66bae5e7SchristosExpectedServerAlert = HandshakeFailure 466*66bae5e7Schristos 467*66bae5e7Schristos 468*66bae5e7Schristos# =========================================================== 469*66bae5e7Schristos 470*66bae5e7Schristos[15-client-auth-TLSv1.1-require] 471*66bae5e7Schristosssl_conf = 15-client-auth-TLSv1.1-require-ssl 472*66bae5e7Schristos 473*66bae5e7Schristos[15-client-auth-TLSv1.1-require-ssl] 474*66bae5e7Schristosserver = 15-client-auth-TLSv1.1-require-server 475*66bae5e7Schristosclient = 15-client-auth-TLSv1.1-require-client 476*66bae5e7Schristos 477*66bae5e7Schristos[15-client-auth-TLSv1.1-require-server] 478*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 479*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 480*66bae5e7SchristosMaxProtocol = TLSv1.1 481*66bae5e7SchristosMinProtocol = TLSv1.1 482*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 483*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 484*66bae5e7SchristosVerifyMode = Request 485*66bae5e7Schristos 486*66bae5e7Schristos[15-client-auth-TLSv1.1-require-client] 487*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 488*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 489*66bae5e7SchristosMaxProtocol = TLSv1.1 490*66bae5e7SchristosMinProtocol = TLSv1.1 491*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 492*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 493*66bae5e7SchristosVerifyMode = Peer 494*66bae5e7Schristos 495*66bae5e7Schristos[test-15] 496*66bae5e7SchristosExpectedClientCANames = empty 497*66bae5e7SchristosExpectedClientCertType = RSA 498*66bae5e7SchristosExpectedResult = Success 499*66bae5e7Schristos 500*66bae5e7Schristos 501*66bae5e7Schristos# =========================================================== 502*66bae5e7Schristos 503*66bae5e7Schristos[16-client-auth-TLSv1.1-require-non-empty-names] 504*66bae5e7Schristosssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl 505*66bae5e7Schristos 506*66bae5e7Schristos[16-client-auth-TLSv1.1-require-non-empty-names-ssl] 507*66bae5e7Schristosserver = 16-client-auth-TLSv1.1-require-non-empty-names-server 508*66bae5e7Schristosclient = 16-client-auth-TLSv1.1-require-non-empty-names-client 509*66bae5e7Schristos 510*66bae5e7Schristos[16-client-auth-TLSv1.1-require-non-empty-names-server] 511*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 512*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 513*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 514*66bae5e7SchristosMaxProtocol = TLSv1.1 515*66bae5e7SchristosMinProtocol = TLSv1.1 516*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 517*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 518*66bae5e7SchristosVerifyMode = Request 519*66bae5e7Schristos 520*66bae5e7Schristos[16-client-auth-TLSv1.1-require-non-empty-names-client] 521*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 522*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 523*66bae5e7SchristosMaxProtocol = TLSv1.1 524*66bae5e7SchristosMinProtocol = TLSv1.1 525*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 526*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 527*66bae5e7SchristosVerifyMode = Peer 528*66bae5e7Schristos 529*66bae5e7Schristos[test-16] 530*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 531*66bae5e7SchristosExpectedClientCertType = RSA 532*66bae5e7SchristosExpectedResult = Success 533*66bae5e7Schristos 534*66bae5e7Schristos 535*66bae5e7Schristos# =========================================================== 536*66bae5e7Schristos 537*66bae5e7Schristos[17-client-auth-TLSv1.1-noroot] 538*66bae5e7Schristosssl_conf = 17-client-auth-TLSv1.1-noroot-ssl 539*66bae5e7Schristos 540*66bae5e7Schristos[17-client-auth-TLSv1.1-noroot-ssl] 541*66bae5e7Schristosserver = 17-client-auth-TLSv1.1-noroot-server 542*66bae5e7Schristosclient = 17-client-auth-TLSv1.1-noroot-client 543*66bae5e7Schristos 544*66bae5e7Schristos[17-client-auth-TLSv1.1-noroot-server] 545*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 546*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 547*66bae5e7SchristosMaxProtocol = TLSv1.1 548*66bae5e7SchristosMinProtocol = TLSv1.1 549*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 550*66bae5e7SchristosVerifyMode = Require 551*66bae5e7Schristos 552*66bae5e7Schristos[17-client-auth-TLSv1.1-noroot-client] 553*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 554*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 555*66bae5e7SchristosMaxProtocol = TLSv1.1 556*66bae5e7SchristosMinProtocol = TLSv1.1 557*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 558*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 559*66bae5e7SchristosVerifyMode = Peer 560*66bae5e7Schristos 561*66bae5e7Schristos[test-17] 562*66bae5e7SchristosExpectedResult = ServerFail 563*66bae5e7SchristosExpectedServerAlert = UnknownCA 564*66bae5e7Schristos 565*66bae5e7Schristos 566*66bae5e7Schristos# =========================================================== 567*66bae5e7Schristos 568*66bae5e7Schristos[18-server-auth-TLSv1.2] 569*66bae5e7Schristosssl_conf = 18-server-auth-TLSv1.2-ssl 570*66bae5e7Schristos 571*66bae5e7Schristos[18-server-auth-TLSv1.2-ssl] 572*66bae5e7Schristosserver = 18-server-auth-TLSv1.2-server 573*66bae5e7Schristosclient = 18-server-auth-TLSv1.2-client 574*66bae5e7Schristos 575*66bae5e7Schristos[18-server-auth-TLSv1.2-server] 576*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 577*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 578*66bae5e7SchristosMaxProtocol = TLSv1.2 579*66bae5e7SchristosMinProtocol = TLSv1.2 580*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 581*66bae5e7Schristos 582*66bae5e7Schristos[18-server-auth-TLSv1.2-client] 583*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 584*66bae5e7SchristosMaxProtocol = TLSv1.2 585*66bae5e7SchristosMinProtocol = TLSv1.2 586*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 587*66bae5e7SchristosVerifyMode = Peer 588*66bae5e7Schristos 589*66bae5e7Schristos[test-18] 590*66bae5e7SchristosExpectedResult = Success 591*66bae5e7Schristos 592*66bae5e7Schristos 593*66bae5e7Schristos# =========================================================== 594*66bae5e7Schristos 595*66bae5e7Schristos[19-client-auth-TLSv1.2-request] 596*66bae5e7Schristosssl_conf = 19-client-auth-TLSv1.2-request-ssl 597*66bae5e7Schristos 598*66bae5e7Schristos[19-client-auth-TLSv1.2-request-ssl] 599*66bae5e7Schristosserver = 19-client-auth-TLSv1.2-request-server 600*66bae5e7Schristosclient = 19-client-auth-TLSv1.2-request-client 601*66bae5e7Schristos 602*66bae5e7Schristos[19-client-auth-TLSv1.2-request-server] 603*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 604*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 605*66bae5e7SchristosMaxProtocol = TLSv1.2 606*66bae5e7SchristosMinProtocol = TLSv1.2 607*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 608*66bae5e7SchristosVerifyMode = Request 609*66bae5e7Schristos 610*66bae5e7Schristos[19-client-auth-TLSv1.2-request-client] 611*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 612*66bae5e7SchristosMaxProtocol = TLSv1.2 613*66bae5e7SchristosMinProtocol = TLSv1.2 614*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 615*66bae5e7SchristosVerifyMode = Peer 616*66bae5e7Schristos 617*66bae5e7Schristos[test-19] 618*66bae5e7SchristosExpectedResult = Success 619*66bae5e7Schristos 620*66bae5e7Schristos 621*66bae5e7Schristos# =========================================================== 622*66bae5e7Schristos 623*66bae5e7Schristos[20-client-auth-TLSv1.2-require-fail] 624*66bae5e7Schristosssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl 625*66bae5e7Schristos 626*66bae5e7Schristos[20-client-auth-TLSv1.2-require-fail-ssl] 627*66bae5e7Schristosserver = 20-client-auth-TLSv1.2-require-fail-server 628*66bae5e7Schristosclient = 20-client-auth-TLSv1.2-require-fail-client 629*66bae5e7Schristos 630*66bae5e7Schristos[20-client-auth-TLSv1.2-require-fail-server] 631*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 632*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 633*66bae5e7SchristosMaxProtocol = TLSv1.2 634*66bae5e7SchristosMinProtocol = TLSv1.2 635*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 636*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 637*66bae5e7SchristosVerifyMode = Require 638*66bae5e7Schristos 639*66bae5e7Schristos[20-client-auth-TLSv1.2-require-fail-client] 640*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 641*66bae5e7SchristosMaxProtocol = TLSv1.2 642*66bae5e7SchristosMinProtocol = TLSv1.2 643*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 644*66bae5e7SchristosVerifyMode = Peer 645*66bae5e7Schristos 646*66bae5e7Schristos[test-20] 647*66bae5e7SchristosExpectedResult = ServerFail 648*66bae5e7SchristosExpectedServerAlert = HandshakeFailure 649*66bae5e7Schristos 650*66bae5e7Schristos 651*66bae5e7Schristos# =========================================================== 652*66bae5e7Schristos 653*66bae5e7Schristos[21-client-auth-TLSv1.2-require] 654*66bae5e7Schristosssl_conf = 21-client-auth-TLSv1.2-require-ssl 655*66bae5e7Schristos 656*66bae5e7Schristos[21-client-auth-TLSv1.2-require-ssl] 657*66bae5e7Schristosserver = 21-client-auth-TLSv1.2-require-server 658*66bae5e7Schristosclient = 21-client-auth-TLSv1.2-require-client 659*66bae5e7Schristos 660*66bae5e7Schristos[21-client-auth-TLSv1.2-require-server] 661*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 662*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 663*66bae5e7SchristosClientSignatureAlgorithms = SHA256+RSA 664*66bae5e7SchristosMaxProtocol = TLSv1.2 665*66bae5e7SchristosMinProtocol = TLSv1.2 666*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 667*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 668*66bae5e7SchristosVerifyMode = Request 669*66bae5e7Schristos 670*66bae5e7Schristos[21-client-auth-TLSv1.2-require-client] 671*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 672*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 673*66bae5e7SchristosMaxProtocol = TLSv1.2 674*66bae5e7SchristosMinProtocol = TLSv1.2 675*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 676*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 677*66bae5e7SchristosVerifyMode = Peer 678*66bae5e7Schristos 679*66bae5e7Schristos[test-21] 680*66bae5e7SchristosExpectedClientCANames = empty 681*66bae5e7SchristosExpectedClientCertType = RSA 682*66bae5e7SchristosExpectedClientSignHash = SHA256 683*66bae5e7SchristosExpectedClientSignType = RSA 684*66bae5e7SchristosExpectedResult = Success 685*66bae5e7Schristos 686*66bae5e7Schristos 687*66bae5e7Schristos# =========================================================== 688*66bae5e7Schristos 689*66bae5e7Schristos[22-client-auth-TLSv1.2-require-non-empty-names] 690*66bae5e7Schristosssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl 691*66bae5e7Schristos 692*66bae5e7Schristos[22-client-auth-TLSv1.2-require-non-empty-names-ssl] 693*66bae5e7Schristosserver = 22-client-auth-TLSv1.2-require-non-empty-names-server 694*66bae5e7Schristosclient = 22-client-auth-TLSv1.2-require-non-empty-names-client 695*66bae5e7Schristos 696*66bae5e7Schristos[22-client-auth-TLSv1.2-require-non-empty-names-server] 697*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 698*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 699*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 700*66bae5e7SchristosClientSignatureAlgorithms = SHA256+RSA 701*66bae5e7SchristosMaxProtocol = TLSv1.2 702*66bae5e7SchristosMinProtocol = TLSv1.2 703*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 704*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 705*66bae5e7SchristosVerifyMode = Request 706*66bae5e7Schristos 707*66bae5e7Schristos[22-client-auth-TLSv1.2-require-non-empty-names-client] 708*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 709*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 710*66bae5e7SchristosMaxProtocol = TLSv1.2 711*66bae5e7SchristosMinProtocol = TLSv1.2 712*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 713*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 714*66bae5e7SchristosVerifyMode = Peer 715*66bae5e7Schristos 716*66bae5e7Schristos[test-22] 717*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 718*66bae5e7SchristosExpectedClientCertType = RSA 719*66bae5e7SchristosExpectedClientSignHash = SHA256 720*66bae5e7SchristosExpectedClientSignType = RSA 721*66bae5e7SchristosExpectedResult = Success 722*66bae5e7Schristos 723*66bae5e7Schristos 724*66bae5e7Schristos# =========================================================== 725*66bae5e7Schristos 726*66bae5e7Schristos[23-client-auth-TLSv1.2-noroot] 727*66bae5e7Schristosssl_conf = 23-client-auth-TLSv1.2-noroot-ssl 728*66bae5e7Schristos 729*66bae5e7Schristos[23-client-auth-TLSv1.2-noroot-ssl] 730*66bae5e7Schristosserver = 23-client-auth-TLSv1.2-noroot-server 731*66bae5e7Schristosclient = 23-client-auth-TLSv1.2-noroot-client 732*66bae5e7Schristos 733*66bae5e7Schristos[23-client-auth-TLSv1.2-noroot-server] 734*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 735*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 736*66bae5e7SchristosMaxProtocol = TLSv1.2 737*66bae5e7SchristosMinProtocol = TLSv1.2 738*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 739*66bae5e7SchristosVerifyMode = Require 740*66bae5e7Schristos 741*66bae5e7Schristos[23-client-auth-TLSv1.2-noroot-client] 742*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 743*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 744*66bae5e7SchristosMaxProtocol = TLSv1.2 745*66bae5e7SchristosMinProtocol = TLSv1.2 746*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 747*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 748*66bae5e7SchristosVerifyMode = Peer 749*66bae5e7Schristos 750*66bae5e7Schristos[test-23] 751*66bae5e7SchristosExpectedResult = ServerFail 752*66bae5e7SchristosExpectedServerAlert = UnknownCA 753*66bae5e7Schristos 754*66bae5e7Schristos 755*66bae5e7Schristos# =========================================================== 756*66bae5e7Schristos 757*66bae5e7Schristos[24-server-auth-DTLSv1] 758*66bae5e7Schristosssl_conf = 24-server-auth-DTLSv1-ssl 759*66bae5e7Schristos 760*66bae5e7Schristos[24-server-auth-DTLSv1-ssl] 761*66bae5e7Schristosserver = 24-server-auth-DTLSv1-server 762*66bae5e7Schristosclient = 24-server-auth-DTLSv1-client 763*66bae5e7Schristos 764*66bae5e7Schristos[24-server-auth-DTLSv1-server] 765*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 766*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 767*66bae5e7SchristosMaxProtocol = DTLSv1 768*66bae5e7SchristosMinProtocol = DTLSv1 769*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 770*66bae5e7Schristos 771*66bae5e7Schristos[24-server-auth-DTLSv1-client] 772*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 773*66bae5e7SchristosMaxProtocol = DTLSv1 774*66bae5e7SchristosMinProtocol = DTLSv1 775*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 776*66bae5e7SchristosVerifyMode = Peer 777*66bae5e7Schristos 778*66bae5e7Schristos[test-24] 779*66bae5e7SchristosExpectedResult = Success 780*66bae5e7SchristosMethod = DTLS 781*66bae5e7Schristos 782*66bae5e7Schristos 783*66bae5e7Schristos# =========================================================== 784*66bae5e7Schristos 785*66bae5e7Schristos[25-client-auth-DTLSv1-request] 786*66bae5e7Schristosssl_conf = 25-client-auth-DTLSv1-request-ssl 787*66bae5e7Schristos 788*66bae5e7Schristos[25-client-auth-DTLSv1-request-ssl] 789*66bae5e7Schristosserver = 25-client-auth-DTLSv1-request-server 790*66bae5e7Schristosclient = 25-client-auth-DTLSv1-request-client 791*66bae5e7Schristos 792*66bae5e7Schristos[25-client-auth-DTLSv1-request-server] 793*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 794*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 795*66bae5e7SchristosMaxProtocol = DTLSv1 796*66bae5e7SchristosMinProtocol = DTLSv1 797*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 798*66bae5e7SchristosVerifyMode = Request 799*66bae5e7Schristos 800*66bae5e7Schristos[25-client-auth-DTLSv1-request-client] 801*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 802*66bae5e7SchristosMaxProtocol = DTLSv1 803*66bae5e7SchristosMinProtocol = DTLSv1 804*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 805*66bae5e7SchristosVerifyMode = Peer 806*66bae5e7Schristos 807*66bae5e7Schristos[test-25] 808*66bae5e7SchristosExpectedResult = Success 809*66bae5e7SchristosMethod = DTLS 810*66bae5e7Schristos 811*66bae5e7Schristos 812*66bae5e7Schristos# =========================================================== 813*66bae5e7Schristos 814*66bae5e7Schristos[26-client-auth-DTLSv1-require-fail] 815*66bae5e7Schristosssl_conf = 26-client-auth-DTLSv1-require-fail-ssl 816*66bae5e7Schristos 817*66bae5e7Schristos[26-client-auth-DTLSv1-require-fail-ssl] 818*66bae5e7Schristosserver = 26-client-auth-DTLSv1-require-fail-server 819*66bae5e7Schristosclient = 26-client-auth-DTLSv1-require-fail-client 820*66bae5e7Schristos 821*66bae5e7Schristos[26-client-auth-DTLSv1-require-fail-server] 822*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 823*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 824*66bae5e7SchristosMaxProtocol = DTLSv1 825*66bae5e7SchristosMinProtocol = DTLSv1 826*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 827*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 828*66bae5e7SchristosVerifyMode = Require 829*66bae5e7Schristos 830*66bae5e7Schristos[26-client-auth-DTLSv1-require-fail-client] 831*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 832*66bae5e7SchristosMaxProtocol = DTLSv1 833*66bae5e7SchristosMinProtocol = DTLSv1 834*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 835*66bae5e7SchristosVerifyMode = Peer 836*66bae5e7Schristos 837*66bae5e7Schristos[test-26] 838*66bae5e7SchristosExpectedResult = ServerFail 839*66bae5e7SchristosExpectedServerAlert = HandshakeFailure 840*66bae5e7SchristosMethod = DTLS 841*66bae5e7Schristos 842*66bae5e7Schristos 843*66bae5e7Schristos# =========================================================== 844*66bae5e7Schristos 845*66bae5e7Schristos[27-client-auth-DTLSv1-require] 846*66bae5e7Schristosssl_conf = 27-client-auth-DTLSv1-require-ssl 847*66bae5e7Schristos 848*66bae5e7Schristos[27-client-auth-DTLSv1-require-ssl] 849*66bae5e7Schristosserver = 27-client-auth-DTLSv1-require-server 850*66bae5e7Schristosclient = 27-client-auth-DTLSv1-require-client 851*66bae5e7Schristos 852*66bae5e7Schristos[27-client-auth-DTLSv1-require-server] 853*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 854*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 855*66bae5e7SchristosMaxProtocol = DTLSv1 856*66bae5e7SchristosMinProtocol = DTLSv1 857*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 858*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 859*66bae5e7SchristosVerifyMode = Request 860*66bae5e7Schristos 861*66bae5e7Schristos[27-client-auth-DTLSv1-require-client] 862*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 863*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 864*66bae5e7SchristosMaxProtocol = DTLSv1 865*66bae5e7SchristosMinProtocol = DTLSv1 866*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 867*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 868*66bae5e7SchristosVerifyMode = Peer 869*66bae5e7Schristos 870*66bae5e7Schristos[test-27] 871*66bae5e7SchristosExpectedClientCANames = empty 872*66bae5e7SchristosExpectedClientCertType = RSA 873*66bae5e7SchristosExpectedResult = Success 874*66bae5e7SchristosMethod = DTLS 875*66bae5e7Schristos 876*66bae5e7Schristos 877*66bae5e7Schristos# =========================================================== 878*66bae5e7Schristos 879*66bae5e7Schristos[28-client-auth-DTLSv1-require-non-empty-names] 880*66bae5e7Schristosssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl 881*66bae5e7Schristos 882*66bae5e7Schristos[28-client-auth-DTLSv1-require-non-empty-names-ssl] 883*66bae5e7Schristosserver = 28-client-auth-DTLSv1-require-non-empty-names-server 884*66bae5e7Schristosclient = 28-client-auth-DTLSv1-require-non-empty-names-client 885*66bae5e7Schristos 886*66bae5e7Schristos[28-client-auth-DTLSv1-require-non-empty-names-server] 887*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 888*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 889*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 890*66bae5e7SchristosMaxProtocol = DTLSv1 891*66bae5e7SchristosMinProtocol = DTLSv1 892*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 893*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 894*66bae5e7SchristosVerifyMode = Request 895*66bae5e7Schristos 896*66bae5e7Schristos[28-client-auth-DTLSv1-require-non-empty-names-client] 897*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 898*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 899*66bae5e7SchristosMaxProtocol = DTLSv1 900*66bae5e7SchristosMinProtocol = DTLSv1 901*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 902*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 903*66bae5e7SchristosVerifyMode = Peer 904*66bae5e7Schristos 905*66bae5e7Schristos[test-28] 906*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 907*66bae5e7SchristosExpectedClientCertType = RSA 908*66bae5e7SchristosExpectedResult = Success 909*66bae5e7SchristosMethod = DTLS 910*66bae5e7Schristos 911*66bae5e7Schristos 912*66bae5e7Schristos# =========================================================== 913*66bae5e7Schristos 914*66bae5e7Schristos[29-client-auth-DTLSv1-noroot] 915*66bae5e7Schristosssl_conf = 29-client-auth-DTLSv1-noroot-ssl 916*66bae5e7Schristos 917*66bae5e7Schristos[29-client-auth-DTLSv1-noroot-ssl] 918*66bae5e7Schristosserver = 29-client-auth-DTLSv1-noroot-server 919*66bae5e7Schristosclient = 29-client-auth-DTLSv1-noroot-client 920*66bae5e7Schristos 921*66bae5e7Schristos[29-client-auth-DTLSv1-noroot-server] 922*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 923*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 924*66bae5e7SchristosMaxProtocol = DTLSv1 925*66bae5e7SchristosMinProtocol = DTLSv1 926*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 927*66bae5e7SchristosVerifyMode = Require 928*66bae5e7Schristos 929*66bae5e7Schristos[29-client-auth-DTLSv1-noroot-client] 930*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 931*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 932*66bae5e7SchristosMaxProtocol = DTLSv1 933*66bae5e7SchristosMinProtocol = DTLSv1 934*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 935*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 936*66bae5e7SchristosVerifyMode = Peer 937*66bae5e7Schristos 938*66bae5e7Schristos[test-29] 939*66bae5e7SchristosExpectedResult = ServerFail 940*66bae5e7SchristosExpectedServerAlert = UnknownCA 941*66bae5e7SchristosMethod = DTLS 942*66bae5e7Schristos 943*66bae5e7Schristos 944*66bae5e7Schristos# =========================================================== 945*66bae5e7Schristos 946*66bae5e7Schristos[30-server-auth-DTLSv1.2] 947*66bae5e7Schristosssl_conf = 30-server-auth-DTLSv1.2-ssl 948*66bae5e7Schristos 949*66bae5e7Schristos[30-server-auth-DTLSv1.2-ssl] 950*66bae5e7Schristosserver = 30-server-auth-DTLSv1.2-server 951*66bae5e7Schristosclient = 30-server-auth-DTLSv1.2-client 952*66bae5e7Schristos 953*66bae5e7Schristos[30-server-auth-DTLSv1.2-server] 954*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 955*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 956*66bae5e7SchristosMaxProtocol = DTLSv1.2 957*66bae5e7SchristosMinProtocol = DTLSv1.2 958*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 959*66bae5e7Schristos 960*66bae5e7Schristos[30-server-auth-DTLSv1.2-client] 961*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 962*66bae5e7SchristosMaxProtocol = DTLSv1.2 963*66bae5e7SchristosMinProtocol = DTLSv1.2 964*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 965*66bae5e7SchristosVerifyMode = Peer 966*66bae5e7Schristos 967*66bae5e7Schristos[test-30] 968*66bae5e7SchristosExpectedResult = Success 969*66bae5e7SchristosMethod = DTLS 970*66bae5e7Schristos 971*66bae5e7Schristos 972*66bae5e7Schristos# =========================================================== 973*66bae5e7Schristos 974*66bae5e7Schristos[31-client-auth-DTLSv1.2-request] 975*66bae5e7Schristosssl_conf = 31-client-auth-DTLSv1.2-request-ssl 976*66bae5e7Schristos 977*66bae5e7Schristos[31-client-auth-DTLSv1.2-request-ssl] 978*66bae5e7Schristosserver = 31-client-auth-DTLSv1.2-request-server 979*66bae5e7Schristosclient = 31-client-auth-DTLSv1.2-request-client 980*66bae5e7Schristos 981*66bae5e7Schristos[31-client-auth-DTLSv1.2-request-server] 982*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 983*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 984*66bae5e7SchristosMaxProtocol = DTLSv1.2 985*66bae5e7SchristosMinProtocol = DTLSv1.2 986*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 987*66bae5e7SchristosVerifyMode = Request 988*66bae5e7Schristos 989*66bae5e7Schristos[31-client-auth-DTLSv1.2-request-client] 990*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 991*66bae5e7SchristosMaxProtocol = DTLSv1.2 992*66bae5e7SchristosMinProtocol = DTLSv1.2 993*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 994*66bae5e7SchristosVerifyMode = Peer 995*66bae5e7Schristos 996*66bae5e7Schristos[test-31] 997*66bae5e7SchristosExpectedResult = Success 998*66bae5e7SchristosMethod = DTLS 999*66bae5e7Schristos 1000*66bae5e7Schristos 1001*66bae5e7Schristos# =========================================================== 1002*66bae5e7Schristos 1003*66bae5e7Schristos[32-client-auth-DTLSv1.2-require-fail] 1004*66bae5e7Schristosssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl 1005*66bae5e7Schristos 1006*66bae5e7Schristos[32-client-auth-DTLSv1.2-require-fail-ssl] 1007*66bae5e7Schristosserver = 32-client-auth-DTLSv1.2-require-fail-server 1008*66bae5e7Schristosclient = 32-client-auth-DTLSv1.2-require-fail-client 1009*66bae5e7Schristos 1010*66bae5e7Schristos[32-client-auth-DTLSv1.2-require-fail-server] 1011*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1012*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1013*66bae5e7SchristosMaxProtocol = DTLSv1.2 1014*66bae5e7SchristosMinProtocol = DTLSv1.2 1015*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1016*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1017*66bae5e7SchristosVerifyMode = Require 1018*66bae5e7Schristos 1019*66bae5e7Schristos[32-client-auth-DTLSv1.2-require-fail-client] 1020*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1021*66bae5e7SchristosMaxProtocol = DTLSv1.2 1022*66bae5e7SchristosMinProtocol = DTLSv1.2 1023*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1024*66bae5e7SchristosVerifyMode = Peer 1025*66bae5e7Schristos 1026*66bae5e7Schristos[test-32] 1027*66bae5e7SchristosExpectedResult = ServerFail 1028*66bae5e7SchristosExpectedServerAlert = HandshakeFailure 1029*66bae5e7SchristosMethod = DTLS 1030*66bae5e7Schristos 1031*66bae5e7Schristos 1032*66bae5e7Schristos# =========================================================== 1033*66bae5e7Schristos 1034*66bae5e7Schristos[33-client-auth-DTLSv1.2-require] 1035*66bae5e7Schristosssl_conf = 33-client-auth-DTLSv1.2-require-ssl 1036*66bae5e7Schristos 1037*66bae5e7Schristos[33-client-auth-DTLSv1.2-require-ssl] 1038*66bae5e7Schristosserver = 33-client-auth-DTLSv1.2-require-server 1039*66bae5e7Schristosclient = 33-client-auth-DTLSv1.2-require-client 1040*66bae5e7Schristos 1041*66bae5e7Schristos[33-client-auth-DTLSv1.2-require-server] 1042*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1043*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1044*66bae5e7SchristosMaxProtocol = DTLSv1.2 1045*66bae5e7SchristosMinProtocol = DTLSv1.2 1046*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1047*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1048*66bae5e7SchristosVerifyMode = Request 1049*66bae5e7Schristos 1050*66bae5e7Schristos[33-client-auth-DTLSv1.2-require-client] 1051*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1052*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1053*66bae5e7SchristosMaxProtocol = DTLSv1.2 1054*66bae5e7SchristosMinProtocol = DTLSv1.2 1055*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1056*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1057*66bae5e7SchristosVerifyMode = Peer 1058*66bae5e7Schristos 1059*66bae5e7Schristos[test-33] 1060*66bae5e7SchristosExpectedClientCANames = empty 1061*66bae5e7SchristosExpectedClientCertType = RSA 1062*66bae5e7SchristosExpectedResult = Success 1063*66bae5e7SchristosMethod = DTLS 1064*66bae5e7Schristos 1065*66bae5e7Schristos 1066*66bae5e7Schristos# =========================================================== 1067*66bae5e7Schristos 1068*66bae5e7Schristos[34-client-auth-DTLSv1.2-require-non-empty-names] 1069*66bae5e7Schristosssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl 1070*66bae5e7Schristos 1071*66bae5e7Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-ssl] 1072*66bae5e7Schristosserver = 34-client-auth-DTLSv1.2-require-non-empty-names-server 1073*66bae5e7Schristosclient = 34-client-auth-DTLSv1.2-require-non-empty-names-client 1074*66bae5e7Schristos 1075*66bae5e7Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-server] 1076*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1077*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1078*66bae5e7SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1079*66bae5e7SchristosMaxProtocol = DTLSv1.2 1080*66bae5e7SchristosMinProtocol = DTLSv1.2 1081*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1082*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1083*66bae5e7SchristosVerifyMode = Request 1084*66bae5e7Schristos 1085*66bae5e7Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-client] 1086*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1087*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1088*66bae5e7SchristosMaxProtocol = DTLSv1.2 1089*66bae5e7SchristosMinProtocol = DTLSv1.2 1090*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1091*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1092*66bae5e7SchristosVerifyMode = Peer 1093*66bae5e7Schristos 1094*66bae5e7Schristos[test-34] 1095*66bae5e7SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1096*66bae5e7SchristosExpectedClientCertType = RSA 1097*66bae5e7SchristosExpectedResult = Success 1098*66bae5e7SchristosMethod = DTLS 1099*66bae5e7Schristos 1100*66bae5e7Schristos 1101*66bae5e7Schristos# =========================================================== 1102*66bae5e7Schristos 1103*66bae5e7Schristos[35-client-auth-DTLSv1.2-noroot] 1104*66bae5e7Schristosssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl 1105*66bae5e7Schristos 1106*66bae5e7Schristos[35-client-auth-DTLSv1.2-noroot-ssl] 1107*66bae5e7Schristosserver = 35-client-auth-DTLSv1.2-noroot-server 1108*66bae5e7Schristosclient = 35-client-auth-DTLSv1.2-noroot-client 1109*66bae5e7Schristos 1110*66bae5e7Schristos[35-client-auth-DTLSv1.2-noroot-server] 1111*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1112*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1113*66bae5e7SchristosMaxProtocol = DTLSv1.2 1114*66bae5e7SchristosMinProtocol = DTLSv1.2 1115*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1116*66bae5e7SchristosVerifyMode = Require 1117*66bae5e7Schristos 1118*66bae5e7Schristos[35-client-auth-DTLSv1.2-noroot-client] 1119*66bae5e7SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1120*66bae5e7SchristosCipherString = DEFAULT:@SECLEVEL=0 1121*66bae5e7SchristosMaxProtocol = DTLSv1.2 1122*66bae5e7SchristosMinProtocol = DTLSv1.2 1123*66bae5e7SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1124*66bae5e7SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1125*66bae5e7SchristosVerifyMode = Peer 1126*66bae5e7Schristos 1127*66bae5e7Schristos[test-35] 1128*66bae5e7SchristosExpectedResult = ServerFail 1129*66bae5e7SchristosExpectedServerAlert = UnknownCA 1130*66bae5e7SchristosMethod = DTLS 1131*66bae5e7Schristos 1132*66bae5e7Schristos 1133