xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/ssl-tests/04-client_auth.cnf (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
1*b0d17251Schristos# Generated with generate_ssl_tests.pl
2*b0d17251Schristos
3*b0d17251Schristosnum_tests = 36
4*b0d17251Schristos
5*b0d17251Schristostest-0 = 0-server-auth-flex
6*b0d17251Schristostest-1 = 1-client-auth-flex-request
7*b0d17251Schristostest-2 = 2-client-auth-flex-require-fail
8*b0d17251Schristostest-3 = 3-client-auth-flex-require
9*b0d17251Schristostest-4 = 4-client-auth-flex-require-non-empty-names
10*b0d17251Schristostest-5 = 5-client-auth-flex-noroot
11*b0d17251Schristostest-6 = 6-server-auth-TLSv1
12*b0d17251Schristostest-7 = 7-client-auth-TLSv1-request
13*b0d17251Schristostest-8 = 8-client-auth-TLSv1-require-fail
14*b0d17251Schristostest-9 = 9-client-auth-TLSv1-require
15*b0d17251Schristostest-10 = 10-client-auth-TLSv1-require-non-empty-names
16*b0d17251Schristostest-11 = 11-client-auth-TLSv1-noroot
17*b0d17251Schristostest-12 = 12-server-auth-TLSv1.1
18*b0d17251Schristostest-13 = 13-client-auth-TLSv1.1-request
19*b0d17251Schristostest-14 = 14-client-auth-TLSv1.1-require-fail
20*b0d17251Schristostest-15 = 15-client-auth-TLSv1.1-require
21*b0d17251Schristostest-16 = 16-client-auth-TLSv1.1-require-non-empty-names
22*b0d17251Schristostest-17 = 17-client-auth-TLSv1.1-noroot
23*b0d17251Schristostest-18 = 18-server-auth-TLSv1.2
24*b0d17251Schristostest-19 = 19-client-auth-TLSv1.2-request
25*b0d17251Schristostest-20 = 20-client-auth-TLSv1.2-require-fail
26*b0d17251Schristostest-21 = 21-client-auth-TLSv1.2-require
27*b0d17251Schristostest-22 = 22-client-auth-TLSv1.2-require-non-empty-names
28*b0d17251Schristostest-23 = 23-client-auth-TLSv1.2-noroot
29*b0d17251Schristostest-24 = 24-server-auth-DTLSv1
30*b0d17251Schristostest-25 = 25-client-auth-DTLSv1-request
31*b0d17251Schristostest-26 = 26-client-auth-DTLSv1-require-fail
32*b0d17251Schristostest-27 = 27-client-auth-DTLSv1-require
33*b0d17251Schristostest-28 = 28-client-auth-DTLSv1-require-non-empty-names
34*b0d17251Schristostest-29 = 29-client-auth-DTLSv1-noroot
35*b0d17251Schristostest-30 = 30-server-auth-DTLSv1.2
36*b0d17251Schristostest-31 = 31-client-auth-DTLSv1.2-request
37*b0d17251Schristostest-32 = 32-client-auth-DTLSv1.2-require-fail
38*b0d17251Schristostest-33 = 33-client-auth-DTLSv1.2-require
39*b0d17251Schristostest-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
40*b0d17251Schristostest-35 = 35-client-auth-DTLSv1.2-noroot
41*b0d17251Schristos# ===========================================================
42*b0d17251Schristos
43*b0d17251Schristos[0-server-auth-flex]
44*b0d17251Schristosssl_conf = 0-server-auth-flex-ssl
45*b0d17251Schristos
46*b0d17251Schristos[0-server-auth-flex-ssl]
47*b0d17251Schristosserver = 0-server-auth-flex-server
48*b0d17251Schristosclient = 0-server-auth-flex-client
49*b0d17251Schristos
50*b0d17251Schristos[0-server-auth-flex-server]
51*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
52*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
53*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
54*b0d17251Schristos
55*b0d17251Schristos[0-server-auth-flex-client]
56*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
57*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
58*b0d17251SchristosVerifyMode = Peer
59*b0d17251Schristos
60*b0d17251Schristos[test-0]
61*b0d17251SchristosExpectedResult = Success
62*b0d17251Schristos
63*b0d17251Schristos
64*b0d17251Schristos# ===========================================================
65*b0d17251Schristos
66*b0d17251Schristos[1-client-auth-flex-request]
67*b0d17251Schristosssl_conf = 1-client-auth-flex-request-ssl
68*b0d17251Schristos
69*b0d17251Schristos[1-client-auth-flex-request-ssl]
70*b0d17251Schristosserver = 1-client-auth-flex-request-server
71*b0d17251Schristosclient = 1-client-auth-flex-request-client
72*b0d17251Schristos
73*b0d17251Schristos[1-client-auth-flex-request-server]
74*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
75*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
76*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
77*b0d17251SchristosVerifyMode = Request
78*b0d17251Schristos
79*b0d17251Schristos[1-client-auth-flex-request-client]
80*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
81*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
82*b0d17251SchristosVerifyMode = Peer
83*b0d17251Schristos
84*b0d17251Schristos[test-1]
85*b0d17251SchristosExpectedResult = Success
86*b0d17251Schristos
87*b0d17251Schristos
88*b0d17251Schristos# ===========================================================
89*b0d17251Schristos
90*b0d17251Schristos[2-client-auth-flex-require-fail]
91*b0d17251Schristosssl_conf = 2-client-auth-flex-require-fail-ssl
92*b0d17251Schristos
93*b0d17251Schristos[2-client-auth-flex-require-fail-ssl]
94*b0d17251Schristosserver = 2-client-auth-flex-require-fail-server
95*b0d17251Schristosclient = 2-client-auth-flex-require-fail-client
96*b0d17251Schristos
97*b0d17251Schristos[2-client-auth-flex-require-fail-server]
98*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
99*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
100*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
101*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
102*b0d17251SchristosVerifyMode = Require
103*b0d17251Schristos
104*b0d17251Schristos[2-client-auth-flex-require-fail-client]
105*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
106*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
107*b0d17251SchristosVerifyMode = Peer
108*b0d17251Schristos
109*b0d17251Schristos[test-2]
110*b0d17251SchristosExpectedResult = ServerFail
111*b0d17251SchristosExpectedServerAlert = CertificateRequired
112*b0d17251Schristos
113*b0d17251Schristos
114*b0d17251Schristos# ===========================================================
115*b0d17251Schristos
116*b0d17251Schristos[3-client-auth-flex-require]
117*b0d17251Schristosssl_conf = 3-client-auth-flex-require-ssl
118*b0d17251Schristos
119*b0d17251Schristos[3-client-auth-flex-require-ssl]
120*b0d17251Schristosserver = 3-client-auth-flex-require-server
121*b0d17251Schristosclient = 3-client-auth-flex-require-client
122*b0d17251Schristos
123*b0d17251Schristos[3-client-auth-flex-require-server]
124*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
125*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
126*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
127*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
128*b0d17251SchristosVerifyMode = Request
129*b0d17251Schristos
130*b0d17251Schristos[3-client-auth-flex-require-client]
131*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
132*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
133*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
134*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
135*b0d17251SchristosVerifyMode = Peer
136*b0d17251Schristos
137*b0d17251Schristos[test-3]
138*b0d17251SchristosExpectedClientCANames = empty
139*b0d17251SchristosExpectedClientCertType = RSA
140*b0d17251SchristosExpectedResult = Success
141*b0d17251Schristos
142*b0d17251Schristos
143*b0d17251Schristos# ===========================================================
144*b0d17251Schristos
145*b0d17251Schristos[4-client-auth-flex-require-non-empty-names]
146*b0d17251Schristosssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
147*b0d17251Schristos
148*b0d17251Schristos[4-client-auth-flex-require-non-empty-names-ssl]
149*b0d17251Schristosserver = 4-client-auth-flex-require-non-empty-names-server
150*b0d17251Schristosclient = 4-client-auth-flex-require-non-empty-names-client
151*b0d17251Schristos
152*b0d17251Schristos[4-client-auth-flex-require-non-empty-names-server]
153*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
154*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
155*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
156*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158*b0d17251SchristosVerifyMode = Request
159*b0d17251Schristos
160*b0d17251Schristos[4-client-auth-flex-require-non-empty-names-client]
161*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
163*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
164*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
165*b0d17251SchristosVerifyMode = Peer
166*b0d17251Schristos
167*b0d17251Schristos[test-4]
168*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
169*b0d17251SchristosExpectedClientCertType = RSA
170*b0d17251SchristosExpectedResult = Success
171*b0d17251Schristos
172*b0d17251Schristos
173*b0d17251Schristos# ===========================================================
174*b0d17251Schristos
175*b0d17251Schristos[5-client-auth-flex-noroot]
176*b0d17251Schristosssl_conf = 5-client-auth-flex-noroot-ssl
177*b0d17251Schristos
178*b0d17251Schristos[5-client-auth-flex-noroot-ssl]
179*b0d17251Schristosserver = 5-client-auth-flex-noroot-server
180*b0d17251Schristosclient = 5-client-auth-flex-noroot-client
181*b0d17251Schristos
182*b0d17251Schristos[5-client-auth-flex-noroot-server]
183*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
184*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
185*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
186*b0d17251SchristosVerifyMode = Require
187*b0d17251Schristos
188*b0d17251Schristos[5-client-auth-flex-noroot-client]
189*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
190*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
191*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
192*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
193*b0d17251SchristosVerifyMode = Peer
194*b0d17251Schristos
195*b0d17251Schristos[test-5]
196*b0d17251SchristosExpectedResult = ServerFail
197*b0d17251SchristosExpectedServerAlert = UnknownCA
198*b0d17251Schristos
199*b0d17251Schristos
200*b0d17251Schristos# ===========================================================
201*b0d17251Schristos
202*b0d17251Schristos[6-server-auth-TLSv1]
203*b0d17251Schristosssl_conf = 6-server-auth-TLSv1-ssl
204*b0d17251Schristos
205*b0d17251Schristos[6-server-auth-TLSv1-ssl]
206*b0d17251Schristosserver = 6-server-auth-TLSv1-server
207*b0d17251Schristosclient = 6-server-auth-TLSv1-client
208*b0d17251Schristos
209*b0d17251Schristos[6-server-auth-TLSv1-server]
210*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
211*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
212*b0d17251SchristosMaxProtocol = TLSv1
213*b0d17251SchristosMinProtocol = TLSv1
214*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
215*b0d17251Schristos
216*b0d17251Schristos[6-server-auth-TLSv1-client]
217*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
218*b0d17251SchristosMaxProtocol = TLSv1
219*b0d17251SchristosMinProtocol = TLSv1
220*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
221*b0d17251SchristosVerifyMode = Peer
222*b0d17251Schristos
223*b0d17251Schristos[test-6]
224*b0d17251SchristosExpectedResult = Success
225*b0d17251Schristos
226*b0d17251Schristos
227*b0d17251Schristos# ===========================================================
228*b0d17251Schristos
229*b0d17251Schristos[7-client-auth-TLSv1-request]
230*b0d17251Schristosssl_conf = 7-client-auth-TLSv1-request-ssl
231*b0d17251Schristos
232*b0d17251Schristos[7-client-auth-TLSv1-request-ssl]
233*b0d17251Schristosserver = 7-client-auth-TLSv1-request-server
234*b0d17251Schristosclient = 7-client-auth-TLSv1-request-client
235*b0d17251Schristos
236*b0d17251Schristos[7-client-auth-TLSv1-request-server]
237*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
238*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
239*b0d17251SchristosMaxProtocol = TLSv1
240*b0d17251SchristosMinProtocol = TLSv1
241*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
242*b0d17251SchristosVerifyMode = Request
243*b0d17251Schristos
244*b0d17251Schristos[7-client-auth-TLSv1-request-client]
245*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
246*b0d17251SchristosMaxProtocol = TLSv1
247*b0d17251SchristosMinProtocol = TLSv1
248*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
249*b0d17251SchristosVerifyMode = Peer
250*b0d17251Schristos
251*b0d17251Schristos[test-7]
252*b0d17251SchristosExpectedResult = Success
253*b0d17251Schristos
254*b0d17251Schristos
255*b0d17251Schristos# ===========================================================
256*b0d17251Schristos
257*b0d17251Schristos[8-client-auth-TLSv1-require-fail]
258*b0d17251Schristosssl_conf = 8-client-auth-TLSv1-require-fail-ssl
259*b0d17251Schristos
260*b0d17251Schristos[8-client-auth-TLSv1-require-fail-ssl]
261*b0d17251Schristosserver = 8-client-auth-TLSv1-require-fail-server
262*b0d17251Schristosclient = 8-client-auth-TLSv1-require-fail-client
263*b0d17251Schristos
264*b0d17251Schristos[8-client-auth-TLSv1-require-fail-server]
265*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
266*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
267*b0d17251SchristosMaxProtocol = TLSv1
268*b0d17251SchristosMinProtocol = TLSv1
269*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
270*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
271*b0d17251SchristosVerifyMode = Require
272*b0d17251Schristos
273*b0d17251Schristos[8-client-auth-TLSv1-require-fail-client]
274*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
275*b0d17251SchristosMaxProtocol = TLSv1
276*b0d17251SchristosMinProtocol = TLSv1
277*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
278*b0d17251SchristosVerifyMode = Peer
279*b0d17251Schristos
280*b0d17251Schristos[test-8]
281*b0d17251SchristosExpectedResult = ServerFail
282*b0d17251SchristosExpectedServerAlert = HandshakeFailure
283*b0d17251Schristos
284*b0d17251Schristos
285*b0d17251Schristos# ===========================================================
286*b0d17251Schristos
287*b0d17251Schristos[9-client-auth-TLSv1-require]
288*b0d17251Schristosssl_conf = 9-client-auth-TLSv1-require-ssl
289*b0d17251Schristos
290*b0d17251Schristos[9-client-auth-TLSv1-require-ssl]
291*b0d17251Schristosserver = 9-client-auth-TLSv1-require-server
292*b0d17251Schristosclient = 9-client-auth-TLSv1-require-client
293*b0d17251Schristos
294*b0d17251Schristos[9-client-auth-TLSv1-require-server]
295*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
296*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
297*b0d17251SchristosMaxProtocol = TLSv1
298*b0d17251SchristosMinProtocol = TLSv1
299*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
300*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
301*b0d17251SchristosVerifyMode = Request
302*b0d17251Schristos
303*b0d17251Schristos[9-client-auth-TLSv1-require-client]
304*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
305*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
306*b0d17251SchristosMaxProtocol = TLSv1
307*b0d17251SchristosMinProtocol = TLSv1
308*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
309*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
310*b0d17251SchristosVerifyMode = Peer
311*b0d17251Schristos
312*b0d17251Schristos[test-9]
313*b0d17251SchristosExpectedClientCANames = empty
314*b0d17251SchristosExpectedClientCertType = RSA
315*b0d17251SchristosExpectedResult = Success
316*b0d17251Schristos
317*b0d17251Schristos
318*b0d17251Schristos# ===========================================================
319*b0d17251Schristos
320*b0d17251Schristos[10-client-auth-TLSv1-require-non-empty-names]
321*b0d17251Schristosssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
322*b0d17251Schristos
323*b0d17251Schristos[10-client-auth-TLSv1-require-non-empty-names-ssl]
324*b0d17251Schristosserver = 10-client-auth-TLSv1-require-non-empty-names-server
325*b0d17251Schristosclient = 10-client-auth-TLSv1-require-non-empty-names-client
326*b0d17251Schristos
327*b0d17251Schristos[10-client-auth-TLSv1-require-non-empty-names-server]
328*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
329*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
330*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
331*b0d17251SchristosMaxProtocol = TLSv1
332*b0d17251SchristosMinProtocol = TLSv1
333*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
334*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
335*b0d17251SchristosVerifyMode = Request
336*b0d17251Schristos
337*b0d17251Schristos[10-client-auth-TLSv1-require-non-empty-names-client]
338*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
339*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
340*b0d17251SchristosMaxProtocol = TLSv1
341*b0d17251SchristosMinProtocol = TLSv1
342*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
343*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
344*b0d17251SchristosVerifyMode = Peer
345*b0d17251Schristos
346*b0d17251Schristos[test-10]
347*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
348*b0d17251SchristosExpectedClientCertType = RSA
349*b0d17251SchristosExpectedResult = Success
350*b0d17251Schristos
351*b0d17251Schristos
352*b0d17251Schristos# ===========================================================
353*b0d17251Schristos
354*b0d17251Schristos[11-client-auth-TLSv1-noroot]
355*b0d17251Schristosssl_conf = 11-client-auth-TLSv1-noroot-ssl
356*b0d17251Schristos
357*b0d17251Schristos[11-client-auth-TLSv1-noroot-ssl]
358*b0d17251Schristosserver = 11-client-auth-TLSv1-noroot-server
359*b0d17251Schristosclient = 11-client-auth-TLSv1-noroot-client
360*b0d17251Schristos
361*b0d17251Schristos[11-client-auth-TLSv1-noroot-server]
362*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
363*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
364*b0d17251SchristosMaxProtocol = TLSv1
365*b0d17251SchristosMinProtocol = TLSv1
366*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
367*b0d17251SchristosVerifyMode = Require
368*b0d17251Schristos
369*b0d17251Schristos[11-client-auth-TLSv1-noroot-client]
370*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
371*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
372*b0d17251SchristosMaxProtocol = TLSv1
373*b0d17251SchristosMinProtocol = TLSv1
374*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
375*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
376*b0d17251SchristosVerifyMode = Peer
377*b0d17251Schristos
378*b0d17251Schristos[test-11]
379*b0d17251SchristosExpectedResult = ServerFail
380*b0d17251SchristosExpectedServerAlert = UnknownCA
381*b0d17251Schristos
382*b0d17251Schristos
383*b0d17251Schristos# ===========================================================
384*b0d17251Schristos
385*b0d17251Schristos[12-server-auth-TLSv1.1]
386*b0d17251Schristosssl_conf = 12-server-auth-TLSv1.1-ssl
387*b0d17251Schristos
388*b0d17251Schristos[12-server-auth-TLSv1.1-ssl]
389*b0d17251Schristosserver = 12-server-auth-TLSv1.1-server
390*b0d17251Schristosclient = 12-server-auth-TLSv1.1-client
391*b0d17251Schristos
392*b0d17251Schristos[12-server-auth-TLSv1.1-server]
393*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
394*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
395*b0d17251SchristosMaxProtocol = TLSv1.1
396*b0d17251SchristosMinProtocol = TLSv1.1
397*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
398*b0d17251Schristos
399*b0d17251Schristos[12-server-auth-TLSv1.1-client]
400*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
401*b0d17251SchristosMaxProtocol = TLSv1.1
402*b0d17251SchristosMinProtocol = TLSv1.1
403*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
404*b0d17251SchristosVerifyMode = Peer
405*b0d17251Schristos
406*b0d17251Schristos[test-12]
407*b0d17251SchristosExpectedResult = Success
408*b0d17251Schristos
409*b0d17251Schristos
410*b0d17251Schristos# ===========================================================
411*b0d17251Schristos
412*b0d17251Schristos[13-client-auth-TLSv1.1-request]
413*b0d17251Schristosssl_conf = 13-client-auth-TLSv1.1-request-ssl
414*b0d17251Schristos
415*b0d17251Schristos[13-client-auth-TLSv1.1-request-ssl]
416*b0d17251Schristosserver = 13-client-auth-TLSv1.1-request-server
417*b0d17251Schristosclient = 13-client-auth-TLSv1.1-request-client
418*b0d17251Schristos
419*b0d17251Schristos[13-client-auth-TLSv1.1-request-server]
420*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
422*b0d17251SchristosMaxProtocol = TLSv1.1
423*b0d17251SchristosMinProtocol = TLSv1.1
424*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
425*b0d17251SchristosVerifyMode = Request
426*b0d17251Schristos
427*b0d17251Schristos[13-client-auth-TLSv1.1-request-client]
428*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
429*b0d17251SchristosMaxProtocol = TLSv1.1
430*b0d17251SchristosMinProtocol = TLSv1.1
431*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
432*b0d17251SchristosVerifyMode = Peer
433*b0d17251Schristos
434*b0d17251Schristos[test-13]
435*b0d17251SchristosExpectedResult = Success
436*b0d17251Schristos
437*b0d17251Schristos
438*b0d17251Schristos# ===========================================================
439*b0d17251Schristos
440*b0d17251Schristos[14-client-auth-TLSv1.1-require-fail]
441*b0d17251Schristosssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
442*b0d17251Schristos
443*b0d17251Schristos[14-client-auth-TLSv1.1-require-fail-ssl]
444*b0d17251Schristosserver = 14-client-auth-TLSv1.1-require-fail-server
445*b0d17251Schristosclient = 14-client-auth-TLSv1.1-require-fail-client
446*b0d17251Schristos
447*b0d17251Schristos[14-client-auth-TLSv1.1-require-fail-server]
448*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
449*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
450*b0d17251SchristosMaxProtocol = TLSv1.1
451*b0d17251SchristosMinProtocol = TLSv1.1
452*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
453*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
454*b0d17251SchristosVerifyMode = Require
455*b0d17251Schristos
456*b0d17251Schristos[14-client-auth-TLSv1.1-require-fail-client]
457*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
458*b0d17251SchristosMaxProtocol = TLSv1.1
459*b0d17251SchristosMinProtocol = TLSv1.1
460*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
461*b0d17251SchristosVerifyMode = Peer
462*b0d17251Schristos
463*b0d17251Schristos[test-14]
464*b0d17251SchristosExpectedResult = ServerFail
465*b0d17251SchristosExpectedServerAlert = HandshakeFailure
466*b0d17251Schristos
467*b0d17251Schristos
468*b0d17251Schristos# ===========================================================
469*b0d17251Schristos
470*b0d17251Schristos[15-client-auth-TLSv1.1-require]
471*b0d17251Schristosssl_conf = 15-client-auth-TLSv1.1-require-ssl
472*b0d17251Schristos
473*b0d17251Schristos[15-client-auth-TLSv1.1-require-ssl]
474*b0d17251Schristosserver = 15-client-auth-TLSv1.1-require-server
475*b0d17251Schristosclient = 15-client-auth-TLSv1.1-require-client
476*b0d17251Schristos
477*b0d17251Schristos[15-client-auth-TLSv1.1-require-server]
478*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
479*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
480*b0d17251SchristosMaxProtocol = TLSv1.1
481*b0d17251SchristosMinProtocol = TLSv1.1
482*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
483*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
484*b0d17251SchristosVerifyMode = Request
485*b0d17251Schristos
486*b0d17251Schristos[15-client-auth-TLSv1.1-require-client]
487*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
488*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
489*b0d17251SchristosMaxProtocol = TLSv1.1
490*b0d17251SchristosMinProtocol = TLSv1.1
491*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
492*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
493*b0d17251SchristosVerifyMode = Peer
494*b0d17251Schristos
495*b0d17251Schristos[test-15]
496*b0d17251SchristosExpectedClientCANames = empty
497*b0d17251SchristosExpectedClientCertType = RSA
498*b0d17251SchristosExpectedResult = Success
499*b0d17251Schristos
500*b0d17251Schristos
501*b0d17251Schristos# ===========================================================
502*b0d17251Schristos
503*b0d17251Schristos[16-client-auth-TLSv1.1-require-non-empty-names]
504*b0d17251Schristosssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
505*b0d17251Schristos
506*b0d17251Schristos[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
507*b0d17251Schristosserver = 16-client-auth-TLSv1.1-require-non-empty-names-server
508*b0d17251Schristosclient = 16-client-auth-TLSv1.1-require-non-empty-names-client
509*b0d17251Schristos
510*b0d17251Schristos[16-client-auth-TLSv1.1-require-non-empty-names-server]
511*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
513*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
514*b0d17251SchristosMaxProtocol = TLSv1.1
515*b0d17251SchristosMinProtocol = TLSv1.1
516*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
517*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
518*b0d17251SchristosVerifyMode = Request
519*b0d17251Schristos
520*b0d17251Schristos[16-client-auth-TLSv1.1-require-non-empty-names-client]
521*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
522*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
523*b0d17251SchristosMaxProtocol = TLSv1.1
524*b0d17251SchristosMinProtocol = TLSv1.1
525*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
526*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
527*b0d17251SchristosVerifyMode = Peer
528*b0d17251Schristos
529*b0d17251Schristos[test-16]
530*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
531*b0d17251SchristosExpectedClientCertType = RSA
532*b0d17251SchristosExpectedResult = Success
533*b0d17251Schristos
534*b0d17251Schristos
535*b0d17251Schristos# ===========================================================
536*b0d17251Schristos
537*b0d17251Schristos[17-client-auth-TLSv1.1-noroot]
538*b0d17251Schristosssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
539*b0d17251Schristos
540*b0d17251Schristos[17-client-auth-TLSv1.1-noroot-ssl]
541*b0d17251Schristosserver = 17-client-auth-TLSv1.1-noroot-server
542*b0d17251Schristosclient = 17-client-auth-TLSv1.1-noroot-client
543*b0d17251Schristos
544*b0d17251Schristos[17-client-auth-TLSv1.1-noroot-server]
545*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
546*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
547*b0d17251SchristosMaxProtocol = TLSv1.1
548*b0d17251SchristosMinProtocol = TLSv1.1
549*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
550*b0d17251SchristosVerifyMode = Require
551*b0d17251Schristos
552*b0d17251Schristos[17-client-auth-TLSv1.1-noroot-client]
553*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
554*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
555*b0d17251SchristosMaxProtocol = TLSv1.1
556*b0d17251SchristosMinProtocol = TLSv1.1
557*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
558*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
559*b0d17251SchristosVerifyMode = Peer
560*b0d17251Schristos
561*b0d17251Schristos[test-17]
562*b0d17251SchristosExpectedResult = ServerFail
563*b0d17251SchristosExpectedServerAlert = UnknownCA
564*b0d17251Schristos
565*b0d17251Schristos
566*b0d17251Schristos# ===========================================================
567*b0d17251Schristos
568*b0d17251Schristos[18-server-auth-TLSv1.2]
569*b0d17251Schristosssl_conf = 18-server-auth-TLSv1.2-ssl
570*b0d17251Schristos
571*b0d17251Schristos[18-server-auth-TLSv1.2-ssl]
572*b0d17251Schristosserver = 18-server-auth-TLSv1.2-server
573*b0d17251Schristosclient = 18-server-auth-TLSv1.2-client
574*b0d17251Schristos
575*b0d17251Schristos[18-server-auth-TLSv1.2-server]
576*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
577*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
578*b0d17251SchristosMaxProtocol = TLSv1.2
579*b0d17251SchristosMinProtocol = TLSv1.2
580*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
581*b0d17251Schristos
582*b0d17251Schristos[18-server-auth-TLSv1.2-client]
583*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
584*b0d17251SchristosMaxProtocol = TLSv1.2
585*b0d17251SchristosMinProtocol = TLSv1.2
586*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
587*b0d17251SchristosVerifyMode = Peer
588*b0d17251Schristos
589*b0d17251Schristos[test-18]
590*b0d17251SchristosExpectedResult = Success
591*b0d17251Schristos
592*b0d17251Schristos
593*b0d17251Schristos# ===========================================================
594*b0d17251Schristos
595*b0d17251Schristos[19-client-auth-TLSv1.2-request]
596*b0d17251Schristosssl_conf = 19-client-auth-TLSv1.2-request-ssl
597*b0d17251Schristos
598*b0d17251Schristos[19-client-auth-TLSv1.2-request-ssl]
599*b0d17251Schristosserver = 19-client-auth-TLSv1.2-request-server
600*b0d17251Schristosclient = 19-client-auth-TLSv1.2-request-client
601*b0d17251Schristos
602*b0d17251Schristos[19-client-auth-TLSv1.2-request-server]
603*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
604*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
605*b0d17251SchristosMaxProtocol = TLSv1.2
606*b0d17251SchristosMinProtocol = TLSv1.2
607*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
608*b0d17251SchristosVerifyMode = Request
609*b0d17251Schristos
610*b0d17251Schristos[19-client-auth-TLSv1.2-request-client]
611*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
612*b0d17251SchristosMaxProtocol = TLSv1.2
613*b0d17251SchristosMinProtocol = TLSv1.2
614*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
615*b0d17251SchristosVerifyMode = Peer
616*b0d17251Schristos
617*b0d17251Schristos[test-19]
618*b0d17251SchristosExpectedResult = Success
619*b0d17251Schristos
620*b0d17251Schristos
621*b0d17251Schristos# ===========================================================
622*b0d17251Schristos
623*b0d17251Schristos[20-client-auth-TLSv1.2-require-fail]
624*b0d17251Schristosssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
625*b0d17251Schristos
626*b0d17251Schristos[20-client-auth-TLSv1.2-require-fail-ssl]
627*b0d17251Schristosserver = 20-client-auth-TLSv1.2-require-fail-server
628*b0d17251Schristosclient = 20-client-auth-TLSv1.2-require-fail-client
629*b0d17251Schristos
630*b0d17251Schristos[20-client-auth-TLSv1.2-require-fail-server]
631*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
632*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
633*b0d17251SchristosMaxProtocol = TLSv1.2
634*b0d17251SchristosMinProtocol = TLSv1.2
635*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
636*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
637*b0d17251SchristosVerifyMode = Require
638*b0d17251Schristos
639*b0d17251Schristos[20-client-auth-TLSv1.2-require-fail-client]
640*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
641*b0d17251SchristosMaxProtocol = TLSv1.2
642*b0d17251SchristosMinProtocol = TLSv1.2
643*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
644*b0d17251SchristosVerifyMode = Peer
645*b0d17251Schristos
646*b0d17251Schristos[test-20]
647*b0d17251SchristosExpectedResult = ServerFail
648*b0d17251SchristosExpectedServerAlert = HandshakeFailure
649*b0d17251Schristos
650*b0d17251Schristos
651*b0d17251Schristos# ===========================================================
652*b0d17251Schristos
653*b0d17251Schristos[21-client-auth-TLSv1.2-require]
654*b0d17251Schristosssl_conf = 21-client-auth-TLSv1.2-require-ssl
655*b0d17251Schristos
656*b0d17251Schristos[21-client-auth-TLSv1.2-require-ssl]
657*b0d17251Schristosserver = 21-client-auth-TLSv1.2-require-server
658*b0d17251Schristosclient = 21-client-auth-TLSv1.2-require-client
659*b0d17251Schristos
660*b0d17251Schristos[21-client-auth-TLSv1.2-require-server]
661*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
662*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
663*b0d17251SchristosClientSignatureAlgorithms = SHA256+RSA
664*b0d17251SchristosMaxProtocol = TLSv1.2
665*b0d17251SchristosMinProtocol = TLSv1.2
666*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
667*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
668*b0d17251SchristosVerifyMode = Request
669*b0d17251Schristos
670*b0d17251Schristos[21-client-auth-TLSv1.2-require-client]
671*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
672*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
673*b0d17251SchristosMaxProtocol = TLSv1.2
674*b0d17251SchristosMinProtocol = TLSv1.2
675*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
676*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
677*b0d17251SchristosVerifyMode = Peer
678*b0d17251Schristos
679*b0d17251Schristos[test-21]
680*b0d17251SchristosExpectedClientCANames = empty
681*b0d17251SchristosExpectedClientCertType = RSA
682*b0d17251SchristosExpectedClientSignHash = SHA256
683*b0d17251SchristosExpectedClientSignType = RSA
684*b0d17251SchristosExpectedResult = Success
685*b0d17251Schristos
686*b0d17251Schristos
687*b0d17251Schristos# ===========================================================
688*b0d17251Schristos
689*b0d17251Schristos[22-client-auth-TLSv1.2-require-non-empty-names]
690*b0d17251Schristosssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
691*b0d17251Schristos
692*b0d17251Schristos[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
693*b0d17251Schristosserver = 22-client-auth-TLSv1.2-require-non-empty-names-server
694*b0d17251Schristosclient = 22-client-auth-TLSv1.2-require-non-empty-names-client
695*b0d17251Schristos
696*b0d17251Schristos[22-client-auth-TLSv1.2-require-non-empty-names-server]
697*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
698*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
699*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
700*b0d17251SchristosClientSignatureAlgorithms = SHA256+RSA
701*b0d17251SchristosMaxProtocol = TLSv1.2
702*b0d17251SchristosMinProtocol = TLSv1.2
703*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
704*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
705*b0d17251SchristosVerifyMode = Request
706*b0d17251Schristos
707*b0d17251Schristos[22-client-auth-TLSv1.2-require-non-empty-names-client]
708*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
709*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
710*b0d17251SchristosMaxProtocol = TLSv1.2
711*b0d17251SchristosMinProtocol = TLSv1.2
712*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
713*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
714*b0d17251SchristosVerifyMode = Peer
715*b0d17251Schristos
716*b0d17251Schristos[test-22]
717*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
718*b0d17251SchristosExpectedClientCertType = RSA
719*b0d17251SchristosExpectedClientSignHash = SHA256
720*b0d17251SchristosExpectedClientSignType = RSA
721*b0d17251SchristosExpectedResult = Success
722*b0d17251Schristos
723*b0d17251Schristos
724*b0d17251Schristos# ===========================================================
725*b0d17251Schristos
726*b0d17251Schristos[23-client-auth-TLSv1.2-noroot]
727*b0d17251Schristosssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
728*b0d17251Schristos
729*b0d17251Schristos[23-client-auth-TLSv1.2-noroot-ssl]
730*b0d17251Schristosserver = 23-client-auth-TLSv1.2-noroot-server
731*b0d17251Schristosclient = 23-client-auth-TLSv1.2-noroot-client
732*b0d17251Schristos
733*b0d17251Schristos[23-client-auth-TLSv1.2-noroot-server]
734*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
735*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
736*b0d17251SchristosMaxProtocol = TLSv1.2
737*b0d17251SchristosMinProtocol = TLSv1.2
738*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
739*b0d17251SchristosVerifyMode = Require
740*b0d17251Schristos
741*b0d17251Schristos[23-client-auth-TLSv1.2-noroot-client]
742*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
743*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
744*b0d17251SchristosMaxProtocol = TLSv1.2
745*b0d17251SchristosMinProtocol = TLSv1.2
746*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
747*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
748*b0d17251SchristosVerifyMode = Peer
749*b0d17251Schristos
750*b0d17251Schristos[test-23]
751*b0d17251SchristosExpectedResult = ServerFail
752*b0d17251SchristosExpectedServerAlert = UnknownCA
753*b0d17251Schristos
754*b0d17251Schristos
755*b0d17251Schristos# ===========================================================
756*b0d17251Schristos
757*b0d17251Schristos[24-server-auth-DTLSv1]
758*b0d17251Schristosssl_conf = 24-server-auth-DTLSv1-ssl
759*b0d17251Schristos
760*b0d17251Schristos[24-server-auth-DTLSv1-ssl]
761*b0d17251Schristosserver = 24-server-auth-DTLSv1-server
762*b0d17251Schristosclient = 24-server-auth-DTLSv1-client
763*b0d17251Schristos
764*b0d17251Schristos[24-server-auth-DTLSv1-server]
765*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
766*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
767*b0d17251SchristosMaxProtocol = DTLSv1
768*b0d17251SchristosMinProtocol = DTLSv1
769*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
770*b0d17251Schristos
771*b0d17251Schristos[24-server-auth-DTLSv1-client]
772*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
773*b0d17251SchristosMaxProtocol = DTLSv1
774*b0d17251SchristosMinProtocol = DTLSv1
775*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
776*b0d17251SchristosVerifyMode = Peer
777*b0d17251Schristos
778*b0d17251Schristos[test-24]
779*b0d17251SchristosExpectedResult = Success
780*b0d17251SchristosMethod = DTLS
781*b0d17251Schristos
782*b0d17251Schristos
783*b0d17251Schristos# ===========================================================
784*b0d17251Schristos
785*b0d17251Schristos[25-client-auth-DTLSv1-request]
786*b0d17251Schristosssl_conf = 25-client-auth-DTLSv1-request-ssl
787*b0d17251Schristos
788*b0d17251Schristos[25-client-auth-DTLSv1-request-ssl]
789*b0d17251Schristosserver = 25-client-auth-DTLSv1-request-server
790*b0d17251Schristosclient = 25-client-auth-DTLSv1-request-client
791*b0d17251Schristos
792*b0d17251Schristos[25-client-auth-DTLSv1-request-server]
793*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
794*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
795*b0d17251SchristosMaxProtocol = DTLSv1
796*b0d17251SchristosMinProtocol = DTLSv1
797*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
798*b0d17251SchristosVerifyMode = Request
799*b0d17251Schristos
800*b0d17251Schristos[25-client-auth-DTLSv1-request-client]
801*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
802*b0d17251SchristosMaxProtocol = DTLSv1
803*b0d17251SchristosMinProtocol = DTLSv1
804*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
805*b0d17251SchristosVerifyMode = Peer
806*b0d17251Schristos
807*b0d17251Schristos[test-25]
808*b0d17251SchristosExpectedResult = Success
809*b0d17251SchristosMethod = DTLS
810*b0d17251Schristos
811*b0d17251Schristos
812*b0d17251Schristos# ===========================================================
813*b0d17251Schristos
814*b0d17251Schristos[26-client-auth-DTLSv1-require-fail]
815*b0d17251Schristosssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
816*b0d17251Schristos
817*b0d17251Schristos[26-client-auth-DTLSv1-require-fail-ssl]
818*b0d17251Schristosserver = 26-client-auth-DTLSv1-require-fail-server
819*b0d17251Schristosclient = 26-client-auth-DTLSv1-require-fail-client
820*b0d17251Schristos
821*b0d17251Schristos[26-client-auth-DTLSv1-require-fail-server]
822*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
823*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
824*b0d17251SchristosMaxProtocol = DTLSv1
825*b0d17251SchristosMinProtocol = DTLSv1
826*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
827*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
828*b0d17251SchristosVerifyMode = Require
829*b0d17251Schristos
830*b0d17251Schristos[26-client-auth-DTLSv1-require-fail-client]
831*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
832*b0d17251SchristosMaxProtocol = DTLSv1
833*b0d17251SchristosMinProtocol = DTLSv1
834*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
835*b0d17251SchristosVerifyMode = Peer
836*b0d17251Schristos
837*b0d17251Schristos[test-26]
838*b0d17251SchristosExpectedResult = ServerFail
839*b0d17251SchristosExpectedServerAlert = HandshakeFailure
840*b0d17251SchristosMethod = DTLS
841*b0d17251Schristos
842*b0d17251Schristos
843*b0d17251Schristos# ===========================================================
844*b0d17251Schristos
845*b0d17251Schristos[27-client-auth-DTLSv1-require]
846*b0d17251Schristosssl_conf = 27-client-auth-DTLSv1-require-ssl
847*b0d17251Schristos
848*b0d17251Schristos[27-client-auth-DTLSv1-require-ssl]
849*b0d17251Schristosserver = 27-client-auth-DTLSv1-require-server
850*b0d17251Schristosclient = 27-client-auth-DTLSv1-require-client
851*b0d17251Schristos
852*b0d17251Schristos[27-client-auth-DTLSv1-require-server]
853*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
854*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
855*b0d17251SchristosMaxProtocol = DTLSv1
856*b0d17251SchristosMinProtocol = DTLSv1
857*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
858*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
859*b0d17251SchristosVerifyMode = Request
860*b0d17251Schristos
861*b0d17251Schristos[27-client-auth-DTLSv1-require-client]
862*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
863*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
864*b0d17251SchristosMaxProtocol = DTLSv1
865*b0d17251SchristosMinProtocol = DTLSv1
866*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
867*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
868*b0d17251SchristosVerifyMode = Peer
869*b0d17251Schristos
870*b0d17251Schristos[test-27]
871*b0d17251SchristosExpectedClientCANames = empty
872*b0d17251SchristosExpectedClientCertType = RSA
873*b0d17251SchristosExpectedResult = Success
874*b0d17251SchristosMethod = DTLS
875*b0d17251Schristos
876*b0d17251Schristos
877*b0d17251Schristos# ===========================================================
878*b0d17251Schristos
879*b0d17251Schristos[28-client-auth-DTLSv1-require-non-empty-names]
880*b0d17251Schristosssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
881*b0d17251Schristos
882*b0d17251Schristos[28-client-auth-DTLSv1-require-non-empty-names-ssl]
883*b0d17251Schristosserver = 28-client-auth-DTLSv1-require-non-empty-names-server
884*b0d17251Schristosclient = 28-client-auth-DTLSv1-require-non-empty-names-client
885*b0d17251Schristos
886*b0d17251Schristos[28-client-auth-DTLSv1-require-non-empty-names-server]
887*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
888*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
889*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
890*b0d17251SchristosMaxProtocol = DTLSv1
891*b0d17251SchristosMinProtocol = DTLSv1
892*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
894*b0d17251SchristosVerifyMode = Request
895*b0d17251Schristos
896*b0d17251Schristos[28-client-auth-DTLSv1-require-non-empty-names-client]
897*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
898*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
899*b0d17251SchristosMaxProtocol = DTLSv1
900*b0d17251SchristosMinProtocol = DTLSv1
901*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
902*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
903*b0d17251SchristosVerifyMode = Peer
904*b0d17251Schristos
905*b0d17251Schristos[test-28]
906*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
907*b0d17251SchristosExpectedClientCertType = RSA
908*b0d17251SchristosExpectedResult = Success
909*b0d17251SchristosMethod = DTLS
910*b0d17251Schristos
911*b0d17251Schristos
912*b0d17251Schristos# ===========================================================
913*b0d17251Schristos
914*b0d17251Schristos[29-client-auth-DTLSv1-noroot]
915*b0d17251Schristosssl_conf = 29-client-auth-DTLSv1-noroot-ssl
916*b0d17251Schristos
917*b0d17251Schristos[29-client-auth-DTLSv1-noroot-ssl]
918*b0d17251Schristosserver = 29-client-auth-DTLSv1-noroot-server
919*b0d17251Schristosclient = 29-client-auth-DTLSv1-noroot-client
920*b0d17251Schristos
921*b0d17251Schristos[29-client-auth-DTLSv1-noroot-server]
922*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
923*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
924*b0d17251SchristosMaxProtocol = DTLSv1
925*b0d17251SchristosMinProtocol = DTLSv1
926*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
927*b0d17251SchristosVerifyMode = Require
928*b0d17251Schristos
929*b0d17251Schristos[29-client-auth-DTLSv1-noroot-client]
930*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
931*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
932*b0d17251SchristosMaxProtocol = DTLSv1
933*b0d17251SchristosMinProtocol = DTLSv1
934*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
935*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
936*b0d17251SchristosVerifyMode = Peer
937*b0d17251Schristos
938*b0d17251Schristos[test-29]
939*b0d17251SchristosExpectedResult = ServerFail
940*b0d17251SchristosExpectedServerAlert = UnknownCA
941*b0d17251SchristosMethod = DTLS
942*b0d17251Schristos
943*b0d17251Schristos
944*b0d17251Schristos# ===========================================================
945*b0d17251Schristos
946*b0d17251Schristos[30-server-auth-DTLSv1.2]
947*b0d17251Schristosssl_conf = 30-server-auth-DTLSv1.2-ssl
948*b0d17251Schristos
949*b0d17251Schristos[30-server-auth-DTLSv1.2-ssl]
950*b0d17251Schristosserver = 30-server-auth-DTLSv1.2-server
951*b0d17251Schristosclient = 30-server-auth-DTLSv1.2-client
952*b0d17251Schristos
953*b0d17251Schristos[30-server-auth-DTLSv1.2-server]
954*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
955*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
956*b0d17251SchristosMaxProtocol = DTLSv1.2
957*b0d17251SchristosMinProtocol = DTLSv1.2
958*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
959*b0d17251Schristos
960*b0d17251Schristos[30-server-auth-DTLSv1.2-client]
961*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
962*b0d17251SchristosMaxProtocol = DTLSv1.2
963*b0d17251SchristosMinProtocol = DTLSv1.2
964*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
965*b0d17251SchristosVerifyMode = Peer
966*b0d17251Schristos
967*b0d17251Schristos[test-30]
968*b0d17251SchristosExpectedResult = Success
969*b0d17251SchristosMethod = DTLS
970*b0d17251Schristos
971*b0d17251Schristos
972*b0d17251Schristos# ===========================================================
973*b0d17251Schristos
974*b0d17251Schristos[31-client-auth-DTLSv1.2-request]
975*b0d17251Schristosssl_conf = 31-client-auth-DTLSv1.2-request-ssl
976*b0d17251Schristos
977*b0d17251Schristos[31-client-auth-DTLSv1.2-request-ssl]
978*b0d17251Schristosserver = 31-client-auth-DTLSv1.2-request-server
979*b0d17251Schristosclient = 31-client-auth-DTLSv1.2-request-client
980*b0d17251Schristos
981*b0d17251Schristos[31-client-auth-DTLSv1.2-request-server]
982*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
983*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
984*b0d17251SchristosMaxProtocol = DTLSv1.2
985*b0d17251SchristosMinProtocol = DTLSv1.2
986*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
987*b0d17251SchristosVerifyMode = Request
988*b0d17251Schristos
989*b0d17251Schristos[31-client-auth-DTLSv1.2-request-client]
990*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
991*b0d17251SchristosMaxProtocol = DTLSv1.2
992*b0d17251SchristosMinProtocol = DTLSv1.2
993*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
994*b0d17251SchristosVerifyMode = Peer
995*b0d17251Schristos
996*b0d17251Schristos[test-31]
997*b0d17251SchristosExpectedResult = Success
998*b0d17251SchristosMethod = DTLS
999*b0d17251Schristos
1000*b0d17251Schristos
1001*b0d17251Schristos# ===========================================================
1002*b0d17251Schristos
1003*b0d17251Schristos[32-client-auth-DTLSv1.2-require-fail]
1004*b0d17251Schristosssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
1005*b0d17251Schristos
1006*b0d17251Schristos[32-client-auth-DTLSv1.2-require-fail-ssl]
1007*b0d17251Schristosserver = 32-client-auth-DTLSv1.2-require-fail-server
1008*b0d17251Schristosclient = 32-client-auth-DTLSv1.2-require-fail-client
1009*b0d17251Schristos
1010*b0d17251Schristos[32-client-auth-DTLSv1.2-require-fail-server]
1011*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1012*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1013*b0d17251SchristosMaxProtocol = DTLSv1.2
1014*b0d17251SchristosMinProtocol = DTLSv1.2
1015*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1016*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1017*b0d17251SchristosVerifyMode = Require
1018*b0d17251Schristos
1019*b0d17251Schristos[32-client-auth-DTLSv1.2-require-fail-client]
1020*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1021*b0d17251SchristosMaxProtocol = DTLSv1.2
1022*b0d17251SchristosMinProtocol = DTLSv1.2
1023*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1024*b0d17251SchristosVerifyMode = Peer
1025*b0d17251Schristos
1026*b0d17251Schristos[test-32]
1027*b0d17251SchristosExpectedResult = ServerFail
1028*b0d17251SchristosExpectedServerAlert = HandshakeFailure
1029*b0d17251SchristosMethod = DTLS
1030*b0d17251Schristos
1031*b0d17251Schristos
1032*b0d17251Schristos# ===========================================================
1033*b0d17251Schristos
1034*b0d17251Schristos[33-client-auth-DTLSv1.2-require]
1035*b0d17251Schristosssl_conf = 33-client-auth-DTLSv1.2-require-ssl
1036*b0d17251Schristos
1037*b0d17251Schristos[33-client-auth-DTLSv1.2-require-ssl]
1038*b0d17251Schristosserver = 33-client-auth-DTLSv1.2-require-server
1039*b0d17251Schristosclient = 33-client-auth-DTLSv1.2-require-client
1040*b0d17251Schristos
1041*b0d17251Schristos[33-client-auth-DTLSv1.2-require-server]
1042*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1043*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1044*b0d17251SchristosMaxProtocol = DTLSv1.2
1045*b0d17251SchristosMinProtocol = DTLSv1.2
1046*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1047*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1048*b0d17251SchristosVerifyMode = Request
1049*b0d17251Schristos
1050*b0d17251Schristos[33-client-auth-DTLSv1.2-require-client]
1051*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1052*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1053*b0d17251SchristosMaxProtocol = DTLSv1.2
1054*b0d17251SchristosMinProtocol = DTLSv1.2
1055*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1056*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057*b0d17251SchristosVerifyMode = Peer
1058*b0d17251Schristos
1059*b0d17251Schristos[test-33]
1060*b0d17251SchristosExpectedClientCANames = empty
1061*b0d17251SchristosExpectedClientCertType = RSA
1062*b0d17251SchristosExpectedResult = Success
1063*b0d17251SchristosMethod = DTLS
1064*b0d17251Schristos
1065*b0d17251Schristos
1066*b0d17251Schristos# ===========================================================
1067*b0d17251Schristos
1068*b0d17251Schristos[34-client-auth-DTLSv1.2-require-non-empty-names]
1069*b0d17251Schristosssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
1070*b0d17251Schristos
1071*b0d17251Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
1072*b0d17251Schristosserver = 34-client-auth-DTLSv1.2-require-non-empty-names-server
1073*b0d17251Schristosclient = 34-client-auth-DTLSv1.2-require-non-empty-names-client
1074*b0d17251Schristos
1075*b0d17251Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-server]
1076*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1077*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1078*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1079*b0d17251SchristosMaxProtocol = DTLSv1.2
1080*b0d17251SchristosMinProtocol = DTLSv1.2
1081*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1082*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1083*b0d17251SchristosVerifyMode = Request
1084*b0d17251Schristos
1085*b0d17251Schristos[34-client-auth-DTLSv1.2-require-non-empty-names-client]
1086*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1087*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1088*b0d17251SchristosMaxProtocol = DTLSv1.2
1089*b0d17251SchristosMinProtocol = DTLSv1.2
1090*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1091*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1092*b0d17251SchristosVerifyMode = Peer
1093*b0d17251Schristos
1094*b0d17251Schristos[test-34]
1095*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1096*b0d17251SchristosExpectedClientCertType = RSA
1097*b0d17251SchristosExpectedResult = Success
1098*b0d17251SchristosMethod = DTLS
1099*b0d17251Schristos
1100*b0d17251Schristos
1101*b0d17251Schristos# ===========================================================
1102*b0d17251Schristos
1103*b0d17251Schristos[35-client-auth-DTLSv1.2-noroot]
1104*b0d17251Schristosssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
1105*b0d17251Schristos
1106*b0d17251Schristos[35-client-auth-DTLSv1.2-noroot-ssl]
1107*b0d17251Schristosserver = 35-client-auth-DTLSv1.2-noroot-server
1108*b0d17251Schristosclient = 35-client-auth-DTLSv1.2-noroot-client
1109*b0d17251Schristos
1110*b0d17251Schristos[35-client-auth-DTLSv1.2-noroot-server]
1111*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1112*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1113*b0d17251SchristosMaxProtocol = DTLSv1.2
1114*b0d17251SchristosMinProtocol = DTLSv1.2
1115*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1116*b0d17251SchristosVerifyMode = Require
1117*b0d17251Schristos
1118*b0d17251Schristos[35-client-auth-DTLSv1.2-noroot-client]
1119*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1120*b0d17251SchristosCipherString = DEFAULT:@SECLEVEL=0
1121*b0d17251SchristosMaxProtocol = DTLSv1.2
1122*b0d17251SchristosMinProtocol = DTLSv1.2
1123*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1124*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1125*b0d17251SchristosVerifyMode = Peer
1126*b0d17251Schristos
1127*b0d17251Schristos[test-35]
1128*b0d17251SchristosExpectedResult = ServerFail
1129*b0d17251SchristosExpectedServerAlert = UnknownCA
1130*b0d17251SchristosMethod = DTLS
1131*b0d17251Schristos
1132*b0d17251Schristos
1133