xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/ssl-tests/26-tls13_client_auth.cnf (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
1*b0d17251Schristos# Generated with generate_ssl_tests.pl
2*b0d17251Schristos
3*b0d17251Schristosnum_tests = 14
4*b0d17251Schristos
5*b0d17251Schristostest-0 = 0-server-auth-TLSv1.3
6*b0d17251Schristostest-1 = 1-client-auth-TLSv1.3-request
7*b0d17251Schristostest-2 = 2-client-auth-TLSv1.3-require-fail
8*b0d17251Schristostest-3 = 3-client-auth-TLSv1.3-require
9*b0d17251Schristostest-4 = 4-client-auth-TLSv1.3-require-non-empty-names
10*b0d17251Schristostest-5 = 5-client-auth-TLSv1.3-noroot
11*b0d17251Schristostest-6 = 6-client-auth-TLSv1.3-request-post-handshake
12*b0d17251Schristostest-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13*b0d17251Schristostest-8 = 8-client-auth-TLSv1.3-require-post-handshake
14*b0d17251Schristostest-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15*b0d17251Schristostest-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16*b0d17251Schristostest-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17*b0d17251Schristostest-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18*b0d17251Schristostest-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
19*b0d17251Schristos# ===========================================================
20*b0d17251Schristos
21*b0d17251Schristos[0-server-auth-TLSv1.3]
22*b0d17251Schristosssl_conf = 0-server-auth-TLSv1.3-ssl
23*b0d17251Schristos
24*b0d17251Schristos[0-server-auth-TLSv1.3-ssl]
25*b0d17251Schristosserver = 0-server-auth-TLSv1.3-server
26*b0d17251Schristosclient = 0-server-auth-TLSv1.3-client
27*b0d17251Schristos
28*b0d17251Schristos[0-server-auth-TLSv1.3-server]
29*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
30*b0d17251SchristosCipherString = DEFAULT
31*b0d17251SchristosMaxProtocol = TLSv1.3
32*b0d17251SchristosMinProtocol = TLSv1.3
33*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
34*b0d17251Schristos
35*b0d17251Schristos[0-server-auth-TLSv1.3-client]
36*b0d17251SchristosCipherString = DEFAULT
37*b0d17251SchristosMaxProtocol = TLSv1.3
38*b0d17251SchristosMinProtocol = TLSv1.3
39*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
40*b0d17251SchristosVerifyMode = Peer
41*b0d17251Schristos
42*b0d17251Schristos[test-0]
43*b0d17251SchristosExpectedResult = Success
44*b0d17251Schristos
45*b0d17251Schristos
46*b0d17251Schristos# ===========================================================
47*b0d17251Schristos
48*b0d17251Schristos[1-client-auth-TLSv1.3-request]
49*b0d17251Schristosssl_conf = 1-client-auth-TLSv1.3-request-ssl
50*b0d17251Schristos
51*b0d17251Schristos[1-client-auth-TLSv1.3-request-ssl]
52*b0d17251Schristosserver = 1-client-auth-TLSv1.3-request-server
53*b0d17251Schristosclient = 1-client-auth-TLSv1.3-request-client
54*b0d17251Schristos
55*b0d17251Schristos[1-client-auth-TLSv1.3-request-server]
56*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
57*b0d17251SchristosCipherString = DEFAULT
58*b0d17251SchristosMaxProtocol = TLSv1.3
59*b0d17251SchristosMinProtocol = TLSv1.3
60*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
61*b0d17251SchristosVerifyMode = Request
62*b0d17251Schristos
63*b0d17251Schristos[1-client-auth-TLSv1.3-request-client]
64*b0d17251SchristosCipherString = DEFAULT
65*b0d17251SchristosMaxProtocol = TLSv1.3
66*b0d17251SchristosMinProtocol = TLSv1.3
67*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
68*b0d17251SchristosVerifyMode = Peer
69*b0d17251Schristos
70*b0d17251Schristos[test-1]
71*b0d17251SchristosExpectedResult = Success
72*b0d17251Schristos
73*b0d17251Schristos
74*b0d17251Schristos# ===========================================================
75*b0d17251Schristos
76*b0d17251Schristos[2-client-auth-TLSv1.3-require-fail]
77*b0d17251Schristosssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
78*b0d17251Schristos
79*b0d17251Schristos[2-client-auth-TLSv1.3-require-fail-ssl]
80*b0d17251Schristosserver = 2-client-auth-TLSv1.3-require-fail-server
81*b0d17251Schristosclient = 2-client-auth-TLSv1.3-require-fail-client
82*b0d17251Schristos
83*b0d17251Schristos[2-client-auth-TLSv1.3-require-fail-server]
84*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
85*b0d17251SchristosCipherString = DEFAULT
86*b0d17251SchristosMaxProtocol = TLSv1.3
87*b0d17251SchristosMinProtocol = TLSv1.3
88*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
89*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
90*b0d17251SchristosVerifyMode = Require
91*b0d17251Schristos
92*b0d17251Schristos[2-client-auth-TLSv1.3-require-fail-client]
93*b0d17251SchristosCipherString = DEFAULT
94*b0d17251SchristosMaxProtocol = TLSv1.3
95*b0d17251SchristosMinProtocol = TLSv1.3
96*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
97*b0d17251SchristosVerifyMode = Peer
98*b0d17251Schristos
99*b0d17251Schristos[test-2]
100*b0d17251SchristosExpectedResult = ServerFail
101*b0d17251SchristosExpectedServerAlert = CertificateRequired
102*b0d17251Schristos
103*b0d17251Schristos
104*b0d17251Schristos# ===========================================================
105*b0d17251Schristos
106*b0d17251Schristos[3-client-auth-TLSv1.3-require]
107*b0d17251Schristosssl_conf = 3-client-auth-TLSv1.3-require-ssl
108*b0d17251Schristos
109*b0d17251Schristos[3-client-auth-TLSv1.3-require-ssl]
110*b0d17251Schristosserver = 3-client-auth-TLSv1.3-require-server
111*b0d17251Schristosclient = 3-client-auth-TLSv1.3-require-client
112*b0d17251Schristos
113*b0d17251Schristos[3-client-auth-TLSv1.3-require-server]
114*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
115*b0d17251SchristosCipherString = DEFAULT
116*b0d17251SchristosClientSignatureAlgorithms = PSS+SHA256
117*b0d17251SchristosMaxProtocol = TLSv1.3
118*b0d17251SchristosMinProtocol = TLSv1.3
119*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
121*b0d17251SchristosVerifyMode = Request
122*b0d17251Schristos
123*b0d17251Schristos[3-client-auth-TLSv1.3-require-client]
124*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
125*b0d17251SchristosCipherString = DEFAULT
126*b0d17251SchristosMaxProtocol = TLSv1.3
127*b0d17251SchristosMinProtocol = TLSv1.3
128*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
129*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
130*b0d17251SchristosVerifyMode = Peer
131*b0d17251Schristos
132*b0d17251Schristos[test-3]
133*b0d17251SchristosExpectedClientCANames = empty
134*b0d17251SchristosExpectedClientCertType = RSA
135*b0d17251SchristosExpectedClientSignHash = SHA256
136*b0d17251SchristosExpectedClientSignType = RSA-PSS
137*b0d17251SchristosExpectedResult = Success
138*b0d17251Schristos
139*b0d17251Schristos
140*b0d17251Schristos# ===========================================================
141*b0d17251Schristos
142*b0d17251Schristos[4-client-auth-TLSv1.3-require-non-empty-names]
143*b0d17251Schristosssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
144*b0d17251Schristos
145*b0d17251Schristos[4-client-auth-TLSv1.3-require-non-empty-names-ssl]
146*b0d17251Schristosserver = 4-client-auth-TLSv1.3-require-non-empty-names-server
147*b0d17251Schristosclient = 4-client-auth-TLSv1.3-require-non-empty-names-client
148*b0d17251Schristos
149*b0d17251Schristos[4-client-auth-TLSv1.3-require-non-empty-names-server]
150*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
151*b0d17251SchristosCipherString = DEFAULT
152*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153*b0d17251SchristosClientSignatureAlgorithms = PSS+SHA256
154*b0d17251SchristosMaxProtocol = TLSv1.3
155*b0d17251SchristosMinProtocol = TLSv1.3
156*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
157*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
158*b0d17251SchristosVerifyMode = Request
159*b0d17251Schristos
160*b0d17251Schristos[4-client-auth-TLSv1.3-require-non-empty-names-client]
161*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
162*b0d17251SchristosCipherString = DEFAULT
163*b0d17251SchristosMaxProtocol = TLSv1.3
164*b0d17251SchristosMinProtocol = TLSv1.3
165*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
166*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
167*b0d17251SchristosVerifyMode = Peer
168*b0d17251Schristos
169*b0d17251Schristos[test-4]
170*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
171*b0d17251SchristosExpectedClientCertType = RSA
172*b0d17251SchristosExpectedClientSignHash = SHA256
173*b0d17251SchristosExpectedClientSignType = RSA-PSS
174*b0d17251SchristosExpectedResult = Success
175*b0d17251Schristos
176*b0d17251Schristos
177*b0d17251Schristos# ===========================================================
178*b0d17251Schristos
179*b0d17251Schristos[5-client-auth-TLSv1.3-noroot]
180*b0d17251Schristosssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
181*b0d17251Schristos
182*b0d17251Schristos[5-client-auth-TLSv1.3-noroot-ssl]
183*b0d17251Schristosserver = 5-client-auth-TLSv1.3-noroot-server
184*b0d17251Schristosclient = 5-client-auth-TLSv1.3-noroot-client
185*b0d17251Schristos
186*b0d17251Schristos[5-client-auth-TLSv1.3-noroot-server]
187*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
188*b0d17251SchristosCipherString = DEFAULT
189*b0d17251SchristosMaxProtocol = TLSv1.3
190*b0d17251SchristosMinProtocol = TLSv1.3
191*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
192*b0d17251SchristosVerifyMode = Require
193*b0d17251Schristos
194*b0d17251Schristos[5-client-auth-TLSv1.3-noroot-client]
195*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
196*b0d17251SchristosCipherString = DEFAULT
197*b0d17251SchristosMaxProtocol = TLSv1.3
198*b0d17251SchristosMinProtocol = TLSv1.3
199*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
200*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
201*b0d17251SchristosVerifyMode = Peer
202*b0d17251Schristos
203*b0d17251Schristos[test-5]
204*b0d17251SchristosExpectedResult = ServerFail
205*b0d17251SchristosExpectedServerAlert = UnknownCA
206*b0d17251Schristos
207*b0d17251Schristos
208*b0d17251Schristos# ===========================================================
209*b0d17251Schristos
210*b0d17251Schristos[6-client-auth-TLSv1.3-request-post-handshake]
211*b0d17251Schristosssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
212*b0d17251Schristos
213*b0d17251Schristos[6-client-auth-TLSv1.3-request-post-handshake-ssl]
214*b0d17251Schristosserver = 6-client-auth-TLSv1.3-request-post-handshake-server
215*b0d17251Schristosclient = 6-client-auth-TLSv1.3-request-post-handshake-client
216*b0d17251Schristos
217*b0d17251Schristos[6-client-auth-TLSv1.3-request-post-handshake-server]
218*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219*b0d17251SchristosCipherString = DEFAULT
220*b0d17251SchristosMaxProtocol = TLSv1.3
221*b0d17251SchristosMinProtocol = TLSv1.3
222*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
223*b0d17251SchristosVerifyMode = RequestPostHandshake
224*b0d17251Schristos
225*b0d17251Schristos[6-client-auth-TLSv1.3-request-post-handshake-client]
226*b0d17251SchristosCipherString = DEFAULT
227*b0d17251SchristosMaxProtocol = TLSv1.3
228*b0d17251SchristosMinProtocol = TLSv1.3
229*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
230*b0d17251SchristosVerifyMode = Peer
231*b0d17251Schristos
232*b0d17251Schristos[test-6]
233*b0d17251SchristosExpectedResult = ServerFail
234*b0d17251SchristosHandshakeMode = PostHandshakeAuth
235*b0d17251Schristos
236*b0d17251Schristos
237*b0d17251Schristos# ===========================================================
238*b0d17251Schristos
239*b0d17251Schristos[7-client-auth-TLSv1.3-require-fail-post-handshake]
240*b0d17251Schristosssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
241*b0d17251Schristos
242*b0d17251Schristos[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
243*b0d17251Schristosserver = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
244*b0d17251Schristosclient = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
245*b0d17251Schristos
246*b0d17251Schristos[7-client-auth-TLSv1.3-require-fail-post-handshake-server]
247*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
248*b0d17251SchristosCipherString = DEFAULT
249*b0d17251SchristosMaxProtocol = TLSv1.3
250*b0d17251SchristosMinProtocol = TLSv1.3
251*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
252*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
253*b0d17251SchristosVerifyMode = RequirePostHandshake
254*b0d17251Schristos
255*b0d17251Schristos[7-client-auth-TLSv1.3-require-fail-post-handshake-client]
256*b0d17251SchristosCipherString = DEFAULT
257*b0d17251SchristosMaxProtocol = TLSv1.3
258*b0d17251SchristosMinProtocol = TLSv1.3
259*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
260*b0d17251SchristosVerifyMode = Peer
261*b0d17251Schristos
262*b0d17251Schristos[test-7]
263*b0d17251SchristosExpectedResult = ServerFail
264*b0d17251SchristosHandshakeMode = PostHandshakeAuth
265*b0d17251Schristos
266*b0d17251Schristos
267*b0d17251Schristos# ===========================================================
268*b0d17251Schristos
269*b0d17251Schristos[8-client-auth-TLSv1.3-require-post-handshake]
270*b0d17251Schristosssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
271*b0d17251Schristos
272*b0d17251Schristos[8-client-auth-TLSv1.3-require-post-handshake-ssl]
273*b0d17251Schristosserver = 8-client-auth-TLSv1.3-require-post-handshake-server
274*b0d17251Schristosclient = 8-client-auth-TLSv1.3-require-post-handshake-client
275*b0d17251Schristos
276*b0d17251Schristos[8-client-auth-TLSv1.3-require-post-handshake-server]
277*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
278*b0d17251SchristosCipherString = DEFAULT
279*b0d17251SchristosClientSignatureAlgorithms = PSS+SHA256
280*b0d17251SchristosMaxProtocol = TLSv1.3
281*b0d17251SchristosMinProtocol = TLSv1.3
282*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
283*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
284*b0d17251SchristosVerifyMode = RequestPostHandshake
285*b0d17251Schristos
286*b0d17251Schristos[8-client-auth-TLSv1.3-require-post-handshake-client]
287*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
288*b0d17251SchristosCipherString = DEFAULT
289*b0d17251SchristosMaxProtocol = TLSv1.3
290*b0d17251SchristosMinProtocol = TLSv1.3
291*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
292*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
293*b0d17251SchristosVerifyMode = Peer
294*b0d17251Schristos
295*b0d17251Schristos[test-8]
296*b0d17251SchristosExpectedClientCANames = empty
297*b0d17251SchristosExpectedClientCertType = RSA
298*b0d17251SchristosExpectedClientSignHash = SHA256
299*b0d17251SchristosExpectedClientSignType = RSA-PSS
300*b0d17251SchristosExpectedResult = Success
301*b0d17251SchristosHandshakeMode = PostHandshakeAuth
302*b0d17251Schristosclient = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
303*b0d17251Schristos
304*b0d17251Schristos[8-client-auth-TLSv1.3-require-post-handshake-client-extra]
305*b0d17251SchristosEnablePHA = Yes
306*b0d17251Schristos
307*b0d17251Schristos
308*b0d17251Schristos# ===========================================================
309*b0d17251Schristos
310*b0d17251Schristos[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
311*b0d17251Schristosssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
312*b0d17251Schristos
313*b0d17251Schristos[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
314*b0d17251Schristosserver = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
315*b0d17251Schristosclient = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
316*b0d17251Schristos
317*b0d17251Schristos[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
318*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
319*b0d17251SchristosCipherString = DEFAULT
320*b0d17251SchristosClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
321*b0d17251SchristosClientSignatureAlgorithms = PSS+SHA256
322*b0d17251SchristosMaxProtocol = TLSv1.3
323*b0d17251SchristosMinProtocol = TLSv1.3
324*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
325*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
326*b0d17251SchristosVerifyMode = RequestPostHandshake
327*b0d17251Schristos
328*b0d17251Schristos[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
329*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
330*b0d17251SchristosCipherString = DEFAULT
331*b0d17251SchristosMaxProtocol = TLSv1.3
332*b0d17251SchristosMinProtocol = TLSv1.3
333*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
334*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
335*b0d17251SchristosVerifyMode = Peer
336*b0d17251Schristos
337*b0d17251Schristos[test-9]
338*b0d17251SchristosExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
339*b0d17251SchristosExpectedClientCertType = RSA
340*b0d17251SchristosExpectedClientSignHash = SHA256
341*b0d17251SchristosExpectedClientSignType = RSA-PSS
342*b0d17251SchristosExpectedResult = Success
343*b0d17251SchristosHandshakeMode = PostHandshakeAuth
344*b0d17251Schristosclient = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
345*b0d17251Schristos
346*b0d17251Schristos[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
347*b0d17251SchristosEnablePHA = Yes
348*b0d17251Schristos
349*b0d17251Schristos
350*b0d17251Schristos# ===========================================================
351*b0d17251Schristos
352*b0d17251Schristos[10-client-auth-TLSv1.3-noroot-post-handshake]
353*b0d17251Schristosssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
354*b0d17251Schristos
355*b0d17251Schristos[10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
356*b0d17251Schristosserver = 10-client-auth-TLSv1.3-noroot-post-handshake-server
357*b0d17251Schristosclient = 10-client-auth-TLSv1.3-noroot-post-handshake-client
358*b0d17251Schristos
359*b0d17251Schristos[10-client-auth-TLSv1.3-noroot-post-handshake-server]
360*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
361*b0d17251SchristosCipherString = DEFAULT
362*b0d17251SchristosMaxProtocol = TLSv1.3
363*b0d17251SchristosMinProtocol = TLSv1.3
364*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365*b0d17251SchristosVerifyMode = RequirePostHandshake
366*b0d17251Schristos
367*b0d17251Schristos[10-client-auth-TLSv1.3-noroot-post-handshake-client]
368*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
369*b0d17251SchristosCipherString = DEFAULT
370*b0d17251SchristosMaxProtocol = TLSv1.3
371*b0d17251SchristosMinProtocol = TLSv1.3
372*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
373*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
374*b0d17251SchristosVerifyMode = Peer
375*b0d17251Schristos
376*b0d17251Schristos[test-10]
377*b0d17251SchristosExpectedResult = ServerFail
378*b0d17251SchristosExpectedServerAlert = UnknownCA
379*b0d17251SchristosHandshakeMode = PostHandshakeAuth
380*b0d17251Schristosclient = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
381*b0d17251Schristos
382*b0d17251Schristos[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
383*b0d17251SchristosEnablePHA = Yes
384*b0d17251Schristos
385*b0d17251Schristos
386*b0d17251Schristos# ===========================================================
387*b0d17251Schristos
388*b0d17251Schristos[11-client-auth-TLSv1.3-request-force-client-post-handshake]
389*b0d17251Schristosssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
390*b0d17251Schristos
391*b0d17251Schristos[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
392*b0d17251Schristosserver = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
393*b0d17251Schristosclient = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
394*b0d17251Schristos
395*b0d17251Schristos[11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
396*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
397*b0d17251SchristosCipherString = DEFAULT
398*b0d17251SchristosMaxProtocol = TLSv1.3
399*b0d17251SchristosMinProtocol = TLSv1.3
400*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
401*b0d17251SchristosVerifyMode = RequestPostHandshake
402*b0d17251Schristos
403*b0d17251Schristos[11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
404*b0d17251SchristosCipherString = DEFAULT
405*b0d17251SchristosMaxProtocol = TLSv1.3
406*b0d17251SchristosMinProtocol = TLSv1.3
407*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
408*b0d17251SchristosVerifyMode = Peer
409*b0d17251Schristos
410*b0d17251Schristos[test-11]
411*b0d17251SchristosExpectedResult = Success
412*b0d17251SchristosHandshakeMode = PostHandshakeAuth
413*b0d17251Schristosclient = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
414*b0d17251Schristos
415*b0d17251Schristos[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
416*b0d17251SchristosEnablePHA = Yes
417*b0d17251Schristos
418*b0d17251Schristos
419*b0d17251Schristos# ===========================================================
420*b0d17251Schristos
421*b0d17251Schristos[12-client-auth-TLSv1.3-request-force-server-post-handshake]
422*b0d17251Schristosssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
423*b0d17251Schristos
424*b0d17251Schristos[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
425*b0d17251Schristosserver = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
426*b0d17251Schristosclient = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
427*b0d17251Schristos
428*b0d17251Schristos[12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
429*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
430*b0d17251SchristosCipherString = DEFAULT
431*b0d17251SchristosMaxProtocol = TLSv1.3
432*b0d17251SchristosMinProtocol = TLSv1.3
433*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
434*b0d17251SchristosVerifyMode = RequestPostHandshake
435*b0d17251Schristos
436*b0d17251Schristos[12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
437*b0d17251SchristosCipherString = DEFAULT
438*b0d17251SchristosMaxProtocol = TLSv1.3
439*b0d17251SchristosMinProtocol = TLSv1.3
440*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
441*b0d17251SchristosVerifyMode = Peer
442*b0d17251Schristos
443*b0d17251Schristos[test-12]
444*b0d17251SchristosExpectedResult = ClientFail
445*b0d17251SchristosHandshakeMode = PostHandshakeAuth
446*b0d17251Schristosserver = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
447*b0d17251Schristos
448*b0d17251Schristos[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
449*b0d17251SchristosForcePHA = Yes
450*b0d17251Schristos
451*b0d17251Schristos
452*b0d17251Schristos# ===========================================================
453*b0d17251Schristos
454*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake]
455*b0d17251Schristosssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
456*b0d17251Schristos
457*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
458*b0d17251Schristosserver = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
459*b0d17251Schristosclient = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
460*b0d17251Schristos
461*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
462*b0d17251SchristosCertificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
463*b0d17251SchristosCipherString = DEFAULT
464*b0d17251SchristosMaxProtocol = TLSv1.3
465*b0d17251SchristosMinProtocol = TLSv1.3
466*b0d17251SchristosPrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
467*b0d17251SchristosVerifyMode = RequestPostHandshake
468*b0d17251Schristos
469*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
470*b0d17251SchristosCipherString = DEFAULT
471*b0d17251SchristosMaxProtocol = TLSv1.3
472*b0d17251SchristosMinProtocol = TLSv1.3
473*b0d17251SchristosVerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
474*b0d17251SchristosVerifyMode = Peer
475*b0d17251Schristos
476*b0d17251Schristos[test-13]
477*b0d17251SchristosExpectedResult = Success
478*b0d17251SchristosHandshakeMode = PostHandshakeAuth
479*b0d17251Schristosserver = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
480*b0d17251Schristosclient = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
481*b0d17251Schristos
482*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
483*b0d17251SchristosForcePHA = Yes
484*b0d17251Schristos
485*b0d17251Schristos[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
486*b0d17251SchristosEnablePHA = Yes
487*b0d17251Schristos
488*b0d17251Schristos
489