Add signing hash tests

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2235)
2025-02-23 14:42:15 +08:00 · 2017-01-15 15:59:48 +00:00 · 2017-01-15 15:59:48 +00:00 · 062540cbc5
commit 062540cbc5
parent ee5b6a42be
4 changed files with 17 additions and 2 deletions
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@ -543,6 +543,7 @@ client = 18-client-auth-TLSv1.2-require-client
 [18-client-auth-TLSv1.2-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
 MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -560,6 +561,7 @@ VerifyMode = Peer

 [test-18]
 ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
 ExpectedResult = Success


--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@ -33,6 +33,13 @@ sub generate_tests() {
            } else {
                $caalert = "UnknownCA";
            }
+            my $clihash;
+            my $clisigalgs;
+            # TODO add TLSv1.3 versions
+            if ($protocol_name eq "TLSv1.2") {
+                $clihash = "SHA256";
+                $clisigalgs = "SHA256+RSA";
+            }
            # Sanity-check simple handshake.
            push @tests, {
                name => "server-auth-${protocol_name}",
@ -87,6 +94,7 @@ sub generate_tests() {
                server => {
                    "MinProtocol" => $protocol,
                    "MaxProtocol" => $protocol,
+                    "ClientSignatureAlgorithms" => $clisigalgs,
                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
                    "VerifyMode" => "Request",
                },
@ -98,6 +106,7 @@ sub generate_tests() {
                },
                test   => { "ExpectedResult" => "Success",
                            "ExpectedClientCertType" => "RSA",
+                            "ExpectedClientSignHash" => $clihash,
                },
            };

--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@ -111,6 +111,7 @@ VerifyMode = Peer
 [test-3]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256


 # ===========================================================
@ -163,5 +164,6 @@ VerifyMode = Peer
 [test-5]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256


--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -59,7 +59,8 @@ our @tests = (
            "SignatureAlgorithms" => "ECDSA+SHA256",
        },
        test   => {
-            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
            "ExpectedResult" => "Success"
        },
    },
@ -80,7 +81,8 @@ our @tests = (
            "SignatureAlgorithms" => "RSA+SHA256",
        },
        test   => {
-            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
            "ExpectedResult" => "Success"
        },
    }