Add certificate_authorities tests client to server.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
2024-11-27 05:21:51 +08:00 · 2017-03-31 23:06:15 +01:00 · 2017-03-31 23:06:15 +01:00 · 25a9fabbef
commit 25a9fabbef
parent f15b50c4cb
2 changed files with 9 additions and 1 deletions
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@ -34,11 +34,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

 [0-ECDSA CipherString Selection-client]
 CipherString = aECDSA
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer

 [test-0]
 ExpectedResult = Success
+ExpectedServerCANames = empty
 ExpectedServerCertType = P-256
 ExpectedServerSignType = EC

--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -21,10 +21,13 @@ our @tests = (
        server => $server,
        client => {
            "CipherString" => "aECDSA",
+            "RequestCAFile" => test_pem("root-cert.pem"),
        },
        test   => {
            "ExpectedServerCertType" =>, "P-256",
            "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
            "ExpectedResult" => "Success"
        },
    },
@ -214,6 +217,7 @@ my @tests_tls_1_3 = (
            "ExpectedServerCertType" => "P-256",
            "ExpectedServerSignHash" => "SHA256",
            "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => "empty",
            "ExpectedResult" => "Success"
        },
    },
@ -247,11 +251,13 @@ my @tests_tls_1_3 = (
        server => $server_tls_1_3,
        client => {
            "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
        },
        test   => {
            "ExpectedServerCertType" => "P-256",
            "ExpectedServerSignHash" => "SHA256",
            "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => test_pem("root-cert.pem"),
            "ExpectedResult" => "Success"
        },
    },
@ -325,7 +331,7 @@ my @tests_tls_1_3 = (
        server => {
            "ClientSignatureAlgorithms" => "PSS+SHA256",
            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "ClientCAFile" => test_pem("root-cert.pem"),
+            "RequestCAFile" => test_pem("root-cert.pem"),
            "VerifyMode" => "Require"
        },
        client => $client_tls_1_3,