mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
Add client auth TLS 1.3 certificate selection tests
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
This commit is contained in:
parent
b4cb7eb7df
commit
86de658a84
@ -11,9 +11,11 @@ use OpenSSL::Test::Utils;
|
||||
|
||||
my $dir_sep = $^O ne "VMS" ? "/" : "";
|
||||
|
||||
my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
|
||||
|
||||
my $server = {
|
||||
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
|
||||
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
|
||||
"ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
|
||||
"ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
|
||||
"MaxProtocol" => "TLSv1.2"
|
||||
};
|
||||
|
||||
@ -122,8 +124,17 @@ our @tests = (
|
||||
|
||||
|
||||
my $server_tls_1_3 = {
|
||||
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
|
||||
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
|
||||
"ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
|
||||
"ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
|
||||
"MinProtocol" => "TLSv1.3",
|
||||
"MaxProtocol" => "TLSv1.3"
|
||||
};
|
||||
|
||||
my $client_tls_1_3 = {
|
||||
"RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
|
||||
"RSA.PrivateKey" => "${cert_dir}ee-key.pem",
|
||||
"ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
|
||||
"ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
|
||||
"MinProtocol" => "TLSv1.3",
|
||||
"MaxProtocol" => "TLSv1.3"
|
||||
};
|
||||
@ -203,7 +214,37 @@ my @tests_tls_1_3 = (
|
||||
"ExpectedServerSignType" => "RSA-PSS",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
}
|
||||
},
|
||||
{
|
||||
name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
|
||||
server => {
|
||||
"ClientSignatureAlgorithms" => "PSS+SHA256",
|
||||
"VerifyCAFile" => "${cert_dir}root-cert.pem",
|
||||
"VerifyMode" => "Require"
|
||||
},
|
||||
client => $client_tls_1_3,
|
||||
test => {
|
||||
"ExpectedClientCertType" => "RSA",
|
||||
"ExpectedClientSignHash" => "SHA256",
|
||||
"ExpectedClientSignType" => "RSA-PSS",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
{
|
||||
name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
|
||||
server => {
|
||||
"ClientSignatureAlgorithms" => "ECDSA+SHA256",
|
||||
"VerifyCAFile" => "${cert_dir}root-cert.pem",
|
||||
"VerifyMode" => "Require"
|
||||
},
|
||||
client => $client_tls_1_3,
|
||||
test => {
|
||||
"ExpectedClientCertType" => "P-256",
|
||||
"ExpectedClientSignHash" => "SHA256",
|
||||
"ExpectedClientSignType" => "EC",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
push @tests, @tests_tls_1_3 unless disabled("tls1_3");
|
||||
|
Loading…
Reference in New Issue
Block a user