1 # Generated with generate_ssl_tests.pl 2 3 num_tests = 14 4 5 test-0 = 0-server-auth-TLSv1.3 6 test-1 = 1-client-auth-TLSv1.3-request 7 test-2 = 2-client-auth-TLSv1.3-require-fail 8 test-3 = 3-client-auth-TLSv1.3-require 9 test-4 = 4-client-auth-TLSv1.3-require-non-empty-names 10 test-5 = 5-client-auth-TLSv1.3-noroot 11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake 12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake 13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake 14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake 15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake 16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake 17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake 18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake 19 # =========================================================== 20 21 [0-server-auth-TLSv1.3] 22 ssl_conf = 0-server-auth-TLSv1.3-ssl 23 24 [0-server-auth-TLSv1.3-ssl] 25 server = 0-server-auth-TLSv1.3-server 26 client = 0-server-auth-TLSv1.3-client 27 28 [0-server-auth-TLSv1.3-server] 29 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 30 CipherString = DEFAULT 31 MaxProtocol = TLSv1.3 32 MinProtocol = TLSv1.3 33 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 34 35 [0-server-auth-TLSv1.3-client] 36 CipherString = DEFAULT 37 MaxProtocol = TLSv1.3 38 MinProtocol = TLSv1.3 39 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 40 VerifyMode = Peer 41 42 [test-0] 43 ExpectedResult = Success 44 45 46 # =========================================================== 47 48 [1-client-auth-TLSv1.3-request] 49 ssl_conf = 1-client-auth-TLSv1.3-request-ssl 50 51 [1-client-auth-TLSv1.3-request-ssl] 52 server = 1-client-auth-TLSv1.3-request-server 53 client = 1-client-auth-TLSv1.3-request-client 54 55 [1-client-auth-TLSv1.3-request-server] 56 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 57 CipherString = DEFAULT 58 MaxProtocol = TLSv1.3 59 MinProtocol = TLSv1.3 60 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 61 VerifyMode = Request 62 63 [1-client-auth-TLSv1.3-request-client] 64 CipherString = DEFAULT 65 MaxProtocol = TLSv1.3 66 MinProtocol = TLSv1.3 67 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 68 VerifyMode = Peer 69 70 [test-1] 71 ExpectedResult = Success 72 73 74 # =========================================================== 75 76 [2-client-auth-TLSv1.3-require-fail] 77 ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl 78 79 [2-client-auth-TLSv1.3-require-fail-ssl] 80 server = 2-client-auth-TLSv1.3-require-fail-server 81 client = 2-client-auth-TLSv1.3-require-fail-client 82 83 [2-client-auth-TLSv1.3-require-fail-server] 84 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 85 CipherString = DEFAULT 86 MaxProtocol = TLSv1.3 87 MinProtocol = TLSv1.3 88 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 89 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 90 VerifyMode = Require 91 92 [2-client-auth-TLSv1.3-require-fail-client] 93 CipherString = DEFAULT 94 MaxProtocol = TLSv1.3 95 MinProtocol = TLSv1.3 96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 97 VerifyMode = Peer 98 99 [test-2] 100 ExpectedResult = ServerFail 101 ExpectedServerAlert = CertificateRequired 102 103 104 # =========================================================== 105 106 [3-client-auth-TLSv1.3-require] 107 ssl_conf = 3-client-auth-TLSv1.3-require-ssl 108 109 [3-client-auth-TLSv1.3-require-ssl] 110 server = 3-client-auth-TLSv1.3-require-server 111 client = 3-client-auth-TLSv1.3-require-client 112 113 [3-client-auth-TLSv1.3-require-server] 114 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 115 CipherString = DEFAULT 116 ClientSignatureAlgorithms = PSS+SHA256 117 MaxProtocol = TLSv1.3 118 MinProtocol = TLSv1.3 119 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 120 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 121 VerifyMode = Request 122 123 [3-client-auth-TLSv1.3-require-client] 124 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 125 CipherString = DEFAULT 126 MaxProtocol = TLSv1.3 127 MinProtocol = TLSv1.3 128 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 129 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 130 VerifyMode = Peer 131 132 [test-3] 133 ExpectedClientCANames = empty 134 ExpectedClientCertType = RSA 135 ExpectedClientSignHash = SHA256 136 ExpectedClientSignType = RSA-PSS 137 ExpectedResult = Success 138 139 140 # =========================================================== 141 142 [4-client-auth-TLSv1.3-require-non-empty-names] 143 ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl 144 145 [4-client-auth-TLSv1.3-require-non-empty-names-ssl] 146 server = 4-client-auth-TLSv1.3-require-non-empty-names-server 147 client = 4-client-auth-TLSv1.3-require-non-empty-names-client 148 149 [4-client-auth-TLSv1.3-require-non-empty-names-server] 150 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 151 CipherString = DEFAULT 152 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 153 ClientSignatureAlgorithms = PSS+SHA256 154 MaxProtocol = TLSv1.3 155 MinProtocol = TLSv1.3 156 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 157 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 158 VerifyMode = Request 159 160 [4-client-auth-TLSv1.3-require-non-empty-names-client] 161 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 162 CipherString = DEFAULT 163 MaxProtocol = TLSv1.3 164 MinProtocol = TLSv1.3 165 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 166 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 167 VerifyMode = Peer 168 169 [test-4] 170 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 171 ExpectedClientCertType = RSA 172 ExpectedClientSignHash = SHA256 173 ExpectedClientSignType = RSA-PSS 174 ExpectedResult = Success 175 176 177 # =========================================================== 178 179 [5-client-auth-TLSv1.3-noroot] 180 ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl 181 182 [5-client-auth-TLSv1.3-noroot-ssl] 183 server = 5-client-auth-TLSv1.3-noroot-server 184 client = 5-client-auth-TLSv1.3-noroot-client 185 186 [5-client-auth-TLSv1.3-noroot-server] 187 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 188 CipherString = DEFAULT 189 MaxProtocol = TLSv1.3 190 MinProtocol = TLSv1.3 191 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 192 VerifyMode = Require 193 194 [5-client-auth-TLSv1.3-noroot-client] 195 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 196 CipherString = DEFAULT 197 MaxProtocol = TLSv1.3 198 MinProtocol = TLSv1.3 199 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 200 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 201 VerifyMode = Peer 202 203 [test-5] 204 ExpectedResult = ServerFail 205 ExpectedServerAlert = UnknownCA 206 207 208 # =========================================================== 209 210 [6-client-auth-TLSv1.3-request-post-handshake] 211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl 212 213 [6-client-auth-TLSv1.3-request-post-handshake-ssl] 214 server = 6-client-auth-TLSv1.3-request-post-handshake-server 215 client = 6-client-auth-TLSv1.3-request-post-handshake-client 216 217 [6-client-auth-TLSv1.3-request-post-handshake-server] 218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 219 CipherString = DEFAULT 220 MaxProtocol = TLSv1.3 221 MinProtocol = TLSv1.3 222 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 223 VerifyMode = RequestPostHandshake 224 225 [6-client-auth-TLSv1.3-request-post-handshake-client] 226 CipherString = DEFAULT 227 MaxProtocol = TLSv1.3 228 MinProtocol = TLSv1.3 229 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 230 VerifyMode = Peer 231 232 [test-6] 233 ExpectedResult = ServerFail 234 HandshakeMode = PostHandshakeAuth 235 236 237 # =========================================================== 238 239 [7-client-auth-TLSv1.3-require-fail-post-handshake] 240 ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl 241 242 [7-client-auth-TLSv1.3-require-fail-post-handshake-ssl] 243 server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server 244 client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client 245 246 [7-client-auth-TLSv1.3-require-fail-post-handshake-server] 247 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 248 CipherString = DEFAULT 249 MaxProtocol = TLSv1.3 250 MinProtocol = TLSv1.3 251 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 252 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 253 VerifyMode = RequirePostHandshake 254 255 [7-client-auth-TLSv1.3-require-fail-post-handshake-client] 256 CipherString = DEFAULT 257 MaxProtocol = TLSv1.3 258 MinProtocol = TLSv1.3 259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 260 VerifyMode = Peer 261 262 [test-7] 263 ExpectedResult = ServerFail 264 HandshakeMode = PostHandshakeAuth 265 266 267 # =========================================================== 268 269 [8-client-auth-TLSv1.3-require-post-handshake] 270 ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl 271 272 [8-client-auth-TLSv1.3-require-post-handshake-ssl] 273 server = 8-client-auth-TLSv1.3-require-post-handshake-server 274 client = 8-client-auth-TLSv1.3-require-post-handshake-client 275 276 [8-client-auth-TLSv1.3-require-post-handshake-server] 277 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 278 CipherString = DEFAULT 279 ClientSignatureAlgorithms = PSS+SHA256 280 MaxProtocol = TLSv1.3 281 MinProtocol = TLSv1.3 282 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 283 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 284 VerifyMode = RequestPostHandshake 285 286 [8-client-auth-TLSv1.3-require-post-handshake-client] 287 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 288 CipherString = DEFAULT 289 MaxProtocol = TLSv1.3 290 MinProtocol = TLSv1.3 291 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 292 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 293 VerifyMode = Peer 294 295 [test-8] 296 ExpectedClientCANames = empty 297 ExpectedClientCertType = RSA 298 ExpectedClientSignHash = SHA256 299 ExpectedClientSignType = RSA-PSS 300 ExpectedResult = Success 301 HandshakeMode = PostHandshakeAuth 302 client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra 303 304 [8-client-auth-TLSv1.3-require-post-handshake-client-extra] 305 EnablePHA = Yes 306 307 308 # =========================================================== 309 310 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake] 311 ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl 312 313 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl] 314 server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server 315 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client 316 317 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server] 318 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 319 CipherString = DEFAULT 320 ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 321 ClientSignatureAlgorithms = PSS+SHA256 322 MaxProtocol = TLSv1.3 323 MinProtocol = TLSv1.3 324 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 325 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 326 VerifyMode = RequestPostHandshake 327 328 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client] 329 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 330 CipherString = DEFAULT 331 MaxProtocol = TLSv1.3 332 MinProtocol = TLSv1.3 333 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 334 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 335 VerifyMode = Peer 336 337 [test-9] 338 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 339 ExpectedClientCertType = RSA 340 ExpectedClientSignHash = SHA256 341 ExpectedClientSignType = RSA-PSS 342 ExpectedResult = Success 343 HandshakeMode = PostHandshakeAuth 344 client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra 345 346 [9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra] 347 EnablePHA = Yes 348 349 350 # =========================================================== 351 352 [10-client-auth-TLSv1.3-noroot-post-handshake] 353 ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl 354 355 [10-client-auth-TLSv1.3-noroot-post-handshake-ssl] 356 server = 10-client-auth-TLSv1.3-noroot-post-handshake-server 357 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client 358 359 [10-client-auth-TLSv1.3-noroot-post-handshake-server] 360 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 361 CipherString = DEFAULT 362 MaxProtocol = TLSv1.3 363 MinProtocol = TLSv1.3 364 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 365 VerifyMode = RequirePostHandshake 366 367 [10-client-auth-TLSv1.3-noroot-post-handshake-client] 368 Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 369 CipherString = DEFAULT 370 MaxProtocol = TLSv1.3 371 MinProtocol = TLSv1.3 372 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 373 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 374 VerifyMode = Peer 375 376 [test-10] 377 ExpectedResult = ServerFail 378 ExpectedServerAlert = UnknownCA 379 HandshakeMode = PostHandshakeAuth 380 client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra 381 382 [10-client-auth-TLSv1.3-noroot-post-handshake-client-extra] 383 EnablePHA = Yes 384 385 386 # =========================================================== 387 388 [11-client-auth-TLSv1.3-request-force-client-post-handshake] 389 ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl 390 391 [11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl] 392 server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server 393 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client 394 395 [11-client-auth-TLSv1.3-request-force-client-post-handshake-server] 396 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 397 CipherString = DEFAULT 398 MaxProtocol = TLSv1.3 399 MinProtocol = TLSv1.3 400 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 401 VerifyMode = RequestPostHandshake 402 403 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client] 404 CipherString = DEFAULT 405 MaxProtocol = TLSv1.3 406 MinProtocol = TLSv1.3 407 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 408 VerifyMode = Peer 409 410 [test-11] 411 ExpectedResult = Success 412 HandshakeMode = PostHandshakeAuth 413 client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra 414 415 [11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra] 416 EnablePHA = Yes 417 418 419 # =========================================================== 420 421 [12-client-auth-TLSv1.3-request-force-server-post-handshake] 422 ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl 423 424 [12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl] 425 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server 426 client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client 427 428 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server] 429 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 430 CipherString = DEFAULT 431 MaxProtocol = TLSv1.3 432 MinProtocol = TLSv1.3 433 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 434 VerifyMode = RequestPostHandshake 435 436 [12-client-auth-TLSv1.3-request-force-server-post-handshake-client] 437 CipherString = DEFAULT 438 MaxProtocol = TLSv1.3 439 MinProtocol = TLSv1.3 440 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 441 VerifyMode = Peer 442 443 [test-12] 444 ExpectedResult = ClientFail 445 HandshakeMode = PostHandshakeAuth 446 server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra 447 448 [12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra] 449 ForcePHA = Yes 450 451 452 # =========================================================== 453 454 [13-client-auth-TLSv1.3-request-force-both-post-handshake] 455 ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl 456 457 [13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl] 458 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server 459 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client 460 461 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server] 462 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 463 CipherString = DEFAULT 464 MaxProtocol = TLSv1.3 465 MinProtocol = TLSv1.3 466 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 467 VerifyMode = RequestPostHandshake 468 469 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client] 470 CipherString = DEFAULT 471 MaxProtocol = TLSv1.3 472 MinProtocol = TLSv1.3 473 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 474 VerifyMode = Peer 475 476 [test-13] 477 ExpectedResult = Success 478 HandshakeMode = PostHandshakeAuth 479 server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra 480 client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra 481 482 [13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra] 483 ForcePHA = Yes 484 485 [13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra] 486 EnablePHA = Yes 487 488 489
Indexes created Sat Feb 28 05:31:39 UTC 2026