Add Client CA names tests

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2969)
2017-03-15 17:26:05 +00:00 · 2017-03-15 17:26:05 +00:00 · 2c1b0f1e06
commit 2c1b0f1e06
parent 2e21539b2b
3 changed files with 706 additions and 443 deletions
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@ -119,6 +119,34 @@ sub generate_tests() {
                    "ExpectedClientCertType" => "RSA",
                    "ExpectedClientSignType" => $clisigtype,
                    "ExpectedClientSignHash" => $clihash,
+                    "ExpectedClientCANames" => "empty",
+                    "Method" => $method,
+                },
+            };
+
+            # Successful handshake with client authentication non-empty names
+            push @tests, {
+                name => "client-auth-${protocol_name}-require-non-empty-names",
+                server => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "ClientSignatureAlgorithms" => $clisigalgs,
+                    "ClientCAFile" => test_pem("root-cert.pem"),
+                    "VerifyCAFile" => test_pem("root-cert.pem"),
+                    "VerifyMode" => "Request",
+                },
+                client => {
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "Certificate" => test_pem("ee-client-chain.pem"),
+                    "PrivateKey"  => test_pem("ee-key.pem"),
+                },
+                test   => {
+                    "ExpectedResult" => "Success",
+                    "ExpectedClientCertType" => "RSA",
+                    "ExpectedClientSignType" => $clisigtype,
+                    "ExpectedClientSignHash" => $clihash,
+                    "ExpectedClientCANames" => test_pem("root-cert.pem"),
                    "Method" => $method,
                },
            };
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -316,6 +316,24 @@ my @tests_tls_1_3 = (
            "ExpectedClientCertType" => "RSA",
            "ExpectedClientSignHash" => "SHA256",
            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientCANames" => "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "ClientCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientCANames" => test_pem("root-cert.pem"),
            "ExpectedResult" => "Success"
        },
    },