Add client auth TLS 1.3 certificate selection tests

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2643)
2017-02-15 22:16:09 +00:00 · 2017-02-15 22:16:09 +00:00 · 86de658a84
commit 86de658a84
parent b4cb7eb7df
1 changed files with 46 additions and 5 deletions
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -11,9 +11,11 @@ use OpenSSL::Test::Utils;

 my $dir_sep = $^O ne "VMS" ? "/" : "";

+my $cert_dir = "\${ENV::TEST_CERTS_DIR}${dir_sep}";
+
 my $server = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
    "MaxProtocol" => "TLSv1.2"
 };

@ -122,8 +124,17 @@ our @tests = (


 my $server_tls_1_3 = {
-    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
-    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}server-ecdsa-cert.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}server-ecdsa-key.pem",
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $client_tls_1_3 = {
+    "RSA.Certificate" => "${cert_dir}ee-client-chain.pem",
+    "RSA.PrivateKey" => "${cert_dir}ee-key.pem",
+    "ECDSA.Certificate" => "${cert_dir}ee-ecdsa-client-chain.pem",
+    "ECDSA.PrivateKey" => "${cert_dir}ee-ecdsa-key.pem",
    "MinProtocol" => "TLSv1.3",
    "MaxProtocol" => "TLSv1.3"
 };
@ -203,7 +214,37 @@ my @tests_tls_1_3 = (
            "ExpectedServerSignType" => "RSA-PSS",
            "ExpectedResult" => "Success"
        },
-    }
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
+            "VerifyCAFile" => "${cert_dir}root-cert.pem",
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "P-256",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
 );

 push @tests, @tests_tls_1_3 unless disabled("tls1_3");