Add certificate_authorities tests client to server.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3015)
author: Dr. Stephen Henson <steve@openssl.org> 2017-03-31 23:06:15 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2017-04-03 23:47:22 +0100
commit: 25a9fabbefa26422b6c9ee6635115b7ae3b97f21 (patch)
tree: c4bfd23cdc39de3477ae16fbdd1f6104b37d5035 /test/ssl-tests
parent: f15b50c4cb6a5d36a3789863035d8b795378280c (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index e787efc5f0..20154bbe8c 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -34,11 +34,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [0-ECDSA CipherString Selection-client]
 CipherString = aECDSA
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-0]
 ExpectedResult = Success
+ExpectedServerCANames = empty
 ExpectedServerCertType = P-256
 ExpectedServerSignType = EC
 
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 1d92e68d25..aadae27a48 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -21,10 +21,13 @@ our @tests = (
         server => $server,
         client => {
             "CipherString" => "aECDSA",
+            "RequestCAFile" => test_pem("root-cert.pem"),
         },
         test   => {
             "ExpectedServerCertType" =>, "P-256",
             "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
             "ExpectedResult" => "Success"
         },
     },
@@ -214,6 +217,7 @@ my @tests_tls_1_3 = (
             "ExpectedServerCertType" => "P-256",
             "ExpectedServerSignHash" => "SHA256",
             "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => "empty",
             "ExpectedResult" => "Success"
         },
     },
@@ -247,11 +251,13 @@ my @tests_tls_1_3 = (
         server => $server_tls_1_3,
         client => {
             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
         },
         test   => {
             "ExpectedServerCertType" => "P-256",
             "ExpectedServerSignHash" => "SHA256",
             "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => test_pem("root-cert.pem"),
             "ExpectedResult" => "Success"
         },
     },
@@ -325,7 +331,7 @@ my @tests_tls_1_3 = (
         server => {
             "ClientSignatureAlgorithms" => "PSS+SHA256",
             "VerifyCAFile" => test_pem("root-cert.pem"),
-            "ClientCAFile" => test_pem("root-cert.pem"),
+            "RequestCAFile" => test_pem("root-cert.pem"),
             "VerifyMode" => "Require"
         },
         client => $client_tls_1_3,
author	Dr. Stephen Henson <steve@openssl.org>	2017-03-31 23:06:15 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2017-04-03 23:47:22 +0100
commit	25a9fabbefa26422b6c9ee6635115b7ae3b97f21 (patch)
tree	c4bfd23cdc39de3477ae16fbdd1f6104b37d5035 /test/ssl-tests
parent	f15b50c4cb6a5d36a3789863035d8b795378280c (diff)