diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-01-15 15:59:48 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-20 01:16:31 +0000 |
| commit | 062540cbc511e38e25062fcd63a8c815ad071912 (patch) | |
| tree | 1afb893904e90cc2600b29cfce82f722b93a8f30 /test | |
| parent | ee5b6a42be3c0ca18145ace8793135fbb4768248 (diff) | |
Add signing hash tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)
Diffstat (limited to 'test')
| -rw-r--r-- | test/ssl-tests/04-client_auth.conf | 2 | ||||
| -rw-r--r-- | test/ssl-tests/04-client_auth.conf.in | 9 | ||||
| -rw-r--r-- | test/ssl-tests/20-cert-select.conf | 2 | ||||
| -rw-r--r-- | test/ssl-tests/20-cert-select.conf.in | 6 |
4 files changed, 17 insertions, 2 deletions
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 5b725c76b1..a9170984d4 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -543,6 +543,7 @@ client = 18-client-auth-TLSv1.2-require-client [18-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -560,6 +561,7 @@ VerifyMode = Peer [test-18] ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 ExpectedResult = Success diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 8738f908de..d45e399c3f 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -33,6 +33,13 @@ sub generate_tests() { } else { $caalert = "UnknownCA"; } + my $clihash; + my $clisigalgs; + # TODO add TLSv1.3 versions + if ($protocol_name eq "TLSv1.2") { + $clihash = "SHA256"; + $clisigalgs = "SHA256+RSA"; + } # Sanity-check simple handshake. push @tests, { name => "server-auth-${protocol_name}", @@ -87,6 +94,7 @@ sub generate_tests() { server => { "MinProtocol" => $protocol, "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Request", }, @@ -98,6 +106,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "Success", "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => $clihash, }, }; diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index dbb339d211..c663b7e959 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -111,6 +111,7 @@ VerifyMode = Peer [test-3] ExpectedResult = Success ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 # =========================================================== @@ -163,5 +164,6 @@ VerifyMode = Peer [test-5] ExpectedResult = Success ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index d34849108b..e8bac765ee 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -59,7 +59,8 @@ our @tests = ( "SignatureAlgorithms" => "ECDSA+SHA256", }, test => { - "ExpectedServerCertType" =>, "P-256", + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", "ExpectedResult" => "Success" }, }, @@ -80,7 +81,8 @@ our @tests = ( "SignatureAlgorithms" => "RSA+SHA256", }, test => { - "ExpectedServerCertType" =>, "RSA", + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", "ExpectedResult" => "Success" }, } |