diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-01-25 18:43:13 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-26 17:58:21 +0000 |
| commit | 89d0853a7fe12d6ae79d148425717fed740ae136 (patch) | |
| tree | 328f2421615fffdff66743560136da865cb9ca90 /test | |
| parent | 3f60b8fbdc9b17572a86457fe5b11437c0d3fbc2 (diff) | |
Add server signature algorithm bug test.
Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2297)
Diffstat (limited to 'test')
| -rw-r--r-- | test/ssl-tests/01-simple.conf | 44 | ||||
| -rw-r--r-- | test/ssl-tests/01-simple.conf.in | 8 |
2 files changed, 43 insertions, 9 deletions
diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index 6f2f6c4893..5f4dd841b4 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -1,9 +1,10 @@ # Generated with generate_ssl_tests.pl -num_tests = 2 +num_tests = 3 test-0 = 0-default -test-1 = 1-verify-cert +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert # =========================================================== [0-default] @@ -29,23 +30,48 @@ ExpectedResult = Success # =========================================================== -[1-verify-cert] -ssl_conf = 1-verify-cert-ssl +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl -[1-verify-cert-ssl] -server = 1-verify-cert-server -client = 1-verify-cert-client +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client -[1-verify-cert-server] +[1-Server signature algorithms bug-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-verify-cert-client] +[1-Server signature algorithms bug-client] CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in index 45ddd61921..086d66d32f 100644 --- a/test/ssl-tests/01-simple.conf.in +++ b/test/ssl-tests/01-simple.conf.in @@ -20,6 +20,14 @@ our @tests = ( }, { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" }, + client => { "SignatureAlgorithms" => "RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + + { name => "verify-cert", server => { }, client => { |