Files
wolfssl/tests/test-fails.conf
T
Juliusz Sosinowicz fdda31b5c3 Allow RSA client certs on ECDHE-ECDSA mutual auth
The TLS 1.2 server derived the single advertised ClientCertificateType
and the signature_algorithms list in its CertificateRequest from the
negotiated cipher suite's own signature algorithm. On an ECDHE-ECDSA
suite only ecdsa_sign was offered (and only ECDSA sig algs), so RSA
clients could not authenticate even though the server could happily
verify an RSA certificate. The same was true in reverse for an RSA
server: the CertificateRequest only advertised rsa_sign.

Refactor SendCertificateRequest to advertise certificate_types and
signature_algorithms covering both sig families when both are compiled
in. Three static helpers in internal.c keep the logic in one place
without mutating ssl->suites:

  GetServerCertReqCertTypes    - certificate_types to emit
  GetServerCertReqHashSigAlgo  - signature_algorithms to emit
  InServerCertReqHashSigAlgo   - membership check used for verification

The advertised lists are written to stack buffers in the caller. To
keep DoCertificateVerify in agreement with what we actually sent, the
SupportedHashSigAlgo call site there is replaced with
InServerCertReqHashSigAlgo, which rebuilds the same list locally and
looks up the client's chosen algo.

Replace the magic certTypes buffer size with a new
MAX_CERT_REQ_CERT_TYPE_CNT constant declared next to
ClientCertificateType.

Add two end-to-end mutual-auth tests covering both directions:

  test_tls12_ecdhe_ecdsa_rsa_client_cert - ECDSA server, RSA client
  test_tls12_ecdhe_rsa_ecdsa_client_cert - RSA  server, ECDSA client

Update test_certreq_sighash_algos to permit RSA / RSA-PSS sig algs in
the ECDHE-ECDSA CertificateRequest; the previous assertion locked in
the ECDSA-only behaviour that this change corrects.

TLS 1.3 is unaffected: RFC 8446 removed certificate_types from
CertificateRequest, and TLS 1.3 cipher suites do not bind a signature
algorithm, so the server's hashSigAlgo already covers both sig
families when either has been compiled in.
2026-06-08 15:10:27 +02:00

183 lines
3.2 KiB
Plaintext

# server bad certificate common name has null
# DG: Have not found a way to properly encode null in common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badcnnull.pem
-d
# client bad certificate common name has null
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badcnnull.pem
-m
-x
# server nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badcn.pem
-d
# client nomatch common name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badcn.pem
-m
-x
# server nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/server-key.pem
-c ./certs/test/server-badaltname.pem
-d
# client nomatch alternate name
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-badaltname.pem
-m
-x
# server RSA no signer error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client RSA no signer error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/client-cert.pem
# server ECC no signer error
#-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client ECC no signer error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/client-ecc-cert.pem
# server RSA bad sig error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem
# client RSA bad sig error
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# server ECC bad sig error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem
# client ECC bad sig error
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
# server missing CN from alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-garbage.pem
# client missing CN from alternate names list
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-h localhost
-A ./certs/test/server-garbage.pem
-m
# Verify Callback Failure Tests
# no error going into callback, return error
# server
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail
# client verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail
# server verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail
# client
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail
# server
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail
# client verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail
# server verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail
# client
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail
# error going into callback, return error
# server
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-rsa-badsig.pem
-k ./certs/server-key.pem
-H verifyFail
# client verify should fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H verifyFail
# server
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/test/server-cert-ecc-badsig.pem
-k ./certs/ecc-key.pem
-H verifyFail
# client verify should fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-H verifyFail
# server send alert on no mutual authentication
-v 3
-F
-H verifyFail
# client send alert on no mutual authentication
-v 3
-x
-H verifyFail
# server TLSv1.3 fail on no client certificate
# server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d
-v 4
-l TLS13-AES128-GCM-SHA256
# client TLSv1.3 no client certificate
-v 4
-l TLS13-AES128-GCM-SHA256
-x