mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-26 07:52:20 +01:00
f54ca0d481
The signature algorithm specified in CertificateVerify must have been in the CertificateRequest. Add check. The cipher suite test cases, when client auth and RSA are built-in and use the default client certificate and use the *-ECDSA-* cipher suites, no longer work. The client certificate must be ECC when the cipher suite has ECDSA. Don't run them for that build.
215 lines
3.9 KiB
Plaintext
215 lines
3.9 KiB
Plaintext
# server bad certificate common name has null
|
|
# DG: Have not found a way to properly encode null in common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badcnnull.pem
|
|
-d
|
|
|
|
# client bad certificate common name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badcnnull.pem
|
|
-m
|
|
-x
|
|
|
|
# server bad certificate alternate name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badaltnull.pem
|
|
-d
|
|
|
|
# client bad certificate alternate name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badaltnull.pem
|
|
-m
|
|
-x
|
|
|
|
# server nomatch common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badcn.pem
|
|
-d
|
|
|
|
# client nomatch common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badcn.pem
|
|
-m
|
|
-x
|
|
|
|
# server nomatch alternate name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badaltname.pem
|
|
-d
|
|
|
|
# client nomatch alternate name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badaltname.pem
|
|
-m
|
|
-x
|
|
|
|
# server RSA no signer error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# client RSA no signer error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-A ./certs/client-cert.pem
|
|
|
|
# server ECC no signer error
|
|
#-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/server-ecc.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client ECC no signer error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/client-ecc-cert.pem
|
|
|
|
# server RSA bad sig error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-rsa-badsig.pem
|
|
|
|
# client RSA bad sig error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# server ECC bad sig error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-ecc-badsig.pem
|
|
|
|
# client ECC bad sig error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
|
# server missing CN from alternate names list
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-garbage.pem
|
|
|
|
# client missing CN from alternate names list
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-garbage.pem
|
|
-m
|
|
|
|
# Verify Callback Failure Tests
|
|
# no error going into callback, return error
|
|
# server
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# error going into callback, return error
|
|
# server
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-rsa-badsig.pem
|
|
-k ./certs/server-key.pem
|
|
-H verifyFail
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-ecc-badsig.pem
|
|
-k ./certs/ecc-key.pem
|
|
-H verifyFail
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# Client is using RSA certificate with ECDSA cipher suite. Server will fail.
|
|
# server
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/server-ecc.pem
|
|
-k ./certs/ecc-key.pem
|
|
-A ./certs/client-cert.pem
|
|
-H exitWithRet
|
|
|
|
# client
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/client-cert.pem
|
|
-k ./certs/client-key.pem
|
|
-A ./certs/ca-ecc-cert.pem
|
|
-H exitWithRet
|
|
|
|
# server send alert on no mutual authentication
|
|
-v 3
|
|
-F
|
|
-H verifyFail
|
|
|
|
# client send alert on no mutual authentication
|
|
-v 3
|
|
-x
|
|
-H verifyFail
|
|
|
|
# server TLSv1.3 fail on no client certificate
|
|
# server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
|
|
# client TLSv1.3 no client certificate
|
|
-v 4
|
|
-l TLS13-AES128-GCM-SHA256
|
|
-x
|