|
 |
f6a62c4 |
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
|
|
|
f6a62c4 |
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
|
|
f6a62c4 |
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200
|
|
|
f6a62c4 |
@@ -147,22 +147,22 @@ our @tests = (
|
|
|
301c642 |
{
|
|
|
301c642 |
name => "ECDSA with brainpool",
|
|
|
301c642 |
server => {
|
|
|
301c642 |
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
|
|
301c642 |
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
|
|
301c642 |
- "Groups" => "brainpoolP256r1",
|
|
|
f6a62c4 |
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
|
f6a62c4 |
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
|
301c642 |
+# "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
},
|
|
|
301c642 |
client => {
|
|
|
301c642 |
#We don't restrict this to TLSv1.2, although use of brainpool
|
|
|
301c642 |
#should force this anyway so that this should succeed
|
|
|
301c642 |
"CipherString" => "aECDSA",
|
|
|
301c642 |
"RequestCAFile" => test_pem("root-cert.pem"),
|
|
|
301c642 |
- "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
+# "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
},
|
|
|
301c642 |
test => {
|
|
|
301c642 |
- "ExpectedServerCertType" =>, "brainpoolP256r1",
|
|
|
301c642 |
- "ExpectedServerSignType" =>, "EC",
|
|
|
301c642 |
+# "ExpectedServerCertType" =>, "brainpoolP256r1",
|
|
|
301c642 |
+# "ExpectedServerSignType" =>, "EC",
|
|
|
301c642 |
# Note: certificate_authorities not sent for TLS < 1.3
|
|
|
301c642 |
- "ExpectedServerCANames" =>, "empty",
|
|
|
301c642 |
+# "ExpectedServerCANames" =>, "empty",
|
|
|
301c642 |
"ExpectedResult" => "Success"
|
|
|
301c642 |
},
|
|
|
301c642 |
},
|
|
|
f6a62c4 |
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
|
|
|
301c642 |
{
|
|
|
301c642 |
name => "TLS 1.3 ECDSA with brainpool",
|
|
|
301c642 |
server => {
|
|
|
301c642 |
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
|
|
301c642 |
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
|
|
301c642 |
- "Groups" => "brainpoolP256r1",
|
|
|
f6a62c4 |
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
|
f6a62c4 |
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
|
301c642 |
+# "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
},
|
|
|
301c642 |
client => {
|
|
|
301c642 |
"RequestCAFile" => test_pem("root-cert.pem"),
|
|
|
301c642 |
- "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
+# "Groups" => "brainpoolP256r1",
|
|
|
301c642 |
"MinProtocol" => "TLSv1.3",
|
|
|
301c642 |
"MaxProtocol" => "TLSv1.3"
|
|
|
301c642 |
},
|
|
|
301c642 |
test => {
|
|
|
301c642 |
- "ExpectedResult" => "ServerFail"
|
|
|
301c642 |
+ "ExpectedResult" => "Success"
|
|
|
301c642 |
},
|
|
|
301c642 |
},
|
|
|
301c642 |
);
|
|
|
f6a62c4 |
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
|
|
|
f6a62c4 |
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
|
|
f6a62c4 |
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200
|
|
|
f6a62c4 |
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
|
|
|
301c642 |
client = 5-ECDSA with brainpool-client
|
|
|
301c642 |
|
|
|
301c642 |
[5-ECDSA with brainpool-server]
|
|
|
301c642 |
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
|
|
f6a62c4 |
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
|
|
f6a62c4 |
CipherString = DEFAULT
|
|
|
301c642 |
-Groups = brainpoolP256r1
|
|
|
301c642 |
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
|
f6a62c4 |
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
|
|
301c642 |
|
|
|
301c642 |
[5-ECDSA with brainpool-client]
|
|
|
301c642 |
CipherString = aECDSA
|
|
|
301c642 |
-Groups = brainpoolP256r1
|
|
|
301c642 |
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
|
|
301c642 |
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
|
|
301c642 |
VerifyMode = Peer
|
|
|
301c642 |
|
|
|
301c642 |
[test-5]
|
|
|
22a8213 |
ExpectedResult = Success
|
|
|
301c642 |
-ExpectedServerCANames = empty
|
|
|
301c642 |
-ExpectedServerCertType = brainpoolP256r1
|
|
|
301c642 |
-ExpectedServerSignType = EC
|
|
|
301c642 |
|
|
|
301c642 |
|
|
|
301c642 |
# ===========================================================
|
|
|
f6a62c4 |
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
|
|
|
f6a62c4 |
client = 52-TLS 1.3 ECDSA with brainpool-client
|
|
|
301c642 |
|
|
|
f6a62c4 |
[52-TLS 1.3 ECDSA with brainpool-server]
|
|
|
301c642 |
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
|
|
f6a62c4 |
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
|
|
f6a62c4 |
CipherString = DEFAULT
|
|
|
301c642 |
-Groups = brainpoolP256r1
|
|
|
301c642 |
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
|
f6a62c4 |
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
|
|
301c642 |
|
|
|
f6a62c4 |
[52-TLS 1.3 ECDSA with brainpool-client]
|
|
|
301c642 |
CipherString = DEFAULT
|
|
|
301c642 |
-Groups = brainpoolP256r1
|
|
|
301c642 |
MaxProtocol = TLSv1.3
|
|
|
301c642 |
MinProtocol = TLSv1.3
|
|
|
301c642 |
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
|
|
f6a62c4 |
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
|
|
301c642 |
VerifyMode = Peer
|
|
|
301c642 |
|
|
|
f6a62c4 |
[test-52]
|
|
|
301c642 |
-ExpectedResult = ServerFail
|
|
|
301c642 |
+ExpectedResult = Success
|
|
|
301c642 |
|
|
|
301c642 |
|
|
|
301c642 |
# ===========================================================
|