From 062540cbc511e38e25062fcd63a8c815ad071912 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 15 Jan 2017 15:59:48 +0000 Subject: [PATCH] Add signing hash tests Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2235) --- test/ssl-tests/04-client_auth.conf | 2 ++ test/ssl-tests/04-client_auth.conf.in | 9 +++++++++ test/ssl-tests/20-cert-select.conf | 2 ++ test/ssl-tests/20-cert-select.conf.in | 6 ++++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 5b725c76b1..a9170984d4 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -543,6 +543,7 @@ client = 18-client-auth-TLSv1.2-require-client [18-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientSignatureAlgorithms = SHA256+RSA MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -560,6 +561,7 @@ VerifyMode = Peer [test-18] ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 ExpectedResult = Success diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 8738f908de..d45e399c3f 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -33,6 +33,13 @@ sub generate_tests() { } else { $caalert = "UnknownCA"; } + my $clihash; + my $clisigalgs; + # TODO add TLSv1.3 versions + if ($protocol_name eq "TLSv1.2") { + $clihash = "SHA256"; + $clisigalgs = "SHA256+RSA"; + } # Sanity-check simple handshake. push @tests, { name => "server-auth-${protocol_name}", @@ -87,6 +94,7 @@ sub generate_tests() { server => { "MinProtocol" => $protocol, "MaxProtocol" => $protocol, + "ClientSignatureAlgorithms" => $clisigalgs, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Request", }, @@ -98,6 +106,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "Success", "ExpectedClientCertType" => "RSA", + "ExpectedClientSignHash" => $clihash, }, }; diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index dbb339d211..c663b7e959 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -111,6 +111,7 @@ VerifyMode = Peer [test-3] ExpectedResult = Success ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 # =========================================================== @@ -163,5 +164,6 @@ VerifyMode = Peer [test-5] ExpectedResult = Success ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index d34849108b..e8bac765ee 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -59,7 +59,8 @@ our @tests = ( "SignatureAlgorithms" => "ECDSA+SHA256", }, test => { - "ExpectedServerCertType" =>, "P-256", + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", "ExpectedResult" => "Success" }, }, @@ -80,7 +81,8 @@ our @tests = ( "SignatureAlgorithms" => "RSA+SHA256", }, test => { - "ExpectedServerCertType" =>, "RSA", + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", "ExpectedResult" => "Success" }, } -- GitLab