提交 9cf847d7 编写于 作者: D Dr. Stephen Henson

Add server signature algorithm bug test.

Add a client authentication signature algorithm to simple
ssl test and a server signature algorithm. Since we don't
do client auth this should have no effect. However if we
use client auth signature algorithms by mistake this will
abort the handshake with a no shared signature algorithms
error.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2290)
上级 a9669ddc
# Generated with generate_ssl_tests.pl
num_tests = 2
num_tests = 3
test-0 = 0-default
test-1 = 1-verify-cert
test-1 = 1-Server signature algorithms bug
test-2 = 2-verify-cert
# ===========================================================
[0-default]
......@@ -29,23 +30,48 @@ ExpectedResult = Success
# ===========================================================
[1-verify-cert]
ssl_conf = 1-verify-cert-ssl
[1-Server signature algorithms bug]
ssl_conf = 1-Server signature algorithms bug-ssl
[1-verify-cert-ssl]
server = 1-verify-cert-server
client = 1-verify-cert-client
[1-Server signature algorithms bug-ssl]
server = 1-Server signature algorithms bug-server
client = 1-Server signature algorithms bug-client
[1-verify-cert-server]
[1-Server signature algorithms bug-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ClientSignatureAlgorithms = ECDSA+SHA256
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-verify-cert-client]
[1-Server signature algorithms bug-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
ExpectedResult = Success
# ===========================================================
[2-verify-cert]
ssl_conf = 2-verify-cert-ssl
[2-verify-cert-ssl]
server = 2-verify-cert-server
client = 2-verify-cert-client
[2-verify-cert-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-verify-cert-client]
CipherString = DEFAULT
VerifyMode = Peer
[test-2]
ExpectedClientAlert = UnknownCA
ExpectedResult = ClientFail
......
......@@ -19,6 +19,14 @@ our @tests = (
test => { "ExpectedResult" => "Success" },
},
{
name => "Server signature algorithms bug",
# Should have no effect as we aren't doing client auth
server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },
client => { "SignatureAlgorithms" => "RSA+SHA256" },
test => { "ExpectedResult" => "Success" },
},
{
name => "verify-cert",
server => { },
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册