[18-client-auth-TLSv1.2-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[test-18]
ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
ExpectedResult = Success
} else {
$caalert = "UnknownCA";
}
+ my $clihash;
+ my $clisigalgs;
+ # TODO add TLSv1.3 versions
+ if ($protocol_name eq "TLSv1.2") {
+ $clihash = "SHA256";
+ $clisigalgs = "SHA256+RSA";
+ }
# Sanity-check simple handshake.
push @tests, {
name => "server-auth-${protocol_name}",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
+ "ClientSignatureAlgorithms" => $clisigalgs,
"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
"VerifyMode" => "Request",
},
},
test => { "ExpectedResult" => "Success",
"ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignHash" => $clihash,
},
};
[test-3]
ExpectedResult = Success
ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
# ===========================================================
[test-5]
ExpectedResult = Success
ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
"SignatureAlgorithms" => "ECDSA+SHA256",
},
test => {
- "ExpectedServerCertType" =>, "P-256",
+ "ExpectedServerCertType" => "P-256",
+ "ExpectedServerSignHash" => "SHA256",
"ExpectedResult" => "Success"
},
},
"SignatureAlgorithms" => "RSA+SHA256",
},
test => {
- "ExpectedServerCertType" =>, "RSA",
+ "ExpectedServerCertType" => "RSA",
+ "ExpectedServerSignHash" => "SHA256",
"ExpectedResult" => "Success"
},
}