--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBeDCB+aADAgECAgEBMAUGAytlcTAVMRMwEQYDVQQDDApSb290IEVkNDQ4MCAX
+DTIwMDIwOTEzMjY1NVoYDzIxMjAwMjEwMTMyNjU1WjAVMRMwEQYDVQQDDApSb290
+IEVkNDQ4MEMwBQYDK2VxAzoAbbhuwNA/rdlgdLSyTJ6WaCVNO1gzccKiKW6pCADM
+McMBCNiQqWSt4EIbHpqDc+eWoiKbG6t7tjUAo1MwUTAdBgNVHQ4EFgQUVg2aQ+yh
+VRhOuW1l19jtgxfTgj8wHwYDVR0jBBgwFoAUVg2aQ+yhVRhOuW1l19jtgxfTgj8w
+DwYDVR0TAQH/BAUwAwEB/zAFBgMrZXEDcwCiXlZXyMubWFqLYiLXfKYrurajBMON
+lclLrYr57Syd+nAIlgXiF0rGK2PawoMPXVB3VWWSigEb54AImb6tsW42gC+zC6oq
+nkPC2FTLXPvqqgGXUpK/OfhPUP9bWw6mcJaIozlyzJD4AyebN9LDrBqCMwA=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MEcCAQAwBQYDK2VxBDsEOQeryQn6L8gItRarrM0pRHxjNdtaIz3BrWU2mwhLZQaq
+8Cm6w5gP6aitAIde7Td3nQ55bIGC5roxFQ==
+-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-IENBMCAXDTE4MDIyNzE1MDcxM1oYDzIxMTgwMjI4MTUwNzEzWjAQMQ4wDAYDVQQD
-DAVFZDQ0ODBDMAUGAytlcQM6ABBicYlhG1s3AoG5BFmY3r50lJzjQoER4zwuieEe
-QTvKxLEV06vGh79UWO6yQ5FxqmxvM1F/Xw7RAKNfMF0wHQYDVR0OBBYEFAwa1L4m
-3pwA8+IEJ7K/4izrjJIHMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJ
-MAkGA1UdEwQCMAAwEAYDVR0RBAkwB4IFRWQ0NDgwDQYJKoZIhvcNAQELBQADggEB
-AAugH2aE6VvArnOVjKBtalqtHlx+NCC3+S65sdWc9A9sNgI1ZiN7dn76TKn5d0T7
-NqV8nY1rwQg6WPGrCD6Eh63qhotytqYIxltppb4MOUJcz/Zf0ZwhB5bUfwNB//Ih
-5aZT86FpXVuyMnwUTWPcISJqpZiBv95yzZFMpniHFvecvV445ly4TFW5y6VURh40
-Tg4tMgjPTE7ADw+dX4FvnTWY3blxT1GzGxGvqWW4HgP8dOETnjmAwCzN0nUVmH9s
-7ybHORcSljcpe0XH6L/K7mbI+r8mVLsAoIzUeDwUdKKJZ2uGEtdhQDmJBp4EjOXE
-3qIn3wEQQ6ax4NIwkZihdLI=
+MIIBlTCCARWgAwIBAgIBAjAFBgMrZXEwFTETMBEGA1UEAwwKUm9vdCBFZDQ0ODAg
+Fw0yMDAyMDkxMzMwMjJaGA8yMTIwMDIxMDEzMzAyMlowEDEOMAwGA1UEAwwFZWQ0
+NDgwQzAFBgMrZXEDOgAQYnGJYRtbNwKBuQRZmN6+dJSc40KBEeM8LonhHkE7ysSx
+FdOrxoe/VFjuskORcapsbzNRf18O0QCjdDByMB0GA1UdDgQWBBQMGtS+Jt6cAPPi
+BCeyv+Is64ySBzAfBgNVHSMEGDAWgBRWDZpD7KFVGE65bWXX2O2DF9OCPzAJBgNV
+HRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBAGA1UdEQQJMAeCBWVkNDQ4MAUG
+AytlcQNzABLGZiaU6JPKa9eQ/VsE4HN9XjSogZBKIEHEWwyxrtGvjWiZ5MOnNJmQ
+7mX+Y2eJzfZ6MGHc63IlgPdIPFPzInnnAugw297kUNoLTg9SsGYeVGLbI3PNjwFL
+mQ3508f1Jobb8qZnf8YFUZrd85aurgoKAA==
-----END CERTIFICATE-----
# CT entry
./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key
+
+OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" \
+ root-ed448-key root-ed448-cert
+OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \
+ server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert
[4-Ed448 CipherString and Signature Algorithm Selection-client]
CipherString = aECDSA
MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
SignatureAlgorithms = ed448:ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-4]
Curves = X448
MaxProtocol = TLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ed448
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-10]
[44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ed448
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-44]
"CipherString" => "aECDSA",
"MaxProtocol" => "TLSv1.2",
"SignatureAlgorithms" => "ed448:ECDSA+SHA256",
- "RequestCAFile" => test_pem("root-cert.pem"),
+ "RequestCAFile" => test_pem("root-ed448-cert.pem"),
+ "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
},
test => {
"ExpectedServerCertType" =>, "Ed448",
"CipherString" => "aECDSA",
"MaxProtocol" => "TLSv1.2",
"SignatureAlgorithms" => "ECDSA+SHA256:ed448",
+ "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
# Excluding P-256 from the supported curves list means server
# certificate should be Ed25519 and not P-256
"Curves" => "X448"
server => $server_tls_1_3,
client => {
"SignatureAlgorithms" => "ed448",
+ "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
},
test => {
"ExpectedServerCertType" => "Ed448",
[1-SECLEVEL 3 with ED448 key-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-1]
[3-SECLEVEL 3 with ED448 key, TLSv1.2-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-3]
server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") },
- client => { },
+ client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "Success" },
},
{
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem"),
"MaxProtocol" => "TLSv1.2" },
- client => { },
+ client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "Success" },
},
);
projects / oweals / openssl.git / commitdiff