From: Dr. Stephen Henson Date: Wed, 25 Jan 2017 18:43:13 +0000 (+0000) Subject: Add server signature algorithm bug test. X-Git-Tag: OpenSSL_1_1_1-pre1~2595 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9cf847d7056877f3d6b3f20c11ead8110eae951f;p=oweals%2Fopenssl.git Add server signature algorithm bug test. Add a client authentication signature algorithm to simple ssl test and a server signature algorithm. Since we don't do client auth this should have no effect. However if we use client auth signature algorithms by mistake this will abort the handshake with a no shared signature algorithms error. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2290) --- diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index 6f2f6c4893..5f4dd841b4 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -1,9 +1,10 @@ # Generated with generate_ssl_tests.pl -num_tests = 2 +num_tests = 3 test-0 = 0-default -test-1 = 1-verify-cert +test-1 = 1-Server signature algorithms bug +test-2 = 2-verify-cert # =========================================================== [0-default] @@ -29,23 +30,48 @@ ExpectedResult = Success # =========================================================== -[1-verify-cert] -ssl_conf = 1-verify-cert-ssl +[1-Server signature algorithms bug] +ssl_conf = 1-Server signature algorithms bug-ssl -[1-verify-cert-ssl] -server = 1-verify-cert-server -client = 1-verify-cert-client +[1-Server signature algorithms bug-ssl] +server = 1-Server signature algorithms bug-server +client = 1-Server signature algorithms bug-client -[1-verify-cert-server] +[1-Server signature algorithms bug-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-verify-cert-client] +[1-Server signature algorithms bug-client] CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] +ExpectedResult = Success + + +# =========================================================== + +[2-verify-cert] +ssl_conf = 2-verify-cert-ssl + +[2-verify-cert-ssl] +server = 2-verify-cert-server +client = 2-verify-cert-client + +[2-verify-cert-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-verify-cert-client] +CipherString = DEFAULT +VerifyMode = Peer + +[test-2] ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in index 45ddd61921..086d66d32f 100644 --- a/test/ssl-tests/01-simple.conf.in +++ b/test/ssl-tests/01-simple.conf.in @@ -19,6 +19,14 @@ our @tests = ( test => { "ExpectedResult" => "Success" }, }, + { + name => "Server signature algorithms bug", + # Should have no effect as we aren't doing client auth + server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" }, + client => { "SignatureAlgorithms" => "RSA+SHA256" }, + test => { "ExpectedResult" => "Success" }, + }, + { name => "verify-cert", server => { },