From 7a08b764cca8f1a4a04384b708468c9c5d648659 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 17 Feb 2017 15:28:36 +0000 Subject: [PATCH] add DSA cert tests Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2667) --- test/ssl-tests/20-cert-select.conf | 32 ++++++++++++++++++- test/ssl-tests/20-cert-select.conf.in | 46 +++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 1 deletion(-) diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 72ce42574b..1598dadc6b 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 8 +num_tests = 9 test-0 = 0-ECDSA CipherString Selection test-1 = 1-RSA CipherString Selection @@ -10,6 +10,7 @@ test-4 = 4-ECDSA Signature Algorithm Selection SHA384 test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate test-6 = 6-RSA Signature Algorithm Selection test-7 = 7-RSA-PSS Signature Algorithm Selection +test-8 = 8-TLS 1.2 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -235,3 +236,32 @@ ExpectedServerSignHash = SHA256 ExpectedServerSignType = RSA-PSS +# =========================================================== + +[8-TLS 1.2 DSA Certificate Test] +ssl_conf = 8-TLS 1.2 DSA Certificate Test-ssl + +[8-TLS 1.2 DSA Certificate Test-ssl] +server = 8-TLS 1.2 DSA Certificate Test-server +client = 8-TLS 1.2 DSA Certificate Test-client + +[8-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success + + diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index c5a5c31d11..7edfed6bd6 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -244,3 +244,49 @@ my @tests_tls_1_3 = ( ); push @tests, @tests_tls_1_3 unless disabled("tls1_3"); + +my @tests_dsa_tls_1_2 = ( + { + name => "TLS 1.2 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "DHParameters" => test_pem("dhp2048.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "Success" + }, + }, +); + +my @tests_dsa_tls_1_3 = ( + { + name => "TLS 1.3 DSA Certificate Test", + server => { + "DSA.Certificate" => test_pem("server-dsa-cert.pem"), + "DSA.PrivateKey" => test_pem("server-dsa-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3", + "CipherString" => "ALL", + }, + client => { + "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256", + "CipherString" => "ALL", + }, + test => { + "ExpectedResult" => "ServerFail" + }, + }, +); + +if (!disabled("dsa")) { + push @tests, @tests_dsa_tls_1_2 unless disabled("dh"); + push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3"); +} -- 2.25.1