mirror of
https://github.com/openssl/openssl.git
synced 2024-12-25 01:43:57 +08:00
Add server signature algorithm bug test.
Add a client authentication signature algorithm to simple ssl test and a server signature algorithm. Since we don't do client auth this should have no effect. However if we use client auth signature algorithms by mistake this will abort the handshake with a no shared signature algorithms error. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2290)
This commit is contained in:
parent
a9669ddc64
commit
9cf847d705
@ -1,9 +1,10 @@
|
||||
# Generated with generate_ssl_tests.pl
|
||||
|
||||
num_tests = 2
|
||||
num_tests = 3
|
||||
|
||||
test-0 = 0-default
|
||||
test-1 = 1-verify-cert
|
||||
test-1 = 1-Server signature algorithms bug
|
||||
test-2 = 2-verify-cert
|
||||
# ===========================================================
|
||||
|
||||
[0-default]
|
||||
@ -29,23 +30,48 @@ ExpectedResult = Success
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[1-verify-cert]
|
||||
ssl_conf = 1-verify-cert-ssl
|
||||
[1-Server signature algorithms bug]
|
||||
ssl_conf = 1-Server signature algorithms bug-ssl
|
||||
|
||||
[1-verify-cert-ssl]
|
||||
server = 1-verify-cert-server
|
||||
client = 1-verify-cert-client
|
||||
[1-Server signature algorithms bug-ssl]
|
||||
server = 1-Server signature algorithms bug-server
|
||||
client = 1-Server signature algorithms bug-client
|
||||
|
||||
[1-verify-cert-server]
|
||||
[1-Server signature algorithms bug-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
ClientSignatureAlgorithms = ECDSA+SHA256
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[1-Server signature algorithms bug-client]
|
||||
CipherString = DEFAULT
|
||||
SignatureAlgorithms = RSA+SHA256
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-1]
|
||||
ExpectedResult = Success
|
||||
|
||||
|
||||
# ===========================================================
|
||||
|
||||
[2-verify-cert]
|
||||
ssl_conf = 2-verify-cert-ssl
|
||||
|
||||
[2-verify-cert-ssl]
|
||||
server = 2-verify-cert-server
|
||||
client = 2-verify-cert-client
|
||||
|
||||
[2-verify-cert-server]
|
||||
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
CipherString = DEFAULT
|
||||
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[1-verify-cert-client]
|
||||
[2-verify-cert-client]
|
||||
CipherString = DEFAULT
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-1]
|
||||
[test-2]
|
||||
ExpectedClientAlert = UnknownCA
|
||||
ExpectedResult = ClientFail
|
||||
|
||||
|
@ -19,6 +19,14 @@ our @tests = (
|
||||
test => { "ExpectedResult" => "Success" },
|
||||
},
|
||||
|
||||
{
|
||||
name => "Server signature algorithms bug",
|
||||
# Should have no effect as we aren't doing client auth
|
||||
server => { "ClientSignatureAlgorithms" => "ECDSA+SHA256" },
|
||||
client => { "SignatureAlgorithms" => "RSA+SHA256" },
|
||||
test => { "ExpectedResult" => "Success" },
|
||||
},
|
||||
|
||||
{
|
||||
name => "verify-cert",
|
||||
server => { },
|
||||
|
Loading…
Reference in New Issue
Block a user