mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wolfssl/tests/test-chains.conf
kaleb-himes 306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
2019-10-11 15:03:38 -06:00

385 lines
9.0 KiB
Plaintext
Raw Blame History

# Tests will use complete chain with intermediate CA for testing
# The tests with chains have the CRL checking disabled
# CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted
# For these tests we are loading root and sending intermediate and peer certs
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
-V
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
-C
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
-V
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainA-entity-key.pem
-c ./certs/test-pathlen/chainA-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainB-entity-key.pem
-c ./certs/test-pathlen/chainB-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainC-entity-key.pem
-c ./certs/test-pathlen/chainC-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainD-entity-key.pem
-c ./certs/test-pathlen/chainD-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainE-entity-key.pem
-c ./certs/test-pathlen/chainE-assembled.pem
-H exitWithRet
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H exitWithRet
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainF-entity-key.pem
-c ./certs/test-pathlen/chainF-assembled.pem
-H exitWithRet
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H exitWithRet
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainG-entity-key.pem
-c ./certs/test-pathlen/chainG-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainH-entity-key.pem
-c ./certs/test-pathlen/chainH-assembled.pem
-H exitWithRet
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H exitWithRet
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainI-entity-key.pem
-c ./certs/test-pathlen/chainI-assembled.pem
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-C
# server TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-k ./certs/test-pathlen/chainJ-entity-key.pem
-c ./certs/test-pathlen/chainJ-assembled.pem
-H exitWithRet
-V
# client TLSv1.2 pathLen constraint test
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-H exitWithRet
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-ecc.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-ecc.pem
-C
# Test will load intermediate CA as trusted and only present the peer cert (partial chain)
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
-V
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
-C
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
-V
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-int-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-int-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-int-ecc-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/intermediate/ca-int-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-int-ecc-cert.pem
-C
# Test will use alternate chain where chain contains extra cert
# These tests should fail
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
-V
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l DHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
-C
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
-V
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
-H exitWithRet
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem
-H exitWithRet
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/server-key.pem
-c ./certs/intermediate/server-chain-alt.pem
-H exitWithRet
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-cert.pem
-k ./certs/client-key.pem
-c ./certs/intermediate/client-chain-alt.pem
-H exitWithRet
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-key.pem
-c ./certs/intermediate/server-chain-alt-ecc.pem
-H exitWithRet
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ca-ecc-cert.pem
-k ./certs/ecc-client-key.pem
-c ./certs/intermediate/client-chain-alt-ecc.pem
-H exitWithRet
-C
Reference in New Issue View Git Blame Copy Permalink