59a3b4a110
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing. * Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file. * Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined. * Added new `test-chains` for testing chains. * Added new `test-dhprime.conf` for DH prime check tests. * Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`. * Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf). * Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
170 lines
3.0 KiB
Plaintext
170 lines
3.0 KiB
Plaintext
# server bad certificate common name has null
|
|
# DG: Have not found a way to properly encode null in common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badcnnull.pem
|
|
-d
|
|
|
|
# client bad certificate common name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badcnnull.pem
|
|
-m
|
|
-x
|
|
|
|
# server bad certificate alternate name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badaltnull.pem
|
|
-d
|
|
|
|
# client bad certificate alternate name has null
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badaltnull.pem
|
|
-m
|
|
-x
|
|
|
|
# server nomatch common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badcn.pem
|
|
-d
|
|
|
|
# client nomatch common name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badcn.pem
|
|
-m
|
|
-x
|
|
|
|
# server nomatch alternate name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-k ./certs/server-key.pem
|
|
-c ./certs/test/server-badaltname.pem
|
|
-d
|
|
|
|
# client nomatch alternate name
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-badaltname.pem
|
|
-m
|
|
-x
|
|
|
|
# server RSA no signer error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# client RSA no signer error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-A ./certs/client-cert.pem
|
|
|
|
# server ECC no signer error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
|
# client ECC no signer error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-A ./certs/client-ecc-cert.pem
|
|
|
|
# server RSA bad sig error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-rsa-badsig.pem
|
|
|
|
# client RSA bad sig error
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# server ECC bad sig error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-ecc-badsig.pem
|
|
|
|
# client ECC bad sig error
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
|
# server missing CN from alternate names list
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-garbage.pem
|
|
|
|
# client missing CN from alternate names list
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-h localhost
|
|
-A ./certs/test/server-garbage.pem
|
|
-m
|
|
|
|
# Verify Callback Failure Tests
|
|
# no error going into callback, return error
|
|
# server
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
# server
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# client
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
|
|
# error going into callback, return error
|
|
# server
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-rsa-badsig.pem
|
|
-k ./certs/server-key.pem
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-RSA-AES128-GCM-SHA256
|
|
-H verifyFail
|
|
|
|
# server
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-c ./certs/test/server-cert-ecc-badsig.pem
|
|
-k ./certs/ecc-key.pem
|
|
|
|
# client verify should fail
|
|
-v 3
|
|
-l ECDHE-ECDSA-AES128-GCM-SHA256
|
|
-H verifyFail
|