Add client auth tests.
Change-Id: If3ecae4c97f67085b9880ffa49dd616f1436ce97
Reviewed-on: https://boringssl-review.googlesource.com/1112
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 7b1462a..27876fa 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -181,6 +181,14 @@
CertTypeECDSASign,
})},
},
+ {
+ name: "NoClientCertificate",
+ config: Config{
+ ClientAuth: RequireAnyClientCert,
+ },
+ shouldFail: true,
+ expectedLocalError: "client didn't provide a certificate",
+ },
}
func doExchange(tlsConn *Conn, messageLen int) error {
@@ -488,6 +496,53 @@
})
}
+func addClientAuthTests() {
+ for _, ver := range tlsVersions {
+ if ver.version == VersionSSL30 {
+ // TODO(davidben): The Go implementation does not
+ // correctly compute CertificateVerify hashes for SSLv3.
+ continue
+ }
+
+ var cipherSuites []uint16
+ if ver.version >= VersionTLS12 {
+ // Pick a SHA-256 cipher suite. The Go implementation
+ // does not correctly handle client auth with a SHA-384
+ // cipher suite.
+ cipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
+ }
+
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: ver.name + "-ClientAuth-RSA",
+ config: Config{
+ MinVersion: ver.version,
+ MaxVersion: ver.version,
+ CipherSuites: cipherSuites,
+ ClientAuth: RequireAnyClientCert,
+ },
+ flags: []string{
+ "-cert-file", rsaCertificateFile,
+ "-key-file", rsaKeyFile,
+ },
+ })
+ testCases = append(testCases, testCase{
+ testType: clientTest,
+ name: ver.name + "-ClientAuth-ECDSA",
+ config: Config{
+ MinVersion: ver.version,
+ MaxVersion: ver.version,
+ CipherSuites: cipherSuites,
+ ClientAuth: RequireAnyClientCert,
+ },
+ flags: []string{
+ "-cert-file", ecdsaCertificateFile,
+ "-key-file", ecdsaKeyFile,
+ },
+ })
+ }
+}
+
func worker(statusChan chan statusMsg, c chan *testCase, wg *sync.WaitGroup) {
defer wg.Done()
@@ -535,6 +590,7 @@
addCipherSuiteTests()
addBadECDSASignatureTests()
addCBCPaddingTests()
+ addClientAuthTests()
var wg sync.WaitGroup