Add tests for keyUsage with client auth

commit: a9db85df7345723a894ac64927c15c7073294bd2 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Apr 09 14:53:05 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Apr 09 15:50:58 2014 +0200
tree: 1b27622894369ec2547a13ab97b32962f14ec485
parent: 490047cc4497fe1c107547bb9c70c396dc783555 [diff] [blame]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec9e549..16748b0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -1031,16 +1031,7 @@
             -C "Ciphersuite is "
 
 # Tests for keyUsage in leaf certificates, part 2:
-# client-side checks
-
-run_test    "keyUsage cli #0 (reference, no extension)" \
-            "$O_SRV -key data_files/server2.key \
-             -cert data_files/server2.crt" \
-            "$P_CLI debug_level=2" \
-            0 \
-            -C "bad server certificate (usage ext.)" \
-            -C "Processing of the Certificate handshake message failed" \
-            -c "Ciphersuite is TLS-"
+# client-side checking of server cert
 
 run_test    "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
             "$O_SRV -key data_files/server2.key \
@@ -1048,7 +1039,7 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             0 \
-            -C "bad server certificate (usage ext.)" \
+            -C "bad certificate (usage extensions)" \
             -C "Processing of the Certificate handshake message failed" \
             -c "Ciphersuite is TLS-"
 
@@ -1058,7 +1049,7 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
             0 \
-            -C "bad server certificate (usage ext.)" \
+            -C "bad certificate (usage extensions)" \
             -C "Processing of the Certificate handshake message failed" \
             -c "Ciphersuite is TLS-"
 
@@ -1068,7 +1059,7 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             0 \
-            -C "bad server certificate (usage ext.)" \
+            -C "bad certificate (usage extensions)" \
             -C "Processing of the Certificate handshake message failed" \
             -c "Ciphersuite is TLS-"
 
@@ -1078,7 +1069,7 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
             1 \
-            -c "bad server certificate (usage ext.)" \
+            -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
             -C "Ciphersuite is TLS-"
 
@@ -1088,7 +1079,7 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
             0 \
-            -C "bad server certificate (usage ext.)" \
+            -C "bad certificate (usage extensions)" \
             -C "Processing of the Certificate handshake message failed" \
             -c "Ciphersuite is TLS-"
 
@@ -1098,10 +1089,53 @@
             "$P_CLI debug_level=2 \
              force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             1 \
-            -c "bad server certificate (usage ext.)" \
+            -c "bad certificate (usage extensions)" \
             -c "Processing of the Certificate handshake message failed" \
             -C "Ciphersuite is TLS-"
 
+# Tests for keyUsage in leaf certificates, part 3:
+# server-side checking of client cert
+
+run_test    "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
+            "$P_SRV debug_level=2 auth_mode=optional" \
+            "$O_CLI -key data_files/server2.key \
+             -cert data_files/server2.ku-ds.crt" \
+            0 \
+            -S "bad certificate (usage extensions)" \
+            -S "Processing of the Certificate handshake message failed"
+
+run_test    "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
+            "$P_SRV debug_level=2 auth_mode=optional" \
+            "$O_CLI -key data_files/server2.key \
+             -cert data_files/server2.ku-ke.crt" \
+            0 \
+            -s "bad certificate (usage extensions)" \
+            -S "Processing of the Certificate handshake message failed"
+
+run_test    "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
+            "$P_SRV debug_level=2 auth_mode=required" \
+            "$O_CLI -key data_files/server2.key \
+             -cert data_files/server2.ku-ke.crt" \
+            1 \
+            -s "bad certificate (usage extensions)" \
+            -s "Processing of the Certificate handshake message failed"
+
+run_test    "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
+            "$P_SRV debug_level=2 auth_mode=optional" \
+            "$O_CLI -key data_files/server5.key \
+             -cert data_files/server5.ku-ds.crt" \
+            0 \
+            -S "bad certificate (usage extensions)" \
+            -S "Processing of the Certificate handshake message failed"
+
+run_test    "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
+            "$P_SRV debug_level=2 auth_mode=optional" \
+            "$O_CLI -key data_files/server5.key \
+             -cert data_files/server5.ku-ka.crt" \
+            0 \
+            -s "bad certificate (usage extensions)" \
+            -S "Processing of the Certificate handshake message failed"
+
 # Final report
 
 echo "------------------------------------------------------------------------"
commit	a9db85df7345723a894ac64927c15c7073294bd2	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Apr 09 14:53:05 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Apr 09 15:50:58 2014 +0200
tree	1b27622894369ec2547a13ab97b32962f14ec485
parent	490047cc4497fe1c107547bb9c70c396dc783555 [diff] [blame]