diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2020-01-02 23:16:30 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2020-02-11 23:23:42 +0100 |
commit | 77c4d3972400adf1bcb76ceea359f5453cc3e8e4 (patch) | |
tree | d91ee124a9acaa01884c75815b3c2b43d6b10885 /test/ssl-tests | |
parent | d819760d3da5dd5491c94a2d6b36553708c9338b (diff) | |
download | openssl-77c4d3972400adf1bcb76ceea359f5453cc3e8e4.zip openssl-77c4d3972400adf1bcb76ceea359f5453cc3e8e4.tar.gz openssl-77c4d3972400adf1bcb76ceea359f5453cc3e8e4.tar.bz2 |
Generate new Ed488 certificates
Create a whole chain of Ed488 certificates so that we can use it at security
level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the
Ed488 certificate using SHA256 (128 bit, level 3).
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #10785
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/20-cert-select.conf | 8 | ||||
-rw-r--r-- | test/ssl-tests/20-cert-select.conf.in | 5 | ||||
-rw-r--r-- | test/ssl-tests/28-seclevel.conf | 4 | ||||
-rw-r--r-- | test/ssl-tests/28-seclevel.conf.in | 4 |
4 files changed, 12 insertions, 9 deletions
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 93f3a1f..757b973 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -216,9 +216,9 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-Ed448 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 -RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem SignatureAlgorithms = ed448:ECDSA+SHA256 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer [test-4] @@ -421,7 +421,7 @@ CipherString = aECDSA Curves = X448 MaxProtocol = TLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer [test-10] @@ -1454,7 +1454,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [44-TLS 1.3 Ed448 Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ed448 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer [test-44] diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 5e9bfed..2409354 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -134,7 +134,8 @@ our @tests = ( "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", "SignatureAlgorithms" => "ed448:ECDSA+SHA256", - "RequestCAFile" => test_pem("root-cert.pem"), + "RequestCAFile" => test_pem("root-ed448-cert.pem"), + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), }, test => { "ExpectedServerCertType" =>, "Ed448", @@ -231,6 +232,7 @@ our @tests = ( "CipherString" => "aECDSA", "MaxProtocol" => "TLSv1.2", "SignatureAlgorithms" => "ECDSA+SHA256:ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), # Excluding P-256 from the supported curves list means server # certificate should be Ed25519 and not P-256 "Curves" => "X448" @@ -727,6 +729,7 @@ my @tests_tls_1_3 = ( server => $server_tls_1_3, client => { "SignatureAlgorithms" => "ed448", + "VerifyCAFile" => test_pem("root-ed448-cert.pem"), }, test => { "ExpectedServerCertType" => "Ed448", diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf index f863f68..04a0c4f 100644 --- a/test/ssl-tests/28-seclevel.conf +++ b/test/ssl-tests/28-seclevel.conf @@ -45,7 +45,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem [1-SECLEVEL 3 with ED448 key-client] CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer [test-1] @@ -93,7 +93,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem [3-SECLEVEL 3 with ED448 key, TLSv1.2-client] CipherString = DEFAULT -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem VerifyMode = Peer [test-3] diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in index 9d400a4..f2cdc47 100644 --- a/test/ssl-tests/28-seclevel.conf.in +++ b/test/ssl-tests/28-seclevel.conf.in @@ -27,7 +27,7 @@ our @tests_ec = ( server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", "Certificate" => test_pem("server-ed448-cert.pem"), "PrivateKey" => test_pem("server-ed448-key.pem") }, - client => { }, + client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "Success" }, }, { @@ -49,7 +49,7 @@ our @tests_tls1_2 = ( "Certificate" => test_pem("server-ed448-cert.pem"), "PrivateKey" => test_pem("server-ed448-key.pem"), "MaxProtocol" => "TLSv1.2" }, - client => { }, + client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, test => { "ExpectedResult" => "Success" }, }, ); |