diff options
Diffstat (limited to 'tests/suite/tls-fuzzer/gnutls-cert.json')
-rw-r--r-- | tests/suite/tls-fuzzer/gnutls-cert.json | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index f0443d8a7d..7a5af26e53 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -2,7 +2,7 @@ {"server_command": ["@SERVER@", "--http", "--x509keyfile", "tests/serverX509Key.pem", "--x509certfile", "tests/serverX509Cert.pem", - "--debug=4", + "--debug=6", "--priority=@PRIORITY@", "--port=@PORT@"], "environment": {"PYTHONPATH" : "."}, @@ -10,16 +10,20 @@ "server_port": @PORT@, "tests" : [ {"name" : "test-tls13-certificate-verify.py", + "comment" : "tlsfuzzer doesn't like our status request (see #633)", + "exp_pass" : false, "comment" : "tlsfuzzer doesn't like our set of algorithms (e.g., ed25519)", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-n", "10", "-e", "check sigalgs in cert request", "-p", "@PORT@"]}, - {"name" : "test-tls13-certificate-verify.py", + {"name" : "test-tls13-ecdsa-in-certificate-verify.py", + "comment" : "tlsfuzzer doesn't like our status request (see #633)", + "exp_pass" : false, "comment" : "tlsfuzzer doesn't like our set of algorithms (e.g., ed25519)", - "arguments" : ["-k", "tests/clientRSAPSSKey.pem", - "-c", "tests/clientRSAPSSCert.pem", + "arguments" : ["-k", "tests/serverECKey.pem", + "-c", "tests/serverECCert.pem", "-n", "10", "-e", "check sigalgs in cert request", "-p", "@PORT@"]}, @@ -33,6 +37,18 @@ "-c", "tests/clientX509Cert.pem", "-p", "@PORT@"] }, + {"name" : "test-ecdsa-in-certificate-verify.py", + "comment" : "we don't support sha224; we send illegal_parameter instead of handshake_failure in md5+ecdsa", + "arguments" : ["-k", "tests/serverECKey.pem", + "-c", "tests/serverECCert.pem", + "-e", "make sha224+ecdsa signature in CertificateVerify", + "-e", "make sha224+ecdsa signature, advertise it as sha1+ecdsa in CertificateVerify", + "-e", "make sha224+ecdsa signature, advertise it as sha256+ecdsa in CertificateVerify", + "-e", "make sha224+ecdsa signature, advertise it as sha384+ecdsa in CertificateVerify", + "-e", "make sha224+ecdsa signature, advertise it as sha512+ecdsa in CertificateVerify", + "-e", "md5+ecdsa forced", + "-p", "@PORT@"] + }, {"name" : "test-certificate-verify-malformed.py", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", @@ -44,10 +60,11 @@ "-p", "@PORT@"] }, {"name" : "test-certificate-request.py", - "comment" : "tlsfuzzer doesn't like our set of algorithms", + "comment" : "tlsfuzzer doesn't like our set of algorithms or supported cert types", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-e", "check sigalgs in cert request", + "-e", "check cert types in cert request", "-p", "@PORT@"] }, {"name" : "test-rsa-pss-sigs-on-certificate-verify.py", |