1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
[
{"server_command": ["@SERVER@", "--http",
"--x509keyfile", "tests/serverX509Key.pem",
"--x509certfile", "tests/serverX509Cert.pem",
"--debug=6",
"--priority=@PRIORITY@",
"--port=@PORT@"],
"environment": {"PYTHONPATH" : "."},
"server_hostname": "localhost",
"server_port": @PORT@,
"tests" : [
{"name" : "test-tls13-certificate-verify.py",
"comment" : "tlsfuzzer doesn't like our status request (see #633)",
"exp_pass" : false,
"comment" : "tlsfuzzer doesn't like our set of algorithms (e.g., ed25519)",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-n", "10",
"-e", "check sigalgs in cert request",
"-p", "@PORT@"]},
{"name" : "test-tls13-ecdsa-in-certificate-verify.py",
"comment" : "tlsfuzzer doesn't like our status request (see #633)",
"exp_pass" : false,
"comment" : "tlsfuzzer doesn't like our set of algorithms (e.g., ed25519)",
"arguments" : ["-k", "tests/serverECKey.pem",
"-c", "tests/serverECCert.pem",
"-n", "10",
"-e", "check sigalgs in cert request",
"-p", "@PORT@"]},
{"name": "test-rsa-sigs-on-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-p", "@PORT@"]
},
{"name" : "test-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-p", "@PORT@"]
},
{"name" : "test-ecdsa-in-certificate-verify.py",
"comment" : "we don't support sha224; we send illegal_parameter instead of handshake_failure in md5+ecdsa",
"arguments" : ["-k", "tests/serverECKey.pem",
"-c", "tests/serverECCert.pem",
"-e", "make sha224+ecdsa signature in CertificateVerify",
"-e", "make sha224+ecdsa signature, advertise it as sha1+ecdsa in CertificateVerify",
"-e", "make sha224+ecdsa signature, advertise it as sha256+ecdsa in CertificateVerify",
"-e", "make sha224+ecdsa signature, advertise it as sha384+ecdsa in CertificateVerify",
"-e", "make sha224+ecdsa signature, advertise it as sha512+ecdsa in CertificateVerify",
"-e", "md5+ecdsa forced",
"-p", "@PORT@"]
},
{"name" : "test-certificate-verify-malformed.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-p", "@PORT@"]
},
{"name" : "test-certificate-verify-malformed-sig.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-p", "@PORT@"]
},
{"name" : "test-certificate-request.py",
"comment" : "tlsfuzzer doesn't like our set of algorithms or supported cert types",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-e", "check sigalgs in cert request",
"-e", "check cert types in cert request",
"-p", "@PORT@"]
},
{"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
"comment": "tlsfuzzer doesn't know ed25519 scheme which we advertise",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-e", "check CertificateRequest sigalgs",
"--illegpar",
"-n", "100",
"-p", "@PORT@"]
},
{"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
"comment": "tlsfuzzer doesn't know ed25519 scheme which we advertise",
"arguments" : ["-k", "tests/clientRSAPSSKey.pem",
"-c", "tests/clientRSAPSSCert.pem",
"-e", "check CertificateRequest sigalgs",
"--illegpar",
"-n", "100",
"-p", "@PORT@"]
},
{"name": "test-certificate-malformed.py",
"comment" : "tlsfuzzer doesn't like the alerts we send",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
"-e", "fuzz empty certificate - overall 7, certs 4, cert 1",
"-e", "fuzz empty certificate - overall 8, certs 5, cert 2",
"-e", "sanity - empty client cert",
"-e", "Correct cert followed by an empty one",
"-p", "@PORT@"]
}
]
}
]
|
