diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in --- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200 +++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200 @@ -147,22 +147,22 @@ our @tests = ( { name => "ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", + "Certificate" => test_pem("server-ecdsa-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-key.pem"), +# "Groups" => "brainpoolP256r1", }, client => { #We don't restrict this to TLSv1.2, although use of brainpool #should force this anyway so that this should succeed "CipherString" => "aECDSA", "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", +# "Groups" => "brainpoolP256r1", }, test => { - "ExpectedServerCertType" =>, "brainpoolP256r1", - "ExpectedServerSignType" =>, "EC", +# "ExpectedServerCertType" =>, "brainpoolP256r1", +# "ExpectedServerSignType" =>, "EC", # Note: certificate_authorities not sent for TLS < 1.3 - "ExpectedServerCANames" =>, "empty", +# "ExpectedServerCANames" =>, "empty", "ExpectedResult" => "Success" }, }, @@ -853,18 +853,18 @@ my @tests_tls_1_3 = ( { name => "TLS 1.3 ECDSA with brainpool", server => { - "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), - "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", + "Certificate" => test_pem("server-ecdsa-cert.pem"), + "PrivateKey" => test_pem("server-ecdsa-key.pem"), +# "Groups" => "brainpoolP256r1", }, client => { "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", +# "Groups" => "brainpoolP256r1", "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3" }, test => { - "ExpectedResult" => "ServerFail" + "ExpectedResult" => "Success" }, }, ); diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf --- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200 +++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200 @@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server client = 5-ECDSA with brainpool-client [5-ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [5-ECDSA with brainpool-client] CipherString = aECDSA -Groups = brainpoolP256r1 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] ExpectedResult = Success -ExpectedServerCANames = empty -ExpectedServerCertType = brainpoolP256r1 -ExpectedServerSignType = EC # =========================================================== @@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool client = 52-TLS 1.3 ECDSA with brainpool-client [52-TLS 1.3 ECDSA with brainpool-server] -Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem +Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem CipherString = DEFAULT -Groups = brainpoolP256r1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem [52-TLS 1.3 ECDSA with brainpool-client] CipherString = DEFAULT -Groups = brainpoolP256r1 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem @@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro VerifyMode = Peer [test-52] -ExpectedResult = ServerFail +ExpectedResult = Success # ===========================================================