mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
60e3b3c550
openssl/test/ssl-tests/04-client_auth.conf.in
Emilia Kasper 9f48bbacd8 Reorganize SSL test structures 
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:06:26 +02:00

126 lines
4.3 KiB
Perl
Raw Blame History

# -*- mode: perl; -*-
## SSL test configurations
package ssltests;
use strict;
use warnings;
use OpenSSL::Test;
use OpenSSL::Test::Utils qw(anydisabled);
setup("no_test_here");
# We test version-flexible negotiation (undef) and each protocol version.
my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
my @is_disabled = (0);
push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
our @tests = ();
my $dir_sep = $^O ne "VMS" ? "/" : "";
sub generate_tests() {
foreach (0..$#protocols) {
my $protocol = $protocols[$_];
my $protocol_name = $protocol || "flex";
my $caalert;
if (!$is_disabled[$_]) {
if ($protocol_name eq "SSLv3") {
$caalert = "BadCertificate";
} else {
$caalert = "UnknownCA";
}
# Sanity-check simple handshake.
push @tests, {
name => "server-auth-${protocol_name}",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
test => { "ExpectedResult" => "Success" },
};
# Handshake with client cert requested but not required or received.
push @tests, {
name => "client-auth-${protocol_name}-request",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyMode" => "Request"
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
test => { "ExpectedResult" => "Success" },
};
# Handshake with client cert required but not present.
push @tests, {
name => "client-auth-${protocol_name}-require-fail",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
"VerifyMode" => "Require",
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
test => {
"ExpectedResult" => "ServerFail",
"ExpectedServerAlert" => "HandshakeFailure",
},
};
# Successful handshake with client authentication.
push @tests, {
name => "client-auth-${protocol_name}-require",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
"VerifyMode" => "Request",
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
},
test => { "ExpectedResult" => "Success" },
};
# Handshake with client authentication but without the root certificate.
push @tests, {
name => "client-auth-${protocol_name}-noroot",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyMode" => "Require",
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
},
test => {
"ExpectedResult" => "ServerFail",
"ExpectedServerAlert" => $caalert,
},
};
}
}
}
generate_tests();
Reference in New Issue View Git Blame Copy Permalink