mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
9f48bbacd8
Move custom server and client options from the test dictionary to an "extra" section of each server/client. Rename test expectations to say "Expected". This is a big but straightforward change. Primarily, this allows us to specify multiple server and client contexts without redefining the custom options for each of them. For example, instead of "ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols", we now have, "NPNProtocols". This simplifies writing resumption and SNI tests. The first application will be resumption tests for NPN and ALPN. Regrouping the options also makes it clearer which options apply to the server, which apply to the client, which configure the test, and which are test expectations. Reviewed-by: Richard Levitte <levitte@openssl.org>
126 lines
4.3 KiB
Perl
126 lines
4.3 KiB
Perl
# -*- mode: perl; -*-
|
|
|
|
## SSL test configurations
|
|
|
|
package ssltests;
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use OpenSSL::Test;
|
|
use OpenSSL::Test::Utils qw(anydisabled);
|
|
setup("no_test_here");
|
|
|
|
# We test version-flexible negotiation (undef) and each protocol version.
|
|
my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
|
|
|
|
my @is_disabled = (0);
|
|
push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
|
|
|
|
our @tests = ();
|
|
|
|
my $dir_sep = $^O ne "VMS" ? "/" : "";
|
|
|
|
sub generate_tests() {
|
|
|
|
foreach (0..$#protocols) {
|
|
my $protocol = $protocols[$_];
|
|
my $protocol_name = $protocol || "flex";
|
|
my $caalert;
|
|
if (!$is_disabled[$_]) {
|
|
if ($protocol_name eq "SSLv3") {
|
|
$caalert = "BadCertificate";
|
|
} else {
|
|
$caalert = "UnknownCA";
|
|
}
|
|
# Sanity-check simple handshake.
|
|
push @tests, {
|
|
name => "server-auth-${protocol_name}",
|
|
server => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol
|
|
},
|
|
client => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol
|
|
},
|
|
test => { "ExpectedResult" => "Success" },
|
|
};
|
|
|
|
# Handshake with client cert requested but not required or received.
|
|
push @tests, {
|
|
name => "client-auth-${protocol_name}-request",
|
|
server => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"VerifyMode" => "Request"
|
|
},
|
|
client => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol
|
|
},
|
|
test => { "ExpectedResult" => "Success" },
|
|
};
|
|
|
|
# Handshake with client cert required but not present.
|
|
push @tests, {
|
|
name => "client-auth-${protocol_name}-require-fail",
|
|
server => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
|
|
"VerifyMode" => "Require",
|
|
},
|
|
client => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail",
|
|
"ExpectedServerAlert" => "HandshakeFailure",
|
|
},
|
|
};
|
|
|
|
# Successful handshake with client authentication.
|
|
push @tests, {
|
|
name => "client-auth-${protocol_name}-require",
|
|
server => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
|
|
"VerifyMode" => "Request",
|
|
},
|
|
client => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
|
|
"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
|
|
},
|
|
test => { "ExpectedResult" => "Success" },
|
|
};
|
|
|
|
# Handshake with client authentication but without the root certificate.
|
|
push @tests, {
|
|
name => "client-auth-${protocol_name}-noroot",
|
|
server => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"VerifyMode" => "Require",
|
|
},
|
|
client => {
|
|
"MinProtocol" => $protocol,
|
|
"MaxProtocol" => $protocol,
|
|
"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
|
|
"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail",
|
|
"ExpectedServerAlert" => $caalert,
|
|
},
|
|
};
|
|
}
|
|
}
|
|
}
|
|
|
|
generate_tests();
|