openssl/test/ssl-tests/03-custom_verify.conf
Emilia Kasper 9f48bbacd8 Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".

This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".

This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.

Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-08 12:06:26 +02:00

239 lines
5.8 KiB
Plaintext

# Generated with generate_ssl_tests.pl
num_tests = 9
test-0 = 0-verify-success
test-1 = 1-verify-custom-reject
test-2 = 2-verify-custom-allow
test-3 = 3-noverify-success
test-4 = 4-noverify-ignore-custom-reject
test-5 = 5-noverify-accept-custom-allow
test-6 = 6-verify-fail-no-root
test-7 = 7-verify-custom-success-no-root
test-8 = 8-verify-custom-fail-no-root
# ===========================================================
[0-verify-success]
ssl_conf = 0-verify-success-ssl
[0-verify-success-ssl]
server = 0-verify-success-server
client = 0-verify-success-client
[0-verify-success-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-verify-success-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
ExpectedResult = Success
# ===========================================================
[1-verify-custom-reject]
ssl_conf = 1-verify-custom-reject-ssl
[1-verify-custom-reject-ssl]
server = 1-verify-custom-reject-server
client = 1-verify-custom-reject-client
[1-verify-custom-reject-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-verify-custom-reject-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
client = 1-verify-custom-reject-client-extra
[1-verify-custom-reject-client-extra]
VerifyCallback = RejectAll
# ===========================================================
[2-verify-custom-allow]
ssl_conf = 2-verify-custom-allow-ssl
[2-verify-custom-allow-ssl]
server = 2-verify-custom-allow-server
client = 2-verify-custom-allow-client
[2-verify-custom-allow-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-verify-custom-allow-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-2]
ExpectedResult = Success
client = 2-verify-custom-allow-client-extra
[2-verify-custom-allow-client-extra]
VerifyCallback = AcceptAll
# ===========================================================
[3-noverify-success]
ssl_conf = 3-noverify-success-ssl
[3-noverify-success-ssl]
server = 3-noverify-success-server
client = 3-noverify-success-client
[3-noverify-success-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-noverify-success-client]
CipherString = DEFAULT
[test-3]
ExpectedResult = Success
# ===========================================================
[4-noverify-ignore-custom-reject]
ssl_conf = 4-noverify-ignore-custom-reject-ssl
[4-noverify-ignore-custom-reject-ssl]
server = 4-noverify-ignore-custom-reject-server
client = 4-noverify-ignore-custom-reject-client
[4-noverify-ignore-custom-reject-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-noverify-ignore-custom-reject-client]
CipherString = DEFAULT
[test-4]
ExpectedResult = Success
client = 4-noverify-ignore-custom-reject-client-extra
[4-noverify-ignore-custom-reject-client-extra]
VerifyCallback = RejectAll
# ===========================================================
[5-noverify-accept-custom-allow]
ssl_conf = 5-noverify-accept-custom-allow-ssl
[5-noverify-accept-custom-allow-ssl]
server = 5-noverify-accept-custom-allow-server
client = 5-noverify-accept-custom-allow-client
[5-noverify-accept-custom-allow-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[5-noverify-accept-custom-allow-client]
CipherString = DEFAULT
[test-5]
ExpectedResult = Success
client = 5-noverify-accept-custom-allow-client-extra
[5-noverify-accept-custom-allow-client-extra]
VerifyCallback = AcceptAll
# ===========================================================
[6-verify-fail-no-root]
ssl_conf = 6-verify-fail-no-root-ssl
[6-verify-fail-no-root-ssl]
server = 6-verify-fail-no-root-server
client = 6-verify-fail-no-root-client
[6-verify-fail-no-root-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-verify-fail-no-root-client]
CipherString = DEFAULT
VerifyMode = Peer
[test-6]
ExpectedClientAlert = UnknownCA
ExpectedResult = ClientFail
# ===========================================================
[7-verify-custom-success-no-root]
ssl_conf = 7-verify-custom-success-no-root-ssl
[7-verify-custom-success-no-root-ssl]
server = 7-verify-custom-success-no-root-server
client = 7-verify-custom-success-no-root-client
[7-verify-custom-success-no-root-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-verify-custom-success-no-root-client]
CipherString = DEFAULT
VerifyMode = Peer
[test-7]
ExpectedResult = Success
client = 7-verify-custom-success-no-root-client-extra
[7-verify-custom-success-no-root-client-extra]
VerifyCallback = AcceptAll
# ===========================================================
[8-verify-custom-fail-no-root]
ssl_conf = 8-verify-custom-fail-no-root-ssl
[8-verify-custom-fail-no-root-ssl]
server = 8-verify-custom-fail-no-root-server
client = 8-verify-custom-fail-no-root-client
[8-verify-custom-fail-no-root-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-verify-custom-fail-no-root-client]
CipherString = DEFAULT
VerifyMode = Peer
[test-8]
ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
client = 8-verify-custom-fail-no-root-client-extra
[8-verify-custom-fail-no-root-client-extra]
VerifyCallback = RejectAll