| # -*- mode: perl; -*- |
| |
| ## SSL test configurations |
| |
| package ssltests; |
| |
| use strict; |
| use warnings; |
| |
| use OpenSSL::Test; |
| use OpenSSL::Test::Utils qw(anydisabled); |
| setup("no_test_here"); |
| |
| # We test version-flexible negotiation (undef) and each protocol version. |
| my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); |
| |
| my @is_disabled = (0); |
| push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); |
| |
| our @tests = (); |
| |
| my $dir_sep = $^O ne "VMS" ? "/" : ""; |
| |
| sub generate_tests() { |
| |
| foreach (0..$#protocols) { |
| my $protocol = $protocols[$_]; |
| my $protocol_name = $protocol || "flex"; |
| my $caalert; |
| if (!$is_disabled[$_]) { |
| if ($protocol_name eq "SSLv3") { |
| $caalert = "BadCertificate"; |
| } else { |
| $caalert = "UnknownCA"; |
| } |
| # Sanity-check simple handshake. |
| push @tests, { |
| name => "server-auth-${protocol_name}", |
| server => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol |
| }, |
| client => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol |
| }, |
| test => { "ExpectedResult" => "Success" }, |
| }; |
| |
| # Handshake with client cert requested but not required or received. |
| push @tests, { |
| name => "client-auth-${protocol_name}-request", |
| server => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "VerifyMode" => "Request" |
| }, |
| client => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol |
| }, |
| test => { "ExpectedResult" => "Success" }, |
| }; |
| |
| # Handshake with client cert required but not present. |
| push @tests, { |
| name => "client-auth-${protocol_name}-require-fail", |
| server => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", |
| "VerifyMode" => "Require", |
| }, |
| client => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol |
| }, |
| test => { |
| "ExpectedResult" => "ServerFail", |
| "ExpectedServerAlert" => "HandshakeFailure", |
| }, |
| }; |
| |
| # Successful handshake with client authentication. |
| push @tests, { |
| name => "client-auth-${protocol_name}-require", |
| server => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", |
| "VerifyMode" => "Request", |
| }, |
| client => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", |
| "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", |
| }, |
| test => { "ExpectedResult" => "Success" }, |
| }; |
| |
| # Handshake with client authentication but without the root certificate. |
| push @tests, { |
| name => "client-auth-${protocol_name}-noroot", |
| server => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "VerifyMode" => "Require", |
| }, |
| client => { |
| "MinProtocol" => $protocol, |
| "MaxProtocol" => $protocol, |
| "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", |
| "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", |
| }, |
| test => { |
| "ExpectedResult" => "ServerFail", |
| "ExpectedServerAlert" => $caalert, |
| }, |
| }; |
| } |
| } |
| } |
| |
| generate_tests(); |
