SSL tests: port CT tests, add a few more
This commit only ports existing tests, and adds some coverage for
resumption. We don't appear to have any handshake tests that cover SCT
validation success, and this commit doesn't change that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 53ee0b4..d6b020d 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -143,6 +143,11 @@
- server2 - the secondary context
- invalid - an unknown context
+* CTValidation - Certificate Transparency validation strategy. One of
+ - None - no validation (default)
+ - Permissive - SSL_CT_VALIDATION_PERMISSIVE
+ - Strict - SSL_CT_VALIDATION_STRICT
+
#### Supported server-side options
* ServerNameCallback - the SNI switching callback to use
@@ -212,6 +217,10 @@
test/ssl-tests/01-simple.conf
```
+Some tests also need additional environment variables; for example, Certificate
+Transparency tests need a `CTLOG_FILE`. See `test/recipes/80-test_ssl_new.t` for
+details.
+
Note that the test expectations sometimes depend on the Configure settings. For
example, the negotiated protocol depends on the set of available (enabled)
protocols: a build with `enable-ssl3` has different test expectations than a
