|
Packit Service |
084de1 |
# -*- mode: perl; -*-
|
|
Packit Service |
084de1 |
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit Service |
084de1 |
#
|
|
Packit Service |
084de1 |
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit Service |
084de1 |
# this file except in compliance with the License. You can obtain a copy
|
|
Packit Service |
084de1 |
# in the file LICENSE in the source distribution or at
|
|
Packit Service |
084de1 |
# https://www.openssl.org/source/license.html
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
## SSL test configurations
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
package ssltests;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
our @tests = (
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Sanity-check that verification indeed succeeds without the
|
|
Packit Service |
084de1 |
# restrictive callback.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-success",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => { },
|
|
Packit Service |
084de1 |
test => { "ExpectedResult" => "Success" },
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always fails.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-custom-reject",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "RejectAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "ClientFail",
|
|
Packit Service |
084de1 |
"ExpectedClientAlert" => "HandshakeFailure",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always succeeds.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-custom-allow",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "AcceptAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "Success",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Sanity-check that verification indeed succeeds if peer verification
|
|
Packit Service |
084de1 |
# is not requested.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "noverify-success",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
"VerifyMode" => undef,
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => { "ExpectedResult" => "Success" },
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always fails.
|
|
Packit Service |
084de1 |
# The callback return has no impact on handshake success in this mode.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "noverify-ignore-custom-reject",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
"VerifyMode" => undef,
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "RejectAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "Success",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always succeeds.
|
|
Packit Service |
084de1 |
# The callback return has no impact on handshake success in this mode.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "noverify-accept-custom-allow",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
"VerifyMode" => undef,
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "AcceptAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "Success",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Sanity-check that verification indeed fails without the
|
|
Packit Service |
084de1 |
# permissive callback.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-fail-no-root",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
# Don't set up the client root file.
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "ClientFail",
|
|
Packit Service |
084de1 |
"ExpectedClientAlert" => "UnknownCA",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always succeeds.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-custom-success-no-root",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "AcceptAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "Success"
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
# Same test as above but with a custom callback that always fails.
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
name => "verify-custom-fail-no-root",
|
|
Packit Service |
084de1 |
server => { },
|
|
Packit Service |
084de1 |
client => {
|
|
Packit Service |
084de1 |
"VerifyCAFile" => undef,
|
|
Packit Service |
084de1 |
extra => {
|
|
Packit Service |
084de1 |
"VerifyCallback" => "RejectAll",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
test => {
|
|
Packit Service |
084de1 |
"ExpectedResult" => "ClientFail",
|
|
Packit Service |
084de1 |
"ExpectedClientAlert" => "HandshakeFailure",
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
},
|
|
Packit Service |
084de1 |
);
|