source-git / openssl

Clone
Source Code
GIT

Blame test/ssl-tests/18-dtls-renegotiate.conf.in

c8 c8s master
  1.   c4476c2d191c8f18018d947521358ac6321a212e
  2.   test
  3.   ssl-tests
  4.   18-dtls-renegotiate.conf.in
Blob History Raw
Packit c4476c 
# -*- mode: perl; -*-
Packit c4476c 
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c 
#
Packit c4476c 
# Licensed under the OpenSSL license (the "License").  You may not use
Packit c4476c 
# this file except in compliance with the License.  You can obtain a copy
Packit c4476c 
# in the file LICENSE in the source distribution or at
Packit c4476c 
# https://www.openssl.org/source/license.html
Packit c4476c
Packit c4476c
Packit c4476c 
## Test Renegotiation
Packit c4476c
Packit c4476c 
use strict;
Packit c4476c 
use warnings;
Packit c4476c
Packit c4476c 
package ssltests;
Packit c4476c 
use OpenSSL::Test::Utils;
Packit c4476c
Packit c4476c 
our @tests = ();
Packit c4476c
Packit c4476c 
foreach my $sctp ("No", "Yes")
Packit c4476c 
{
Packit c4476c 
    next if disabled("sctp") && $sctp eq "Yes";
Packit c4476c
Packit c4476c 
    my $suffix = ($sctp eq "No") ? "" : "-sctp";
Packit c4476c 
    our @tests_basic = (
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-client-no-resume".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "Options" => "NoResumptionOnRenegotiation"
Packit c4476c 
            },
Packit c4476c 
            client => {},
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-client-resume".$suffix,
Packit c4476c 
            server => {},
Packit c4476c 
            client => {},
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "Yes",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        # Note: Unlike the TLS tests, we will never do resumption with server
Packit c4476c 
        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
Packit c4476c 
        # handshake (i.e. it doesn't supply a session id) when it receives a
Packit c4476c 
        # HelloRequest. This is different to the OpenSSL TLS implementation where an
Packit c4476c 
        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
Packit c4476c 
        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
Packit c4476c 
        # handshake support was first added. Neither behaviour is wrong, but the
Packit c4476c 
        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
Packit c4476c 
        # and if so, what to?
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-server-resume".$suffix,
Packit c4476c 
            server => {},
Packit c4476c 
            client => {},
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateServer",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-client-auth-require".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "VerifyCAFile" => test_pem("root-cert.pem"),
Packit c4476c 
                "VerifyMode" => "Require",
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "Certificate" => test_pem("ee-client-chain.pem"),
Packit c4476c 
                "PrivateKey"  => test_pem("ee-key.pem"),
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateServer",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-client-auth-once".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "VerifyCAFile" => test_pem("root-cert.pem"),
Packit c4476c 
                "VerifyMode" => "Once",
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "Certificate" => test_pem("ee-client-chain.pem"),
Packit c4476c 
                "PrivateKey"  => test_pem("ee-key.pem"),
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateServer",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        }
Packit c4476c 
    );
Packit c4476c 
    push @tests, @tests_basic;
Packit c4476c
Packit c4476c 
    next if disabled("dtls1_2");
Packit c4476c 
    our @tests_dtls1_2 = (
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-aead-to-non-aead".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "Options" => "NoResumptionOnRenegotiation"
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "CipherString" => "AES128-GCM-SHA256",
Packit c4476c 
                extra => {
Packit c4476c 
                    "RenegotiateCiphers" => "AES128-SHA"
Packit c4476c 
                }
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-non-aead-to-aead".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "Options" => "NoResumptionOnRenegotiation"
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "CipherString" => "AES128-SHA",
Packit c4476c 
                extra => {
Packit c4476c 
                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
Packit c4476c 
                }
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-non-aead-to-non-aead".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "Options" => "NoResumptionOnRenegotiation"
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "CipherString" => "AES128-SHA",
Packit c4476c 
                extra => {
Packit c4476c 
                    "RenegotiateCiphers" => "AES256-SHA"
Packit c4476c 
                }
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
        {
Packit c4476c 
            name => "renegotiate-aead-to-aead".$suffix,
Packit c4476c 
            server => {
Packit c4476c 
                "Options" => "NoResumptionOnRenegotiation"
Packit c4476c 
            },
Packit c4476c 
            client => {
Packit c4476c 
                "CipherString" => "AES128-GCM-SHA256",
Packit c4476c 
                extra => {
Packit c4476c 
                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
Packit c4476c 
                }
Packit c4476c 
            },
Packit c4476c 
            test => {
Packit c4476c 
                "Method" => "DTLS",
Packit c4476c 
                "UseSCTP" => $sctp,
Packit c4476c 
                "HandshakeMode" => "RenegotiateClient",
Packit c4476c 
                "ResumptionExpected" => "No",
Packit c4476c 
                "ExpectedResult" => "Success"
Packit c4476c 
            }
Packit c4476c 
        },
Packit c4476c 
    );
Packit c4476c 
    push @tests, @tests_dtls1_2;
Packit c4476c 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation