]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/ssl-tests/03-custom_verify.conf.in
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add final(?) set of copyrights.
[thirdparty/openssl.git] / test / ssl-tests / 03-custom_verify.conf.in
1 # -*- mode: perl; -*-
2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## SSL test configurations
11
12 package ssltests;
13
14 our @tests = (
15
16 # Sanity-check that verification indeed succeeds without the
17 # restrictive callback.
18 {
19 name => "verify-success",
20 server => { },
21 client => { },
22 test => { "ExpectedResult" => "Success" },
23 },
24
25 # Same test as above but with a custom callback that always fails.
26 {
27 name => "verify-custom-reject",
28 server => { },
29 client => { },
30 test => {
31 "ClientVerifyCallback" => "RejectAll",
32 "ExpectedResult" => "ClientFail",
33 "ClientAlert" => "HandshakeFailure",
34 },
35 },
36
37 # Same test as above but with a custom callback that always succeeds.
38 {
39 name => "verify-custom-allow",
40 server => { },
41 client => { },
42 test => {
43 "ClientVerifyCallback" => "AcceptAll",
44 "ExpectedResult" => "Success",
45 },
46 },
47
48 # Sanity-check that verification indeed succeeds if peer verification
49 # is not requested.
50 {
51 name => "noverify-success",
52 server => { },
53 client => {
54 "VerifyMode" => undef,
55 "VerifyCAFile" => undef,
56 },
57 test => { "ExpectedResult" => "Success" },
58 },
59
60 # Same test as above but with a custom callback that always fails.
61 # The callback return has no impact on handshake success in this mode.
62 {
63 name => "noverify-ignore-custom-reject",
64 server => { },
65 client => {
66 "VerifyMode" => undef,
67 "VerifyCAFile" => undef,
68 },
69 test => {
70 "ClientVerifyCallback" => "RejectAll",
71 "ExpectedResult" => "Success",
72 },
73 },
74
75 # Same test as above but with a custom callback that always succeeds.
76 # The callback return has no impact on handshake success in this mode.
77 {
78 name => "noverify-accept-custom-allow",
79 server => { },
80 client => {
81 "VerifyMode" => undef,
82 "VerifyCAFile" => undef,
83 },
84 test => {
85 "ClientVerifyCallback" => "AcceptAll",
86 "ExpectedResult" => "Success",
87 },
88 },
89
90 # Sanity-check that verification indeed fails without the
91 # permissive callback.
92 {
93 name => "verify-fail-no-root",
94 server => { },
95 client => {
96 # Don't set up the client root file.
97 "VerifyCAFile" => undef,
98 },
99 test => {
100 "ExpectedResult" => "ClientFail",
101 "ClientAlert" => "UnknownCA",
102 },
103 },
104
105 # Same test as above but with a custom callback that always succeeds.
106 {
107 name => "verify-custom-success-no-root",
108 server => { },
109 client => {
110 "VerifyCAFile" => undef,
111 },
112 test => {
113 "ClientVerifyCallback" => "AcceptAll",
114 "ExpectedResult" => "Success"
115 },
116 },
117
118 # Same test as above but with a custom callback that always fails.
119 {
120 name => "verify-custom-fail-no-root",
121 server => { },
122 client => {
123 "VerifyCAFile" => undef,
124 },
125 test => {
126 "ClientVerifyCallback" => "RejectAll",
127 "ExpectedResult" => "ClientFail",
128 "ClientAlert" => "HandshakeFailure",
129 },
130 },
131
132
133
134 );
A mirror of the official openssl repository