[thirdparty/openssl.git] / test / ssl-tests / 03-custom_verify.cnf.in

# -*- mode: perl; -*-
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


## SSL test configurations

package ssltests;

our @tests = (

    # Sanity-check that verification indeed succeeds without the
    # restrictive callback.
    {
        name => "verify-success",
        server => { },
        client => { },
        test   => { "ExpectedResult" => "Success" },
    },

    # Same test as above but with a custom callback that always fails.
    {
        name => "verify-custom-reject",
        server => { },
        client => {
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "ClientFail",
            "ExpectedClientAlert" => "HandshakeFailure",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    {
        name => "verify-custom-allow",
        server => { },
        client => {
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Same test as above but with a custom callback that requests retry once.
    {
        name => "verify-custom-retry",
        server => { },
        client => {
            extra => {
                "VerifyCallback" => "RetryOnce",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Sanity-check that verification indeed succeeds if peer verification
    # is not requested.
    {
        name => "noverify-success",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
        },
        test   => { "ExpectedResult" => "Success" },
    },

    # Same test as above but with a custom callback that always fails.
    # The callback return has no impact on handshake success in this mode.
    {
        name => "noverify-ignore-custom-reject",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    # The callback return has no impact on handshake success in this mode.
    {
        name => "noverify-accept-custom-allow",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Sanity-check that verification indeed fails without the
    # permissive callback.
    {
        name => "verify-fail-no-root",
        server => { },
        client => {
            # Don't set up the client root file.
            "VerifyCAFile" => undef,
        },
        test   => {
          "ExpectedResult" => "ClientFail",
          "ExpectedClientAlert" => "UnknownCA",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    {
        name => "verify-custom-success-no-root",
        server => { },
        client => {
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success"
        },
    },

    # Same test as above but with a custom callback that always fails.
    {
        name => "verify-custom-fail-no-root",
        server => { },
        client => {
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "ClientFail",
            "ExpectedClientAlert" => "HandshakeFailure",
        },
    },
);
Commit	Line	Data
a263f320	1	# -- mode: perl; --
4333b89f	2	# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
44c8a5e2	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
44c8a5e2 RS	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
a263f320 EK	9
	10	## SSL test configurations
	11
	12	package ssltests;
	13
	14	our @tests = (
	15
	16	# Sanity-check that verification indeed succeeds without the
	17	# restrictive callback.
	18	{
	19	name => "verify-success",
	20	server => { },
	21	client => { },
	22	test => { "ExpectedResult" => "Success" },
	23	},
	24
	25	# Same test as above but with a custom callback that always fails.
	26	{
	27	name => "verify-custom-reject",
	28	server => { },
9f48bbac EK	29	client => {
	30	extra => {
	31	"VerifyCallback" => "RejectAll",
	32	},
	33	},
a263f320	34	test => {
a263f320	35	"ExpectedResult" => "ClientFail",
9f48bbac	36	"ExpectedClientAlert" => "HandshakeFailure",
a263f320 EK	37	},
	38	},
	39
	40	# Same test as above but with a custom callback that always succeeds.
	41	{
	42	name => "verify-custom-allow",
	43	server => { },
9f48bbac EK	44	client => {
	45	extra => {
	46	"VerifyCallback" => "AcceptAll",
	47	},
	48	},
a263f320	49	test => {
a263f320 EK	50	"ExpectedResult" => "Success",
	51	},
	52	},
	53
0c3eb279 DDO	54	# Same test as above but with a custom callback that requests retry once.
	55	{
	56	name => "verify-custom-retry",
	57	server => { },
	58	client => {
	59	extra => {
	60	"VerifyCallback" => "RetryOnce",
	61	},
	62	},
	63	test => {
	64	"ExpectedResult" => "Success",
	65	},
	66	},
	67
a263f320 EK	68	# Sanity-check that verification indeed succeeds if peer verification
	69	# is not requested.
	70	{
	71	name => "noverify-success",
	72	server => { },
	73	client => {
	74	"VerifyMode" => undef,
	75	"VerifyCAFile" => undef,
	76	},
	77	test => { "ExpectedResult" => "Success" },
	78	},
	79
	80	# Same test as above but with a custom callback that always fails.
	81	# The callback return has no impact on handshake success in this mode.
	82	{
	83	name => "noverify-ignore-custom-reject",
	84	server => { },
	85	client => {
	86	"VerifyMode" => undef,
	87	"VerifyCAFile" => undef,
9f48bbac EK	88	extra => {
	89	"VerifyCallback" => "RejectAll",
	90	},
a263f320 EK	91	},
a263f320 EK	92	test => {
a263f320 EK	93	"ExpectedResult" => "Success",
	94	},
	95	},
	96
	97	# Same test as above but with a custom callback that always succeeds.
	98	# The callback return has no impact on handshake success in this mode.
	99	{
	100	name => "noverify-accept-custom-allow",
	101	server => { },
	102	client => {
	103	"VerifyMode" => undef,
	104	"VerifyCAFile" => undef,
9f48bbac EK	105	extra => {
	106	"VerifyCallback" => "AcceptAll",
	107	},
a263f320 EK	108	},
a263f320 EK	109	test => {
a263f320 EK	110	"ExpectedResult" => "Success",
	111	},
	112	},
	113
	114	# Sanity-check that verification indeed fails without the
	115	# permissive callback.
	116	{
	117	name => "verify-fail-no-root",
	118	server => { },
	119	client => {
	120	# Don't set up the client root file.
	121	"VerifyCAFile" => undef,
	122	},
	123	test => {
	124	"ExpectedResult" => "ClientFail",
9f48bbac	125	"ExpectedClientAlert" => "UnknownCA",
a263f320 EK	126	},
	127	},
	128
	129	# Same test as above but with a custom callback that always succeeds.
	130	{
	131	name => "verify-custom-success-no-root",
	132	server => { },
	133	client => {
	134	"VerifyCAFile" => undef,
9f48bbac EK	135	extra => {
	136	"VerifyCallback" => "AcceptAll",
	137	},
a263f320 EK	138	},
a263f320 EK	139	test => {
a263f320 EK	140	"ExpectedResult" => "Success"
	141	},
	142	},
	143
	144	# Same test as above but with a custom callback that always fails.
	145	{
	146	name => "verify-custom-fail-no-root",
	147	server => { },
	148	client => {
	149	"VerifyCAFile" => undef,
9f48bbac EK	150	extra => {
	151	"VerifyCallback" => "RejectAll",
	152	},
a263f320 EK	153	},
a263f320 EK	154	test => {
a263f320	155	"ExpectedResult" => "ClientFail",
9f48bbac	156	"ExpectedClientAlert" => "HandshakeFailure",
a263f320 EK	157	},
a263f320 EK	158	},
a263f320	159	);