]>
Commit | Line | Data |
---|---|---|
a263f320 | 1 | # -*- mode: perl; -*- |
4333b89f | 2 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. |
44c8a5e2 | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
44c8a5e2 RS |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
a263f320 EK |
9 | |
10 | ## SSL test configurations | |
11 | ||
12 | package ssltests; | |
13 | ||
14 | our @tests = ( | |
15 | ||
16 | # Sanity-check that verification indeed succeeds without the | |
17 | # restrictive callback. | |
18 | { | |
19 | name => "verify-success", | |
20 | server => { }, | |
21 | client => { }, | |
22 | test => { "ExpectedResult" => "Success" }, | |
23 | }, | |
24 | ||
25 | # Same test as above but with a custom callback that always fails. | |
26 | { | |
27 | name => "verify-custom-reject", | |
28 | server => { }, | |
9f48bbac EK |
29 | client => { |
30 | extra => { | |
31 | "VerifyCallback" => "RejectAll", | |
32 | }, | |
33 | }, | |
a263f320 | 34 | test => { |
a263f320 | 35 | "ExpectedResult" => "ClientFail", |
9f48bbac | 36 | "ExpectedClientAlert" => "HandshakeFailure", |
a263f320 EK |
37 | }, |
38 | }, | |
39 | ||
40 | # Same test as above but with a custom callback that always succeeds. | |
41 | { | |
42 | name => "verify-custom-allow", | |
43 | server => { }, | |
9f48bbac EK |
44 | client => { |
45 | extra => { | |
46 | "VerifyCallback" => "AcceptAll", | |
47 | }, | |
48 | }, | |
a263f320 | 49 | test => { |
a263f320 EK |
50 | "ExpectedResult" => "Success", |
51 | }, | |
52 | }, | |
53 | ||
0c3eb279 DDO |
54 | # Same test as above but with a custom callback that requests retry once. |
55 | { | |
56 | name => "verify-custom-retry", | |
57 | server => { }, | |
58 | client => { | |
59 | extra => { | |
60 | "VerifyCallback" => "RetryOnce", | |
61 | }, | |
62 | }, | |
63 | test => { | |
64 | "ExpectedResult" => "Success", | |
65 | }, | |
66 | }, | |
67 | ||
a263f320 EK |
68 | # Sanity-check that verification indeed succeeds if peer verification |
69 | # is not requested. | |
70 | { | |
71 | name => "noverify-success", | |
72 | server => { }, | |
73 | client => { | |
74 | "VerifyMode" => undef, | |
75 | "VerifyCAFile" => undef, | |
76 | }, | |
77 | test => { "ExpectedResult" => "Success" }, | |
78 | }, | |
79 | ||
80 | # Same test as above but with a custom callback that always fails. | |
81 | # The callback return has no impact on handshake success in this mode. | |
82 | { | |
83 | name => "noverify-ignore-custom-reject", | |
84 | server => { }, | |
85 | client => { | |
86 | "VerifyMode" => undef, | |
87 | "VerifyCAFile" => undef, | |
9f48bbac EK |
88 | extra => { |
89 | "VerifyCallback" => "RejectAll", | |
90 | }, | |
a263f320 EK |
91 | }, |
92 | test => { | |
a263f320 EK |
93 | "ExpectedResult" => "Success", |
94 | }, | |
95 | }, | |
96 | ||
97 | # Same test as above but with a custom callback that always succeeds. | |
98 | # The callback return has no impact on handshake success in this mode. | |
99 | { | |
100 | name => "noverify-accept-custom-allow", | |
101 | server => { }, | |
102 | client => { | |
103 | "VerifyMode" => undef, | |
104 | "VerifyCAFile" => undef, | |
9f48bbac EK |
105 | extra => { |
106 | "VerifyCallback" => "AcceptAll", | |
107 | }, | |
a263f320 EK |
108 | }, |
109 | test => { | |
a263f320 EK |
110 | "ExpectedResult" => "Success", |
111 | }, | |
112 | }, | |
113 | ||
114 | # Sanity-check that verification indeed fails without the | |
115 | # permissive callback. | |
116 | { | |
117 | name => "verify-fail-no-root", | |
118 | server => { }, | |
119 | client => { | |
120 | # Don't set up the client root file. | |
121 | "VerifyCAFile" => undef, | |
122 | }, | |
123 | test => { | |
124 | "ExpectedResult" => "ClientFail", | |
9f48bbac | 125 | "ExpectedClientAlert" => "UnknownCA", |
a263f320 EK |
126 | }, |
127 | }, | |
128 | ||
129 | # Same test as above but with a custom callback that always succeeds. | |
130 | { | |
131 | name => "verify-custom-success-no-root", | |
132 | server => { }, | |
133 | client => { | |
134 | "VerifyCAFile" => undef, | |
9f48bbac EK |
135 | extra => { |
136 | "VerifyCallback" => "AcceptAll", | |
137 | }, | |
a263f320 EK |
138 | }, |
139 | test => { | |
a263f320 EK |
140 | "ExpectedResult" => "Success" |
141 | }, | |
142 | }, | |
143 | ||
144 | # Same test as above but with a custom callback that always fails. | |
145 | { | |
146 | name => "verify-custom-fail-no-root", | |
147 | server => { }, | |
148 | client => { | |
149 | "VerifyCAFile" => undef, | |
9f48bbac EK |
150 | extra => { |
151 | "VerifyCallback" => "RejectAll", | |
152 | }, | |
a263f320 EK |
153 | }, |
154 | test => { | |
a263f320 | 155 | "ExpectedResult" => "ClientFail", |
9f48bbac | 156 | "ExpectedClientAlert" => "HandshakeFailure", |
a263f320 EK |
157 | }, |
158 | }, | |
a263f320 | 159 | ); |