]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/ssl-tests/03-custom_verify.cnf.in
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use .cnf for config files, not .conf
[thirdparty/openssl.git] / test / ssl-tests / 03-custom_verify.cnf.in
1 # -*- mode: perl; -*-
2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## SSL test configurations
11
12 package ssltests;
13
14 our @tests = (
15
16 # Sanity-check that verification indeed succeeds without the
17 # restrictive callback.
18 {
19 name => "verify-success",
20 server => { },
21 client => { },
22 test => { "ExpectedResult" => "Success" },
23 },
24
25 # Same test as above but with a custom callback that always fails.
26 {
27 name => "verify-custom-reject",
28 server => { },
29 client => {
30 extra => {
31 "VerifyCallback" => "RejectAll",
32 },
33 },
34 test => {
35 "ExpectedResult" => "ClientFail",
36 "ExpectedClientAlert" => "HandshakeFailure",
37 },
38 },
39
40 # Same test as above but with a custom callback that always succeeds.
41 {
42 name => "verify-custom-allow",
43 server => { },
44 client => {
45 extra => {
46 "VerifyCallback" => "AcceptAll",
47 },
48 },
49 test => {
50 "ExpectedResult" => "Success",
51 },
52 },
53
54 # Sanity-check that verification indeed succeeds if peer verification
55 # is not requested.
56 {
57 name => "noverify-success",
58 server => { },
59 client => {
60 "VerifyMode" => undef,
61 "VerifyCAFile" => undef,
62 },
63 test => { "ExpectedResult" => "Success" },
64 },
65
66 # Same test as above but with a custom callback that always fails.
67 # The callback return has no impact on handshake success in this mode.
68 {
69 name => "noverify-ignore-custom-reject",
70 server => { },
71 client => {
72 "VerifyMode" => undef,
73 "VerifyCAFile" => undef,
74 extra => {
75 "VerifyCallback" => "RejectAll",
76 },
77 },
78 test => {
79 "ExpectedResult" => "Success",
80 },
81 },
82
83 # Same test as above but with a custom callback that always succeeds.
84 # The callback return has no impact on handshake success in this mode.
85 {
86 name => "noverify-accept-custom-allow",
87 server => { },
88 client => {
89 "VerifyMode" => undef,
90 "VerifyCAFile" => undef,
91 extra => {
92 "VerifyCallback" => "AcceptAll",
93 },
94 },
95 test => {
96 "ExpectedResult" => "Success",
97 },
98 },
99
100 # Sanity-check that verification indeed fails without the
101 # permissive callback.
102 {
103 name => "verify-fail-no-root",
104 server => { },
105 client => {
106 # Don't set up the client root file.
107 "VerifyCAFile" => undef,
108 },
109 test => {
110 "ExpectedResult" => "ClientFail",
111 "ExpectedClientAlert" => "UnknownCA",
112 },
113 },
114
115 # Same test as above but with a custom callback that always succeeds.
116 {
117 name => "verify-custom-success-no-root",
118 server => { },
119 client => {
120 "VerifyCAFile" => undef,
121 extra => {
122 "VerifyCallback" => "AcceptAll",
123 },
124 },
125 test => {
126 "ExpectedResult" => "Success"
127 },
128 },
129
130 # Same test as above but with a custom callback that always fails.
131 {
132 name => "verify-custom-fail-no-root",
133 server => { },
134 client => {
135 "VerifyCAFile" => undef,
136 extra => {
137 "VerifyCallback" => "RejectAll",
138 },
139 },
140 test => {
141 "ExpectedResult" => "ClientFail",
142 "ExpectedClientAlert" => "HandshakeFailure",
143 },
144 },
145 );
A mirror of the official openssl repository