[thirdparty/openssl.git] / test / README.ssltest.md

# SSL tests

SSL testcases are configured in the `ssl-tests` directory.

Each `ssl_*.conf.in` file contains a number of test configurations. These files
are used to generate testcases in the OpenSSL CONF format.

The precise test output can be dependent on the library configuration. The test
harness generates the output files on the fly.

However, for verification, we also include checked-in configuration outputs
corresponding to the default configuration. These testcases live in
`test/ssl-tests/*.conf` files.

For more details, see `ssl-tests/01-simple.conf.in` for an example.

## Configuring the test

First, give your test a name. The names do not have to be unique.

An example test input looks like this:

```
    {
        name => "test-default",
        server => { "CipherString" => "DEFAULT" },
        client => { "CipherString" => "DEFAULT" },
        test   => { "ExpectedResult" => "Success" },
    }
```

The test section supports the following options

### Test mode

* Method - the method to test. One of DTLS or TLS.

* HandshakeMode - which handshake flavour to test:
  - Simple - plain handshake (default)
  - Resume - test resumption
  - RenegotiateServer - test server initiated renegotiation
  - RenegotiateClient - test client initiated renegotiation

When HandshakeMode is Resume or Renegotiate, the original handshake is expected
to succeed. All configured test expectations are verified against the second
handshake.

* ApplicationData - amount of application data bytes to send (integer, defaults
  to 256 bytes). Applies to both client and server. Application data is sent in
  64kB chunks (but limited by MaxFragmentSize and available parallelization, see
  below).

* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in
  tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to
  both client and server. Lowering the fragment size will split handshake and
  application data up between more `SSL_write` calls, thus allowing to exercise
  different code paths. In particular, if the buffer size (64kB) is at least
  four times as large as the maximum fragment, interleaved multi-buffer crypto
  implementations may be used on some platforms.

### Test expectations

* ExpectedResult - expected handshake outcome. One of
  - Success - handshake success
  - ServerFail - serverside handshake failure
  - ClientFail - clientside handshake failure
  - InternalError - some other error

* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
  `ssl_test_ctx.c` for known values. Note: the expected alert is currently
  matched against the _last_ received alert (i.e., a fatal alert or a
  `close_notify`). Warning alert expectations are not yet supported. (A warning
  alert will not be correctly matched, if followed by a `close_notify` or
  another alert.)

* ExpectedProtocol - expected negotiated protocol. One of
  SSLv3, TLSv1, TLSv1.1, TLSv1.2.

* SessionTicketExpected - whether or not a session ticket is expected
  - Ignore - do not check for a session ticket (default)
  - Yes - a session ticket is expected
  - No - a session ticket is not expected

* ResumptionExpected - whether or not resumption is expected (Resume mode only)
  - Yes - resumed handshake
  - No - full handshake (default)

* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.

* ExpectedTmpKeyType - the expected algorithm or curve of server temp key

* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
  curve of server or client certificate

* ExpectedServerSignHash, ExpectedClientSignHash - the expected
  signing hash used by server or client certificate

* ExpectedServerSignType, ExpectedClientSignType - the expected
  signature type used by server or client when signing messages

## Configuring the client and server

The client and server configurations can be any valid `SSL_CTX`
configurations. For details, see the manpages for `SSL_CONF_cmd`.

Give your configurations as a dictionary of CONF commands, e.g.

```
server => {
    "CipherString" => "DEFAULT",
    "MinProtocol" => "TLSv1",
}
```

The following sections may optionally be defined:

* server2 - this section configures a secondary context that is selected via the
  ServerName test option. This context is used whenever a ServerNameCallback is
  specified. If the server2 section is not present, then the configuration
  matches server.
* resume_server - this section configures the client to resume its session
  against a different server. This context is used whenever HandshakeMode is
  Resume. If the resume_server section is not present, then the configuration
  matches server.
* resume_client - this section configures the client to resume its session with
  a different configuration. In practice this may occur when, for example,
  upgraded clients reuse sessions persisted on disk.  This context is used
  whenever HandshakeMode is Resume. If the resume_client section is not present,
  then the configuration matches client.

### Configuring callbacks and additional options

Additional handshake settings can be configured in the `extra` section of each
client and server:

```
client => {
    "CipherString" => "DEFAULT",
    extra => {
        "ServerName" => "server2",
    }
}
```

#### Supported client-side options

* ClientVerifyCallback - the client's custom certificate verify callback.
  Used to test callback behaviour. One of
  - None - no custom callback (default)
  - AcceptAll - accepts all certificates.
  - RejectAll - rejects all certificates.

* ServerName - the server the client should attempt to connect to. One of
  - None - do not use SNI (default)
  - server1 - the initial context
  - server2 - the secondary context
  - invalid - an unknown context

* CTValidation - Certificate Transparency validation strategy. One of
  - None - no validation (default)
  - Permissive - SSL_CT_VALIDATION_PERMISSIVE
  - Strict - SSL_CT_VALIDATION_STRICT

#### Supported server-side options

* ServerNameCallback - the SNI switching callback to use
  - None - no callback (default)
  - IgnoreMismatch - continue the handshake on SNI mismatch
  - RejectMismatch - abort the handshake on SNI mismatch

* BrokenSessionTicket - a special test case where the session ticket callback
  does not initialize crypto.
  - No (default)
  - Yes

#### Mutually supported options

* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
  protocols can be specified as a comma-separated list, and a callback with the
  recommended behaviour will be installed automatically.

### Default server and client configurations

The default server certificate and CA files are added to the configurations
automatically. Server certificate verification is requested by default.

You can override these options by redefining them:

```
client => {
    "VerifyCAFile" => "/path/to/custom/file"
}
```

or by deleting them

```
client => {
    "VerifyCAFile" => undef
}
```

## Adding a test to the test harness

1. Add a new test configuration to `test/ssl-tests`, following the examples of
   existing `*.conf.in` files (for example, `01-simple.conf.in`).

2. Generate the generated `*.conf` test input file. You can do so by running
   `generate_ssl_tests.pl`:

```
$ ./config
$ cd test
$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \
  > ssl-tests/my.conf
```

where `my.conf.in` is your test input file.

For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do

```
$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
```

Alternatively (hackish but simple), you can comment out

```
unlink glob $tmp_file;
```

in `test/recipes/80-test_ssl_new.t` and run

```
$ make TESTS=test_ssl_new test
```

This will save the generated output in a `*.tmp` file in the build directory.

3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If
   the test suite has any skip conditions, update those too (see
   `test/recipes/80-test_ssl_new.t` for details).

## Running the tests with the test harness

```
HARNESS_VERBOSE=yes make TESTS=test_ssl_new test
```

## Running a test manually

These steps are only needed during development. End users should run `make test`
or follow the instructions above to run the SSL test suite.

To run an SSL test manually from the command line, the `TEST_CERTS_DIR`
environment variable to point to the location of the certs. E.g., from the root
OpenSSL directory, do

```
$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
  test/ssl-tests/01-simple.conf
```

or for shared builds

```
$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
  util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf
```

Note that the test expectations sometimes depend on the Configure settings. For
example, the negotiated protocol depends on the set of available (enabled)
protocols: a build with `enable-ssl3` has different test expectations than a
build with `no-ssl3`.

The Perl test harness automatically generates expected outputs, so users who
just run `make test` do not need any extra steps.

However, when running a test manually, keep in mind that the repository version
of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
the default Configure options. To run `ssl_test` manually from the command line
in a build with a different configuration, you may need to generate the right
`*.conf` file from the `*.conf.in` input first.
Commit	Line	Data
453dfd8d EK	1	# SSL tests
	2
	3	SSL testcases are configured in the `ssl-tests` directory.
	4
	5	Each `ssl_*.conf.in` file contains a number of test configurations. These files
	6	are used to generate testcases in the OpenSSL CONF format.
	7
	8	The precise test output can be dependent on the library configuration. The test
	9	harness generates the output files on the fly.
	10
	11	However, for verification, we also include checked-in configuration outputs
	12	corresponding to the default configuration. These testcases live in
15269e56	13	`test/ssl-tests/*.conf` files.
453dfd8d EK	14
	15	For more details, see `ssl-tests/01-simple.conf.in` for an example.
	16
	17	## Configuring the test
	18
	19	First, give your test a name. The names do not have to be unique.
	20
	21	An example test input looks like this:
	22
	23	```
	24	{
	25	name => "test-default",
	26	server => { "CipherString" => "DEFAULT" },
	27	client => { "CipherString" => "DEFAULT" },
	28	test => { "ExpectedResult" => "Success" },
	29	}
	30	```
	31
9f48bbac EK	32	The test section supports the following options
	33
	34	### Test mode
	35
	36	* Method - the method to test. One of DTLS or TLS.
	37
	38	* HandshakeMode - which handshake flavour to test:
	39	- Simple - plain handshake (default)
	40	- Resume - test resumption
fe7dd553 MC	41	- RenegotiateServer - test server initiated renegotiation
fe7dd553 MC	42	- RenegotiateClient - test client initiated renegotiation
9f48bbac EK	43
	44	When HandshakeMode is Resume or Renegotiate, the original handshake is expected
	45	to succeed. All configured test expectations are verified against the second
	46	handshake.
	47
6dc99745 EK	48	* ApplicationData - amount of application data bytes to send (integer, defaults
	49	to 256 bytes). Applies to both client and server. Application data is sent in
	50	64kB chunks (but limited by MaxFragmentSize and available parallelization, see
	51	below).
	52
	53	* MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in
	54	tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to
	55	both client and server. Lowering the fragment size will split handshake and
	56	application data up between more `SSL_write` calls, thus allowing to exercise
	57	different code paths. In particular, if the buffer size (64kB) is at least
	58	four times as large as the maximum fragment, interleaved multi-buffer crypto
	59	implementations may be used on some platforms.
	60
9f48bbac	61	### Test expectations
453dfd8d EK	62
	63	* ExpectedResult - expected handshake outcome. One of
	64	- Success - handshake success
	65	- ServerFail - serverside handshake failure
	66	- ClientFail - clientside handshake failure
	67	- InternalError - some other error
	68
9f48bbac	69	* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
dd8e5a57 EK	70	`ssl_test_ctx.c` for known values. Note: the expected alert is currently
	71	matched against the _last_ received alert (i.e., a fatal alert or a
	72	`close_notify`). Warning alert expectations are not yet supported. (A warning
	73	alert will not be correctly matched, if followed by a `close_notify` or
	74	another alert.)
453dfd8d	75
9f48bbac	76	* ExpectedProtocol - expected negotiated protocol. One of
453dfd8d EK	77	SSLv3, TLSv1, TLSv1.1, TLSv1.2.
453dfd8d EK	78
5c753de6 TS	79	* SessionTicketExpected - whether or not a session ticket is expected
	80	- Ignore - do not check for a session ticket (default)
	81	- Yes - a session ticket is expected
	82	- No - a session ticket is not expected
590ed3d7 EK	83
	84	* ResumptionExpected - whether or not resumption is expected (Resume mode only)
	85	- Yes - resumed handshake
	86	- No - full handshake (default)
	87
9f48bbac	88	* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
ce2cdac2	89
b93ad05d DSH	90	* ExpectedTmpKeyType - the expected algorithm or curve of server temp key
b93ad05d DSH	91
7289ab49	92	* ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
7f5f35af DSH	93	curve of server or client certificate
7f5f35af DSH	94
54b7f2a5	95	* ExpectedServerSignHash, ExpectedClientSignHash - the expected
ee5b6a42 DSH	96	signing hash used by server or client certificate
ee5b6a42 DSH	97
54b7f2a5 DSH	98	* ExpectedServerSignType, ExpectedClientSignType - the expected
	99	signature type used by server or client when signing messages
	100
453dfd8d EK	101	## Configuring the client and server
	102
	103	The client and server configurations can be any valid `SSL_CTX`
	104	configurations. For details, see the manpages for `SSL_CONF_cmd`.
	105
	106	Give your configurations as a dictionary of CONF commands, e.g.
	107
	108	```
	109	server => {
	110	"CipherString" => "DEFAULT",
	111	"MinProtocol" => "TLSv1",
	112	}
	113	```
	114
590ed3d7 EK	115	The following sections may optionally be defined:
	116
	117	* server2 - this section configures a secondary context that is selected via the
	118	ServerName test option. This context is used whenever a ServerNameCallback is
	119	specified. If the server2 section is not present, then the configuration
	120	matches server.
	121	* resume_server - this section configures the client to resume its session
	122	against a different server. This context is used whenever HandshakeMode is
11279b13	123	Resume. If the resume_server section is not present, then the configuration
590ed3d7	124	matches server.
11279b13 EK	125	* resume_client - this section configures the client to resume its session with
	126	a different configuration. In practice this may occur when, for example,
	127	upgraded clients reuse sessions persisted on disk. This context is used
	128	whenever HandshakeMode is Resume. If the resume_client section is not present,
	129	then the configuration matches client.
5c753de6	130
9f48bbac EK	131	### Configuring callbacks and additional options
	132
	133	Additional handshake settings can be configured in the `extra` section of each
	134	client and server:
	135
	136	```
	137	client => {
	138	"CipherString" => "DEFAULT",
	139	extra => {
	140	"ServerName" => "server2",
	141	}
	142	}
	143	```
	144
	145	#### Supported client-side options
	146
	147	* ClientVerifyCallback - the client's custom certificate verify callback.
	148	Used to test callback behaviour. One of
	149	- None - no custom callback (default)
	150	- AcceptAll - accepts all certificates.
	151	- RejectAll - rejects all certificates.
	152
	153	* ServerName - the server the client should attempt to connect to. One of
	154	- None - do not use SNI (default)
	155	- server1 - the initial context
	156	- server2 - the secondary context
	157	- invalid - an unknown context
	158
da085d27 EK	159	* CTValidation - Certificate Transparency validation strategy. One of
	160	- None - no validation (default)
	161	- Permissive - SSL_CT_VALIDATION_PERMISSIVE
	162	- Strict - SSL_CT_VALIDATION_STRICT
	163
9f48bbac EK	164	#### Supported server-side options
	165
	166	* ServerNameCallback - the SNI switching callback to use
	167	- None - no callback (default)
	168	- IgnoreMismatch - continue the handshake on SNI mismatch
	169	- RejectMismatch - abort the handshake on SNI mismatch
	170
	171	* BrokenSessionTicket - a special test case where the session ticket callback
	172	does not initialize crypto.
	173	- No (default)
	174	- Yes
	175
	176	#### Mutually supported options
	177
	178	* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
	179	protocols can be specified as a comma-separated list, and a callback with the
	180	recommended behaviour will be installed automatically.
	181
453dfd8d EK	182	### Default server and client configurations
	183
	184	The default server certificate and CA files are added to the configurations
	185	automatically. Server certificate verification is requested by default.
	186
	187	You can override these options by redefining them:
	188
	189	```
	190	client => {
	191	"VerifyCAFile" => "/path/to/custom/file"
	192	}
	193	```
	194
	195	or by deleting them
	196
	197	```
	198	client => {
	199	"VerifyCAFile" => undef
	200	}
	201	```
	202
	203	## Adding a test to the test harness
	204
15269e56 EK	205	1. Add a new test configuration to `test/ssl-tests`, following the examples of
	206	existing `*.conf.in` files (for example, `01-simple.conf.in`).
	207
	208	2. Generate the generated `*.conf` test input file. You can do so by running
	209	`generate_ssl_tests.pl`:
	210
	211	```
	212	$ ./config
	213	$ cd test
	214	$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \
	215	> ssl-tests/my.conf
	216	```
	217
	218	where `my.conf.in` is your test input file.
	219
	220	For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
	221
	222	```
	223	$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
	224	```
	225
	226	Alternatively (hackish but simple), you can comment out
	227
	228	```
	229	unlink glob $tmp_file;
	230	```
	231
	232	in `test/recipes/80-test_ssl_new.t` and run
	233
	234	```
	235	$ make TESTS=test_ssl_new test
	236	```
	237
	238	This will save the generated output in a `*.tmp` file in the build directory.
	239
	240	3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If
	241	the test suite has any skip conditions, update those too (see
	242	`test/recipes/80-test_ssl_new.t` for details).
453dfd8d EK	243
	244	## Running the tests with the test harness
	245
	246	```
	247	HARNESS_VERBOSE=yes make TESTS=test_ssl_new test
	248	```
	249
	250	## Running a test manually
	251
	252	These steps are only needed during development. End users should run `make test`
	253	or follow the instructions above to run the SSL test suite.
	254
	255	To run an SSL test manually from the command line, the `TEST_CERTS_DIR`
	256	environment variable to point to the location of the certs. E.g., from the root
	257	OpenSSL directory, do
	258
	259	```
1329b952 MC	260	$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
1329b952 MC	261	test/ssl-tests/01-simple.conf
453dfd8d EK	262	```
	263
	264	or for shared builds
	265
	266	```
1329b952 MC	267	$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \
1329b952 MC	268	util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf
453dfd8d EK	269	```
	270
	271	Note that the test expectations sometimes depend on the Configure settings. For
	272	example, the negotiated protocol depends on the set of available (enabled)
	273	protocols: a build with `enable-ssl3` has different test expectations than a
	274	build with `no-ssl3`.
	275
	276	The Perl test harness automatically generates expected outputs, so users who
	277	just run `make test` do not need any extra steps.
	278
	279	However, when running a test manually, keep in mind that the repository version
	280	of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
	281	the default Configure options. To run `ssl_test` manually from the command line
	282	in a build with a different configuration, you may need to generate the right
	283	`.conf` file from the `.conf.in` input first.