]>
Commit | Line | Data |
---|---|---|
1 | # -*- mode: perl; -*- | |
2 | # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | ## SSL test configurations | |
11 | ||
12 | package ssltests; | |
13 | ||
14 | our @tests = ( | |
15 | ||
16 | # Sanity-check that verification indeed succeeds without the | |
17 | # restrictive callback. | |
18 | { | |
19 | name => "verify-success", | |
20 | server => { }, | |
21 | client => { }, | |
22 | test => { "ExpectedResult" => "Success" }, | |
23 | }, | |
24 | ||
25 | # Same test as above but with a custom callback that always fails. | |
26 | { | |
27 | name => "verify-custom-reject", | |
28 | server => { }, | |
29 | client => { | |
30 | extra => { | |
31 | "VerifyCallback" => "RejectAll", | |
32 | }, | |
33 | }, | |
34 | test => { | |
35 | "ExpectedResult" => "ClientFail", | |
36 | "ExpectedClientAlert" => "HandshakeFailure", | |
37 | }, | |
38 | }, | |
39 | ||
40 | # Same test as above but with a custom callback that always succeeds. | |
41 | { | |
42 | name => "verify-custom-allow", | |
43 | server => { }, | |
44 | client => { | |
45 | extra => { | |
46 | "VerifyCallback" => "AcceptAll", | |
47 | }, | |
48 | }, | |
49 | test => { | |
50 | "ExpectedResult" => "Success", | |
51 | }, | |
52 | }, | |
53 | ||
54 | # Same test as above but with a custom callback that requests retry once. | |
55 | { | |
56 | name => "verify-custom-retry", | |
57 | server => { }, | |
58 | client => { | |
59 | extra => { | |
60 | "VerifyCallback" => "RetryOnce", | |
61 | }, | |
62 | }, | |
63 | test => { | |
64 | "ExpectedResult" => "Success", | |
65 | }, | |
66 | }, | |
67 | ||
68 | # Sanity-check that verification indeed succeeds if peer verification | |
69 | # is not requested. | |
70 | { | |
71 | name => "noverify-success", | |
72 | server => { }, | |
73 | client => { | |
74 | "VerifyMode" => undef, | |
75 | "VerifyCAFile" => undef, | |
76 | }, | |
77 | test => { "ExpectedResult" => "Success" }, | |
78 | }, | |
79 | ||
80 | # Same test as above but with a custom callback that always fails. | |
81 | # The callback return has no impact on handshake success in this mode. | |
82 | { | |
83 | name => "noverify-ignore-custom-reject", | |
84 | server => { }, | |
85 | client => { | |
86 | "VerifyMode" => undef, | |
87 | "VerifyCAFile" => undef, | |
88 | extra => { | |
89 | "VerifyCallback" => "RejectAll", | |
90 | }, | |
91 | }, | |
92 | test => { | |
93 | "ExpectedResult" => "Success", | |
94 | }, | |
95 | }, | |
96 | ||
97 | # Same test as above but with a custom callback that always succeeds. | |
98 | # The callback return has no impact on handshake success in this mode. | |
99 | { | |
100 | name => "noverify-accept-custom-allow", | |
101 | server => { }, | |
102 | client => { | |
103 | "VerifyMode" => undef, | |
104 | "VerifyCAFile" => undef, | |
105 | extra => { | |
106 | "VerifyCallback" => "AcceptAll", | |
107 | }, | |
108 | }, | |
109 | test => { | |
110 | "ExpectedResult" => "Success", | |
111 | }, | |
112 | }, | |
113 | ||
114 | # Sanity-check that verification indeed fails without the | |
115 | # permissive callback. | |
116 | { | |
117 | name => "verify-fail-no-root", | |
118 | server => { }, | |
119 | client => { | |
120 | # Don't set up the client root file. | |
121 | "VerifyCAFile" => undef, | |
122 | }, | |
123 | test => { | |
124 | "ExpectedResult" => "ClientFail", | |
125 | "ExpectedClientAlert" => "UnknownCA", | |
126 | }, | |
127 | }, | |
128 | ||
129 | # Same test as above but with a custom callback that always succeeds. | |
130 | { | |
131 | name => "verify-custom-success-no-root", | |
132 | server => { }, | |
133 | client => { | |
134 | "VerifyCAFile" => undef, | |
135 | extra => { | |
136 | "VerifyCallback" => "AcceptAll", | |
137 | }, | |
138 | }, | |
139 | test => { | |
140 | "ExpectedResult" => "Success" | |
141 | }, | |
142 | }, | |
143 | ||
144 | # Same test as above but with a custom callback that always fails. | |
145 | { | |
146 | name => "verify-custom-fail-no-root", | |
147 | server => { }, | |
148 | client => { | |
149 | "VerifyCAFile" => undef, | |
150 | extra => { | |
151 | "VerifyCallback" => "RejectAll", | |
152 | }, | |
153 | }, | |
154 | test => { | |
155 | "ExpectedResult" => "ClientFail", | |
156 | "ExpectedClientAlert" => "HandshakeFailure", | |
157 | }, | |
158 | }, | |
159 | ); |