From 78cbe94f89417150d5d334f6c02ed697f62029fe Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 22 Jun 2016 16:34:26 +0100 Subject: [PATCH] Fix Client Auth tests MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The Client Auth tests were not correctly setting the Protocol, so that this aspect had no effect. It was testing the same thing lots of times for TLSv1.2 every time. Reviewed-by: Emilia Käsper --- test/ssl-tests/04-client_auth.conf | 90 ++++++++++++++++++--------- test/ssl-tests/04-client_auth.conf.in | 32 ++++++---- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 02cba53d5a8..04bb2345b98 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -161,12 +161,14 @@ client = 5-server-auth-TLSv1-client [5-server-auth-TLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 [5-server-auth-TLSv1-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -186,13 +188,15 @@ client = 6-client-auth-TLSv1-request-client [6-client-auth-TLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Request [6-client-auth-TLSv1-request-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -212,14 +216,16 @@ client = 7-client-auth-TLSv1-require-fail-client [7-client-auth-TLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [7-client-auth-TLSv1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -240,16 +246,18 @@ client = 8-client-auth-TLSv1-require-client [8-client-auth-TLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [8-client-auth-TLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -269,15 +277,17 @@ client = 9-client-auth-TLSv1-noroot-client [9-client-auth-TLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Require [9-client-auth-TLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -298,12 +308,14 @@ client = 10-server-auth-TLSv1.1-client [10-server-auth-TLSv1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 [10-server-auth-TLSv1.1-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -323,13 +335,15 @@ client = 11-client-auth-TLSv1.1-request-client [11-client-auth-TLSv1.1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Request [11-client-auth-TLSv1.1-request-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -349,14 +363,16 @@ client = 12-client-auth-TLSv1.1-require-fail-client [12-client-auth-TLSv1.1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [12-client-auth-TLSv1.1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -377,16 +393,18 @@ client = 13-client-auth-TLSv1.1-require-client [13-client-auth-TLSv1.1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [13-client-auth-TLSv1.1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -406,15 +424,17 @@ client = 14-client-auth-TLSv1.1-noroot-client [14-client-auth-TLSv1.1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Require [14-client-auth-TLSv1.1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -435,12 +455,14 @@ client = 15-server-auth-TLSv1.2-client [15-server-auth-TLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 [15-server-auth-TLSv1.2-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -460,13 +482,15 @@ client = 16-client-auth-TLSv1.2-request-client [16-client-auth-TLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Request [16-client-auth-TLSv1.2-request-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -486,14 +510,16 @@ client = 17-client-auth-TLSv1.2-require-fail-client [17-client-auth-TLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [17-client-auth-TLSv1.2-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -514,16 +540,18 @@ client = 18-client-auth-TLSv1.2-require-client [18-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [18-client-auth-TLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -543,15 +571,17 @@ client = 19-client-auth-TLSv1.2-noroot-client [19-client-auth-TLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Require [19-client-auth-TLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 36d13df04d6..e1044f9ebc4 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -31,10 +31,12 @@ sub generate_tests() { push @tests, { name => "server-auth-${protocol_name}", server => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -43,11 +45,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-request", server => { - "Protocol" => $protocol, - "VerifyMode" => "Request", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -56,12 +60,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require-fail", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "ServerFail", @@ -73,12 +79,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Request", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", }, @@ -89,11 +97,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-noroot", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", }, -- 2.47.3