diff options
Diffstat (limited to 'openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in')
| -rw-r--r-- | openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in new file mode 100644 index 0000000..287ca9b --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/03-custom_verify.conf.in @@ -0,0 +1,145 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## SSL test configurations + +package ssltests; + +our @tests = ( + + # Sanity-check that verification indeed succeeds without the + # restrictive callback. + { + name => "verify-success", + server => { }, + client => { }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-reject", + server => { }, + client => { + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-allow", + server => { }, + client => { + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed succeeds if peer verification + # is not requested. + { + name => "noverify-success", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + }, + test => { "ExpectedResult" => "Success" }, + }, + + # Same test as above but with a custom callback that always fails. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-ignore-custom-reject", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + # The callback return has no impact on handshake success in this mode. + { + name => "noverify-accept-custom-allow", + server => { }, + client => { + "VerifyMode" => undef, + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success", + }, + }, + + # Sanity-check that verification indeed fails without the + # permissive callback. + { + name => "verify-fail-no-root", + server => { }, + client => { + # Don't set up the client root file. + "VerifyCAFile" => undef, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "UnknownCA", + }, + }, + + # Same test as above but with a custom callback that always succeeds. + { + name => "verify-custom-success-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "AcceptAll", + }, + }, + test => { + "ExpectedResult" => "Success" + }, + }, + + # Same test as above but with a custom callback that always fails. + { + name => "verify-custom-fail-no-root", + server => { }, + client => { + "VerifyCAFile" => undef, + extra => { + "VerifyCallback" => "RejectAll", + }, + }, + test => { + "ExpectedResult" => "ClientFail", + "ExpectedClientAlert" => "HandshakeFailure", + }, + }, +); |