From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- .../test/ssl-tests/04-client_auth.conf.in | 123 +++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in (limited to 'openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in') diff --git a/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in new file mode 100644 index 0000000..8738aaa --- /dev/null +++ b/openssl-1.1.0h/test/ssl-tests/04-client_auth.conf.in @@ -0,0 +1,123 @@ +# -*- mode: perl; -*- + +## SSL test configurations + +package ssltests; + +use strict; +use warnings; + +use OpenSSL::Test; +use OpenSSL::Test::Utils qw(anydisabled); +setup("no_test_here"); + +# We test version-flexible negotiation (undef) and each protocol version. +my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); + +my @is_disabled = (0); +push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + +our @tests = (); + +sub generate_tests() { + + foreach (0..$#protocols) { + my $protocol = $protocols[$_]; + my $protocol_name = $protocol || "flex"; + my $caalert; + if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } + # Sanity-check simple handshake. + push @tests, { + name => "server-auth-${protocol_name}", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert requested but not required or received. + push @tests, { + name => "client-auth-${protocol_name}-request", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client cert required but not present. + push @tests, { + name => "client-auth-${protocol_name}-require-fail", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => "HandshakeFailure", + }, + }; + + # Successful handshake with client authentication. + push @tests, { + name => "client-auth-${protocol_name}-require", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Request", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { "ExpectedResult" => "Success" }, + }; + + # Handshake with client authentication but without the root certificate. + push @tests, { + name => "client-auth-${protocol_name}-noroot", + server => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Require", + }, + client => { + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "Certificate" => test_pem("ee-client-chain.pem"), + "PrivateKey" => test_pem("ee-key.pem"), + }, + test => { + "ExpectedResult" => "ServerFail", + "ExpectedServerAlert" => $caalert, + }, + }; + } + } +} + +generate_tests(); -- cgit v1.2.3