test/ssl-tests/03-custom_verify.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5 package ssltests;
   6
   7 our @tests = (
   8
   9     # Sanity-check that verification indeed succeeds without the
  10     # restrictive callback.
  11     {
  12         name => "verify-success",
  13         server => { },
  14         client => { },
  15         test   => { "ExpectedResult" => "Success" },
  16     },
  17
  18     # Same test as above but with a custom callback that always fails.
  19     {
  20         name => "verify-custom-reject",
  21         server => { },
  22         client => { },
  23         test   => {
  24             "ClientVerifyCallback" => "RejectAll",
  25             "ExpectedResult" => "ClientFail",
  26             "ClientAlert" => "HandshakeFailure",
  27         },
  28     },
  29
  30     # Same test as above but with a custom callback that always succeeds.
  31     {
  32         name => "verify-custom-allow",
  33         server => { },
  34         client => { },
  35         test   => {
  36             "ClientVerifyCallback" => "AcceptAll",
  37             "ExpectedResult" => "Success",
  38         },
  39     },
  40
  41     # Sanity-check that verification indeed succeeds if peer verification
  42     # is not requested.
  43     {
  44         name => "noverify-success",
  45         server => { },
  46         client => {
  47             "VerifyMode" => undef,
  48             "VerifyCAFile" => undef,
  49         },
  50         test   => { "ExpectedResult" => "Success" },
  51     },
  52
  53     # Same test as above but with a custom callback that always fails.
  54     # The callback return has no impact on handshake success in this mode.
  55     {
  56         name => "noverify-ignore-custom-reject",
  57         server => { },
  58         client => {
  59             "VerifyMode" => undef,
  60             "VerifyCAFile" => undef,
  61         },
  62         test   => {
  63             "ClientVerifyCallback" => "RejectAll",
  64             "ExpectedResult" => "Success",
  65         },
  66     },
  67
  68     # Same test as above but with a custom callback that always succeeds.
  69     # The callback return has no impact on handshake success in this mode.
  70     {
  71         name => "noverify-accept-custom-allow",
  72         server => { },
  73         client => {
  74             "VerifyMode" => undef,
  75             "VerifyCAFile" => undef,
  76         },
  77         test   => {
  78             "ClientVerifyCallback" => "AcceptAll",
  79             "ExpectedResult" => "Success",
  80         },
  81     },
  82
  83     # Sanity-check that verification indeed fails without the
  84     # permissive callback.
  85     {
  86         name => "verify-fail-no-root",
  87         server => { },
  88         client => {
  89             # Don't set up the client root file.
  90             "VerifyCAFile" => undef,
  91         },
  92         test   => {
  93           "ExpectedResult" => "ClientFail",
  94           "ClientAlert" => "UnknownCA",
  95         },
  96     },
  97
  98     # Same test as above but with a custom callback that always succeeds.
  99     {
 100         name => "verify-custom-success-no-root",
 101         server => { },
 102         client => {
 103             "VerifyCAFile" => undef,
 104         },
 105         test   => {
 106             "ClientVerifyCallback" => "AcceptAll",
 107             "ExpectedResult" => "Success"
 108         },
 109     },
 110
 111     # Same test as above but with a custom callback that always fails.
 112     {
 113         name => "verify-custom-fail-no-root",
 114         server => { },
 115         client => {
 116             "VerifyCAFile" => undef,
 117         },
 118         test   => {
 119             "ClientVerifyCallback" => "RejectAll",
 120             "ExpectedResult" => "ClientFail",
 121             "ClientAlert" => "HandshakeFailure",
 122         },
 123     },
 124
 125
 126
 127 );