3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
24 sub generate_tests() {
26 foreach (0..$#protocols) {
27 my $protocol = $protocols[$_];
28 my $protocol_name = $protocol || "flex";
30 if (!$is_disabled[$_]) {
31 if ($protocol_name eq "SSLv3") {
32 $caalert = "BadCertificate";
34 $caalert = "UnknownCA";
39 # TODO(TLS1.3) add TLSv1.3 versions
40 if ($protocol_name eq "TLSv1.2") {
43 $clisigalgs = "SHA256+RSA";
45 # Sanity-check simple handshake.
47 name => "server-auth-${protocol_name}",
49 "MinProtocol" => $protocol,
50 "MaxProtocol" => $protocol
53 "MinProtocol" => $protocol,
54 "MaxProtocol" => $protocol
56 test => { "ExpectedResult" => "Success" },
59 # Handshake with client cert requested but not required or received.
61 name => "client-auth-${protocol_name}-request",
63 "MinProtocol" => $protocol,
64 "MaxProtocol" => $protocol,
65 "VerifyMode" => "Request"
68 "MinProtocol" => $protocol,
69 "MaxProtocol" => $protocol
71 test => { "ExpectedResult" => "Success" },
74 # Handshake with client cert required but not present.
76 name => "client-auth-${protocol_name}-require-fail",
78 "MinProtocol" => $protocol,
79 "MaxProtocol" => $protocol,
80 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
81 "VerifyMode" => "Require",
84 "MinProtocol" => $protocol,
85 "MaxProtocol" => $protocol
88 "ExpectedResult" => "ServerFail",
89 "ExpectedServerAlert" => "HandshakeFailure",
93 # Successful handshake with client authentication.
95 name => "client-auth-${protocol_name}-require",
97 "MinProtocol" => $protocol,
98 "MaxProtocol" => $protocol,
99 "ClientSignatureAlgorithms" => $clisigalgs,
100 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
101 "VerifyMode" => "Request",
104 "MinProtocol" => $protocol,
105 "MaxProtocol" => $protocol,
106 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
107 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
109 test => { "ExpectedResult" => "Success",
110 "ExpectedClientCertType" => "RSA",
111 "ExpectedClientSignType" => $clisigtype,
112 "ExpectedClientSignHash" => $clihash,
116 # Handshake with client authentication but without the root certificate.
118 name => "client-auth-${protocol_name}-noroot",
120 "MinProtocol" => $protocol,
121 "MaxProtocol" => $protocol,
122 "VerifyMode" => "Require",
125 "MinProtocol" => $protocol,
126 "MaxProtocol" => $protocol,
127 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
128 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
131 "ExpectedResult" => "ServerFail",
132 "ExpectedServerAlert" => $caalert,