test/ssl-tests/04-client_auth.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5 package ssltests;
   6
   7 use strict;
   8 use warnings;
   9
  10 use OpenSSL::Test;
  11 use OpenSSL::Test::Utils qw(anydisabled);
  12 setup("no_test_here");
  13
  14 # We test version-flexible negotiation (undef) and each protocol version.
  15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
  16
  17 my @is_disabled = (0);
  18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
  19
  20 our @tests = ();
  21
  22 my $dir_sep = $^O ne "VMS" ? "/" : "";
  23
  24 sub generate_tests() {
  25
  26     foreach (0..$#protocols) {
  27         my $protocol = $protocols[$_];
  28         my $protocol_name = $protocol || "flex";
  29         my $caalert;
  30         if (!$is_disabled[$_]) {
  31             if ($protocol_name eq "SSLv3") {
  32                 $caalert = "BadCertificate";
  33             } else {
  34                 $caalert = "UnknownCA";
  35             }
  36             # Sanity-check simple handshake.
  37             push @tests, {
  38                 name => "server-auth-${protocol_name}",
  39                 server => {
  40                     "MinProtocol" => $protocol,
  41                     "MaxProtocol" => $protocol
  42                 },
  43                 client => {
  44                     "MinProtocol" => $protocol,
  45                     "MaxProtocol" => $protocol
  46                 },
  47                 test   => { "ExpectedResult" => "Success" },
  48             };
  49
  50             # Handshake with client cert requested but not required or received.
  51             push @tests, {
  52                 name => "client-auth-${protocol_name}-request",
  53                 server => {
  54                     "MinProtocol" => $protocol,
  55                     "MaxProtocol" => $protocol,
  56                     "VerifyMode" => "Request"
  57                 },
  58                 client => {
  59                     "MinProtocol" => $protocol,
  60                     "MaxProtocol" => $protocol
  61                 },
  62                 test   => { "ExpectedResult" => "Success" },
  63             };
  64
  65             # Handshake with client cert required but not present.
  66             push @tests, {
  67                 name => "client-auth-${protocol_name}-require-fail",
  68                 server => {
  69                     "MinProtocol" => $protocol,
  70                     "MaxProtocol" => $protocol,
  71                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  72                     "VerifyMode" => "Require",
  73                 },
  74                 client => {
  75                     "MinProtocol" => $protocol,
  76                     "MaxProtocol" => $protocol
  77                 },
  78                 test   => {
  79                     "ExpectedResult" => "ServerFail",
  80                     "ExpectedServerAlert" => "HandshakeFailure",
  81                 },
  82             };
  83
  84             # Successful handshake with client authentication.
  85             push @tests, {
  86                 name => "client-auth-${protocol_name}-require",
  87                 server => {
  88                     "MinProtocol" => $protocol,
  89                     "MaxProtocol" => $protocol,
  90                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  91                     "VerifyMode" => "Request",
  92                 },
  93                 client => {
  94                     "MinProtocol" => $protocol,
  95                     "MaxProtocol" => $protocol,
  96                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
  97                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
  98                 },
  99                 test   => { "ExpectedResult" => "Success",
 100                             "ExpectedClientCertType" => "RSA",
 101                 },
 102             };
 103
 104             # Handshake with client authentication but without the root certificate.
 105             push @tests, {
 106                 name => "client-auth-${protocol_name}-noroot",
 107                 server => {
 108                     "MinProtocol" => $protocol,
 109                     "MaxProtocol" => $protocol,
 110                     "VerifyMode" => "Require",
 111                 },
 112                 client => {
 113                     "MinProtocol" => $protocol,
 114                     "MaxProtocol" => $protocol,
 115                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
 116                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
 117                 },
 118                 test   => {
 119                     "ExpectedResult" => "ServerFail",
 120                     "ExpectedServerAlert" => $caalert,
 121                 },
 122             };
 123         }
 124     }
 125 }
 126
 127 generate_tests();