test/ssl-tests/18-dtls-renegotiate.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16 use OpenSSL::Test::Utils;
  17
  18 our @tests = (
  19     {
  20         name => "renegotiate-client-no-resume",
  21         server => {
  22             "Options" => "NoResumptionOnRenegotiation"
  23         },
  24         client => {},
  25         test => {
  26             "Method" => "DTLS",
  27             "HandshakeMode" => "RenegotiateClient",
  28             "ResumptionExpected" => "No",
  29             "ExpectedResult" => "Success"
  30         }
  31     },
  32     {
  33         name => "renegotiate-client-resume",
  34         server => {},
  35         client => {},
  36         test => {
  37             "Method" => "DTLS",
  38             "HandshakeMode" => "RenegotiateClient",
  39             "ResumptionExpected" => "Yes",
  40             "ExpectedResult" => "Success"
  41         }
  42     },
  43 # Note: Unlike the TLS tests, we will never do resumption with server
  44 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
  45 # handshake (i.e. it doesn't supply a session id) when it receives a
  46 # HelloRequest. This is different to the OpenSSL TLS implementation where an
  47 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
  48 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
  49 # handshake support was first added. Neither behaviour is wrong, but the
  50 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
  51 # and if so, what to?
  52     {
  53         name => "renegotiate-server-resume",
  54         server => {},
  55         client => {},
  56         test => {
  57             "Method" => "DTLS",
  58             "HandshakeMode" => "RenegotiateServer",
  59             "ResumptionExpected" => "No",
  60             "ExpectedResult" => "Success"
  61         }
  62     },
  63     {
  64         name => "renegotiate-client-auth-require",
  65         server => {
  66             "VerifyCAFile" => test_pem("root-cert.pem"),
  67             "VerifyMode" => "Require",
  68         },
  69         client => {
  70             "Certificate" => test_pem("ee-client-chain.pem"),
  71             "PrivateKey"  => test_pem("ee-key.pem"),
  72         },
  73         test => {
  74             "Method" => "DTLS",
  75             "HandshakeMode" => "RenegotiateServer",
  76             "ResumptionExpected" => "No",
  77             "ExpectedResult" => "Success"
  78         }
  79     },
  80     {
  81         name => "renegotiate-client-auth-once",
  82         server => {
  83             "VerifyCAFile" => test_pem("root-cert.pem"),
  84             "VerifyMode" => "Once",
  85         },
  86         client => {
  87             "Certificate" => test_pem("ee-client-chain.pem"),
  88             "PrivateKey"  => test_pem("ee-key.pem"),
  89         },
  90         test => {
  91             "Method" => "DTLS",
  92             "HandshakeMode" => "RenegotiateServer",
  93             "ResumptionExpected" => "No",
  94             "ExpectedResult" => "Success"
  95         }
  96     }
  97 );
  98 our @tests_dtls1_2 = (
  99     {
 100         name => "renegotiate-aead-to-non-aead",
 101         server => {
 102             "Options" => "NoResumptionOnRenegotiation"
 103         },
 104         client => {
 105             "CipherString" => "AES128-GCM-SHA256",
 106             extra => {
 107                 "RenegotiateCiphers" => "AES128-SHA"
 108             }
 109         },
 110         test => {
 111             "Method" => "DTLS",
 112             "HandshakeMode" => "RenegotiateClient",
 113             "ResumptionExpected" => "No",
 114             "ExpectedResult" => "Success"
 115         }
 116     },
 117     {
 118         name => "renegotiate-non-aead-to-aead",
 119         server => {
 120             "Options" => "NoResumptionOnRenegotiation"
 121         },
 122         client => {
 123             "CipherString" => "AES128-SHA",
 124             extra => {
 125                 "RenegotiateCiphers" => "AES128-GCM-SHA256"
 126             }
 127         },
 128         test => {
 129             "Method" => "DTLS",
 130             "HandshakeMode" => "RenegotiateClient",
 131             "ResumptionExpected" => "No",
 132             "ExpectedResult" => "Success"
 133         }
 134     },
 135     {
 136         name => "renegotiate-non-aead-to-non-aead",
 137         server => {
 138             "Options" => "NoResumptionOnRenegotiation"
 139         },
 140         client => {
 141             "CipherString" => "AES128-SHA",
 142             extra => {
 143                 "RenegotiateCiphers" => "AES256-SHA"
 144             }
 145         },
 146         test => {
 147             "Method" => "DTLS",
 148             "HandshakeMode" => "RenegotiateClient",
 149             "ResumptionExpected" => "No",
 150             "ExpectedResult" => "Success"
 151         }
 152     },
 153     {
 154         name => "renegotiate-aead-to-aead",
 155         server => {
 156             "Options" => "NoResumptionOnRenegotiation"
 157         },
 158         client => {
 159             "CipherString" => "AES128-GCM-SHA256",
 160             extra => {
 161                 "RenegotiateCiphers" => "AES256-GCM-SHA384"
 162             }
 163         },
 164         test => {
 165             "Method" => "DTLS",
 166             "HandshakeMode" => "RenegotiateClient",
 167             "ResumptionExpected" => "No",
 168             "ExpectedResult" => "Success"
 169         }
 170     },
 171 );
 172
 173
 174 push @tests, @tests_dtls1_2 unless disabled("dtls1_2");