Add and use function test_pem to work out test filenames.
[openssl.git] / test / ssl-tests / 04-client_auth.conf.in
index 36d13df..8b92836 100644 (file)
@@ -19,22 +19,37 @@ push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
 
 our @tests = ();
 
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
 sub generate_tests() {
 
     foreach (0..$#protocols) {
         my $protocol = $protocols[$_];
         my $protocol_name = $protocol || "flex";
+        my $caalert;
         if (!$is_disabled[$_]) {
+            if ($protocol_name eq "SSLv3") {
+                $caalert = "BadCertificate";
+            } else {
+                $caalert = "UnknownCA";
+            }
+            my $clihash;
+            my $clisigtype;
+            my $clisigalgs;
+            # TODO(TLS1.3) add TLSv1.3 versions
+            if ($protocol_name eq "TLSv1.2") {
+                $clihash = "SHA256";
+                $clisigtype = "RSA";
+                $clisigalgs = "SHA256+RSA";
+            }
             # Sanity-check simple handshake.
             push @tests, {
                 name => "server-auth-${protocol_name}",
                 server => {
-                    "Protocol" => $protocol
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
                 },
                 client => {
-                    "Protocol" => $protocol
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
                 },
                 test   => { "ExpectedResult" => "Success" },
             };
@@ -43,11 +58,13 @@ sub generate_tests() {
             push @tests, {
                 name => "client-auth-${protocol_name}-request",
                 server => {
-                    "Protocol" => $protocol,
-                    "VerifyMode" => "Request",
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyMode" => "Request"
                 },
                 client => {
-                    "Protocol" => $protocol
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
                 },
                 test   => { "ExpectedResult" => "Success" },
             };
@@ -56,16 +73,18 @@ sub generate_tests() {
             push @tests, {
                 name => "client-auth-${protocol_name}-require-fail",
                 server => {
-                    "Protocol" => $protocol,
-                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "VerifyCAFile" => test_pem("root-cert.pem"),
                     "VerifyMode" => "Require",
                 },
                 client => {
-                    "Protocol" => $protocol,
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol
                 },
                 test   => {
                     "ExpectedResult" => "ServerFail",
-                    "ServerAlert" => "HandshakeFailure",
+                    "ExpectedServerAlert" => "HandshakeFailure",
                 },
             };
 
@@ -73,33 +92,42 @@ sub generate_tests() {
             push @tests, {
                 name => "client-auth-${protocol_name}-require",
                 server => {
-                    "Protocol" => $protocol,
-                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "ClientSignatureAlgorithms" => $clisigalgs,
+                    "VerifyCAFile" => test_pem("root-cert.pem"),
                     "VerifyMode" => "Request",
                 },
                 client => {
-                    "Protocol" => $protocol,
-                    "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
-                    "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "Certificate" => test_pem("ee-client-chain.pem"),
+                    "PrivateKey"  => test_pem("ee-key.pem"),
+                },
+                test   => { "ExpectedResult" => "Success",
+                            "ExpectedClientCertType" => "RSA",
+                            "ExpectedClientSignType" => $clisigtype,
+                            "ExpectedClientSignHash" => $clihash,
                 },
-                test   => { "ExpectedResult" => "Success" },
             };
 
             # Handshake with client authentication but without the root certificate.
             push @tests, {
                 name => "client-auth-${protocol_name}-noroot",
                 server => {
-                    "Protocol" => $protocol,
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
                     "VerifyMode" => "Require",
                 },
                 client => {
-                    "Protocol" => $protocol,
-                    "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
-                    "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+                    "MinProtocol" => $protocol,
+                    "MaxProtocol" => $protocol,
+                    "Certificate" => test_pem("ee-client-chain.pem"),
+                    "PrivateKey"  => test_pem("ee-key.pem"),
                 },
                 test   => {
                     "ExpectedResult" => "ServerFail",
-                    "ServerAlert" => "UnknownCA",
+                    "ExpectedServerAlert" => $caalert,
                 },
             };
         }