our @tests = ();
-my $dir_sep = $^O ne "VMS" ? "/" : "";
-
sub generate_tests() {
foreach (0..$#protocols) {
my $protocol = $protocols[$_];
my $protocol_name = $protocol || "flex";
+ my $caalert;
if (!$is_disabled[$_]) {
+ if ($protocol_name eq "SSLv3") {
+ $caalert = "BadCertificate";
+ } else {
+ $caalert = "UnknownCA";
+ }
+ my $clihash;
+ my $clisigtype;
+ my $clisigalgs;
+ # TODO(TLS1.3) add TLSv1.3 versions
+ if ($protocol_name eq "TLSv1.2") {
+ $clihash = "SHA256";
+ $clisigtype = "RSA";
+ $clisigalgs = "SHA256+RSA";
+ }
# Sanity-check simple handshake.
push @tests, {
name => "server-auth-${protocol_name}",
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
},
client => {
},
test => {
"ExpectedResult" => "ServerFail",
- "ServerAlert" => "HandshakeFailure",
+ "ExpectedServerAlert" => "HandshakeFailure",
},
};
server => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+ "ClientSignatureAlgorithms" => $clisigalgs,
+ "VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Request",
},
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
+ },
+ test => { "ExpectedResult" => "Success",
+ "ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => $clisigtype,
+ "ExpectedClientSignHash" => $clihash,
},
- test => { "ExpectedResult" => "Success" },
};
# Handshake with client authentication but without the root certificate.
client => {
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
- "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
- "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
+ "Certificate" => test_pem("ee-client-chain.pem"),
+ "PrivateKey" => test_pem("ee-key.pem"),
},
test => {
"ExpectedResult" => "ServerFail",
- "ServerAlert" => "UnknownCA",
+ "ExpectedServerAlert" => $caalert,
},
};
}