X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fssl-tests%2F09-alpn.conf;h=e7e6cb95348b725727f1e56d2b1ca53fbf5ce337;hp=73fee872c20bff7a8ad65aa7d2eadceda0bef494;hb=4b7ffd8bbeb1c64261e10ef2050312bd183abeed;hpb=ce2cdac2787da32bcde210c7d6acdcbe41b1cd40 diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf index 73fee872c2..e7e6cb9534 100644 --- a/test/ssl-tests/09-alpn.conf +++ b/test/ssl-tests/09-alpn.conf @@ -1,10 +1,10 @@ # Generated with generate_ssl_tests.pl -num_tests = 10 +num_tests = 16 test-0 = 0-alpn-simple -test-1 = 1-alpn-client-finds-match -test-2 = 2-alpn-client-honours-server-pref +test-1 = 1-alpn-server-finds-match +test-2 = 2-alpn-server-honours-server-pref test-3 = 3-alpn-alert-on-mismatch test-4 = 4-alpn-no-server-support test-5 = 5-alpn-no-client-support @@ -12,6 +12,12 @@ test-6 = 6-alpn-with-sni-no-context-switch test-7 = 7-alpn-with-sni-context-switch test-8 = 8-alpn-selected-sni-server-supports-alpn test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +test-10 = 10-alpn-simple-resumption +test-11 = 11-alpn-server-switch-resumption +test-12 = 12-alpn-client-switch-resumption +test-13 = 13-alpn-alert-on-mismatch-resumption +test-14 = 14-alpn-no-server-support-resumption +test-15 = 15-alpn-no-client-support-resumption # =========================================================== [0-alpn-simple] @@ -32,59 +38,77 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ClientALPNProtocols = foo ExpectedALPNProtocol = foo -ServerALPNProtocols = foo +server = 0-alpn-simple-server-extra +client = 0-alpn-simple-client-extra + +[0-alpn-simple-server-extra] +ALPNProtocols = foo + +[0-alpn-simple-client-extra] +ALPNProtocols = foo # =========================================================== -[1-alpn-client-finds-match] -ssl_conf = 1-alpn-client-finds-match-ssl +[1-alpn-server-finds-match] +ssl_conf = 1-alpn-server-finds-match-ssl -[1-alpn-client-finds-match-ssl] -server = 1-alpn-client-finds-match-server -client = 1-alpn-client-finds-match-client +[1-alpn-server-finds-match-ssl] +server = 1-alpn-server-finds-match-server +client = 1-alpn-server-finds-match-client -[1-alpn-client-finds-match-server] +[1-alpn-server-finds-match-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-alpn-client-finds-match-client] +[1-alpn-server-finds-match-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar -ServerALPNProtocols = baz,bar +server = 1-alpn-server-finds-match-server-extra +client = 1-alpn-server-finds-match-client-extra + +[1-alpn-server-finds-match-server-extra] +ALPNProtocols = baz,bar + +[1-alpn-server-finds-match-client-extra] +ALPNProtocols = foo,bar # =========================================================== -[2-alpn-client-honours-server-pref] -ssl_conf = 2-alpn-client-honours-server-pref-ssl +[2-alpn-server-honours-server-pref] +ssl_conf = 2-alpn-server-honours-server-pref-ssl -[2-alpn-client-honours-server-pref-ssl] -server = 2-alpn-client-honours-server-pref-server -client = 2-alpn-client-honours-server-pref-client +[2-alpn-server-honours-server-pref-ssl] +server = 2-alpn-server-honours-server-pref-server +client = 2-alpn-server-honours-server-pref-client -[2-alpn-client-honours-server-pref-server] +[2-alpn-server-honours-server-pref-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-alpn-client-honours-server-pref-client] +[2-alpn-server-honours-server-pref-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar -ServerALPNProtocols = bar,foo +server = 2-alpn-server-honours-server-pref-server-extra +client = 2-alpn-server-honours-server-pref-client-extra + +[2-alpn-server-honours-server-pref-server-extra] +ALPNProtocols = bar,foo + +[2-alpn-server-honours-server-pref-client-extra] +ALPNProtocols = foo,bar # =========================================================== @@ -107,10 +131,16 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ClientALPNProtocols = foo,bar ExpectedResult = ServerFail -ServerALPNProtocols = baz -ServerAlert = NoApplicationProtocol +ExpectedServerAlert = NoApplicationProtocol +server = 3-alpn-alert-on-mismatch-server-extra +client = 3-alpn-alert-on-mismatch-client-extra + +[3-alpn-alert-on-mismatch-server-extra] +ALPNProtocols = baz + +[3-alpn-alert-on-mismatch-client-extra] +ALPNProtocols = foo,bar # =========================================================== @@ -133,7 +163,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ClientALPNProtocols = foo +client = 4-alpn-no-server-support-client-extra + +[4-alpn-no-server-support-client-extra] +ALPNProtocols = foo # =========================================================== @@ -156,7 +189,10 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ServerALPNProtocols = foo +server = 5-alpn-no-client-support-server-extra + +[5-alpn-no-client-support-server-extra] +ALPNProtocols = foo # =========================================================== @@ -166,8 +202,8 @@ ssl_conf = 6-alpn-with-sni-no-context-switch-ssl [6-alpn-with-sni-no-context-switch-ssl] server = 6-alpn-with-sni-no-context-switch-server -server2 = 6-alpn-with-sni-no-context-switch-server2 client = 6-alpn-with-sni-no-context-switch-client +server2 = 6-alpn-with-sni-no-context-switch-server2 [6-alpn-with-sni-no-context-switch-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem @@ -185,14 +221,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = foo ExpectedServerName = server1 -Server2ALPNProtocols = bar -ServerALPNProtocols = foo -ServerName = server1 +server = 6-alpn-with-sni-no-context-switch-server-extra +server2 = 6-alpn-with-sni-no-context-switch-server2-extra +client = 6-alpn-with-sni-no-context-switch-client-extra + +[6-alpn-with-sni-no-context-switch-server-extra] +ALPNProtocols = foo ServerNameCallback = IgnoreMismatch +[6-alpn-with-sni-no-context-switch-server2-extra] +ALPNProtocols = bar + +[6-alpn-with-sni-no-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server1 + # =========================================================== @@ -201,8 +246,8 @@ ssl_conf = 7-alpn-with-sni-context-switch-ssl [7-alpn-with-sni-context-switch-ssl] server = 7-alpn-with-sni-context-switch-server -server2 = 7-alpn-with-sni-context-switch-server2 client = 7-alpn-with-sni-context-switch-client +server2 = 7-alpn-with-sni-context-switch-server2 [7-alpn-with-sni-context-switch-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem @@ -220,14 +265,23 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar ExpectedServerName = server2 -Server2ALPNProtocols = bar -ServerALPNProtocols = foo -ServerName = server2 +server = 7-alpn-with-sni-context-switch-server-extra +server2 = 7-alpn-with-sni-context-switch-server2-extra +client = 7-alpn-with-sni-context-switch-client-extra + +[7-alpn-with-sni-context-switch-server-extra] +ALPNProtocols = foo ServerNameCallback = IgnoreMismatch +[7-alpn-with-sni-context-switch-server2-extra] +ALPNProtocols = bar + +[7-alpn-with-sni-context-switch-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -236,8 +290,8 @@ ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl [8-alpn-selected-sni-server-supports-alpn-ssl] server = 8-alpn-selected-sni-server-supports-alpn-server -server2 = 8-alpn-selected-sni-server-supports-alpn-server2 client = 8-alpn-selected-sni-server-supports-alpn-client +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 [8-alpn-selected-sni-server-supports-alpn-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem @@ -255,13 +309,22 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ClientALPNProtocols = foo,bar ExpectedALPNProtocol = bar ExpectedServerName = server2 -Server2ALPNProtocols = bar -ServerName = server2 +server = 8-alpn-selected-sni-server-supports-alpn-server-extra +server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra +client = 8-alpn-selected-sni-server-supports-alpn-client-extra + +[8-alpn-selected-sni-server-supports-alpn-server-extra] ServerNameCallback = IgnoreMismatch +[8-alpn-selected-sni-server-supports-alpn-server2-extra] +ALPNProtocols = bar + +[8-alpn-selected-sni-server-supports-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + # =========================================================== @@ -270,8 +333,8 @@ ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl [9-alpn-selected-sni-server-does-not-support-alpn-ssl] server = 9-alpn-selected-sni-server-does-not-support-alpn-server -server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 client = 9-alpn-selected-sni-server-does-not-support-alpn-client +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 [9-alpn-selected-sni-server-does-not-support-alpn-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem @@ -289,10 +352,268 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ClientALPNProtocols = foo,bar ExpectedServerName = server2 -ServerALPNProtocols = foo -ServerName = server2 +server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra +client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra + +[9-alpn-selected-sni-server-does-not-support-alpn-server-extra] +ALPNProtocols = bar ServerNameCallback = IgnoreMismatch +[9-alpn-selected-sni-server-does-not-support-alpn-client-extra] +ALPNProtocols = foo,bar +ServerName = server2 + + +# =========================================================== + +[10-alpn-simple-resumption] +ssl_conf = 10-alpn-simple-resumption-ssl + +[10-alpn-simple-resumption-ssl] +server = 10-alpn-simple-resumption-server +client = 10-alpn-simple-resumption-client +resume-server = 10-alpn-simple-resumption-server +resume-client = 10-alpn-simple-resumption-client + +[10-alpn-simple-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-simple-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ExpectedALPNProtocol = foo +HandshakeMode = Resume +ResumptionExpected = Yes +server = 10-alpn-simple-resumption-server-extra +resume-server = 10-alpn-simple-resumption-server-extra +client = 10-alpn-simple-resumption-client-extra +resume-client = 10-alpn-simple-resumption-client-extra + +[10-alpn-simple-resumption-server-extra] +ALPNProtocols = foo + +[10-alpn-simple-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[11-alpn-server-switch-resumption] +ssl_conf = 11-alpn-server-switch-resumption-ssl + +[11-alpn-server-switch-resumption-ssl] +server = 11-alpn-server-switch-resumption-server +client = 11-alpn-server-switch-resumption-client +resume-server = 11-alpn-server-switch-resumption-resume-server +resume-client = 11-alpn-server-switch-resumption-client + +[11-alpn-server-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-alpn-server-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ExpectedALPNProtocol = baz +HandshakeMode = Resume +ResumptionExpected = Yes +server = 11-alpn-server-switch-resumption-server-extra +resume-server = 11-alpn-server-switch-resumption-resume-server-extra +client = 11-alpn-server-switch-resumption-client-extra +resume-client = 11-alpn-server-switch-resumption-client-extra + +[11-alpn-server-switch-resumption-server-extra] +ALPNProtocols = bar,foo + +[11-alpn-server-switch-resumption-resume-server-extra] +ALPNProtocols = baz,foo + +[11-alpn-server-switch-resumption-client-extra] +ALPNProtocols = foo,bar,baz + + +# =========================================================== + +[12-alpn-client-switch-resumption] +ssl_conf = 12-alpn-client-switch-resumption-ssl + +[12-alpn-client-switch-resumption-ssl] +server = 12-alpn-client-switch-resumption-server +client = 12-alpn-client-switch-resumption-client +resume-server = 12-alpn-client-switch-resumption-server +resume-client = 12-alpn-client-switch-resumption-resume-client + +[12-alpn-client-switch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[12-alpn-client-switch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[12-alpn-client-switch-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-12] +ExpectedALPNProtocol = bar +HandshakeMode = Resume +ResumptionExpected = Yes +server = 12-alpn-client-switch-resumption-server-extra +resume-server = 12-alpn-client-switch-resumption-server-extra +client = 12-alpn-client-switch-resumption-client-extra +resume-client = 12-alpn-client-switch-resumption-resume-client-extra + +[12-alpn-client-switch-resumption-server-extra] +ALPNProtocols = foo,bar,baz + +[12-alpn-client-switch-resumption-client-extra] +ALPNProtocols = foo,baz + +[12-alpn-client-switch-resumption-resume-client-extra] +ALPNProtocols = bar,baz + + +# =========================================================== + +[13-alpn-alert-on-mismatch-resumption] +ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl + +[13-alpn-alert-on-mismatch-resumption-ssl] +server = 13-alpn-alert-on-mismatch-resumption-server +client = 13-alpn-alert-on-mismatch-resumption-client +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server +resume-client = 13-alpn-alert-on-mismatch-resumption-client + +[13-alpn-alert-on-mismatch-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[13-alpn-alert-on-mismatch-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-13] +ExpectedResult = ServerFail +ExpectedServerAlert = NoApplicationProtocol +HandshakeMode = Resume +server = 13-alpn-alert-on-mismatch-resumption-server-extra +resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra +client = 13-alpn-alert-on-mismatch-resumption-client-extra +resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra + +[13-alpn-alert-on-mismatch-resumption-server-extra] +ALPNProtocols = bar + +[13-alpn-alert-on-mismatch-resumption-resume-server-extra] +ALPNProtocols = baz + +[13-alpn-alert-on-mismatch-resumption-client-extra] +ALPNProtocols = foo,bar + + +# =========================================================== + +[14-alpn-no-server-support-resumption] +ssl_conf = 14-alpn-no-server-support-resumption-ssl + +[14-alpn-no-server-support-resumption-ssl] +server = 14-alpn-no-server-support-resumption-server +client = 14-alpn-no-server-support-resumption-client +resume-server = 14-alpn-no-server-support-resumption-resume-server +resume-client = 14-alpn-no-server-support-resumption-client + +[14-alpn-no-server-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-alpn-no-server-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 14-alpn-no-server-support-resumption-server-extra +client = 14-alpn-no-server-support-resumption-client-extra +resume-client = 14-alpn-no-server-support-resumption-client-extra + +[14-alpn-no-server-support-resumption-server-extra] +ALPNProtocols = foo + +[14-alpn-no-server-support-resumption-client-extra] +ALPNProtocols = foo + + +# =========================================================== + +[15-alpn-no-client-support-resumption] +ssl_conf = 15-alpn-no-client-support-resumption-ssl + +[15-alpn-no-client-support-resumption-ssl] +server = 15-alpn-no-client-support-resumption-server +client = 15-alpn-no-client-support-resumption-client +resume-server = 15-alpn-no-client-support-resumption-server +resume-client = 15-alpn-no-client-support-resumption-resume-client + +[15-alpn-no-client-support-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-alpn-no-client-support-resumption-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[15-alpn-no-client-support-resumption-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +HandshakeMode = Resume +ResumptionExpected = Yes +server = 15-alpn-no-client-support-resumption-server-extra +resume-server = 15-alpn-no-client-support-resumption-server-extra +client = 15-alpn-no-client-support-resumption-client-extra + +[15-alpn-no-client-support-resumption-server-extra] +ALPNProtocols = foo + +[15-alpn-no-client-support-resumption-client-extra] +ALPNProtocols = foo +