Extend the test_ssl_new renegotiation tests to include client auth
authorMatt Caswell <matt@openssl.org>
Tue, 22 Nov 2016 16:55:35 +0000 (16:55 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 23 Jan 2017 14:04:44 +0000 (14:04 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)

test/ssl-tests/17-renegotiate.conf
test/ssl-tests/17-renegotiate.conf.in
test/ssl-tests/18-dtls-renegotiate.conf
test/ssl-tests/18-dtls-renegotiate.conf.in

index fffb572..58992c0 100644 (file)
@@ -1,11 +1,13 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 4
+num_tests = 6
 
 test-0 = 0-renegotiate-client-no-resume
 test-1 = 1-renegotiate-client-resume
 test-2 = 2-renegotiate-server-no-resume
 test-3 = 3-renegotiate-server-resume
+test-4 = 4-renegotiate-client-auth-require
+test-5 = 5-renegotiate-client-auth-once
 # ===========================================================
 
 [0-renegotiate-client-no-resume]
@@ -116,3 +118,67 @@ Method = TLS
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[4-renegotiate-client-auth-require]
+ssl_conf = 4-renegotiate-client-auth-require-ssl
+
+[4-renegotiate-client-auth-require-ssl]
+server = 4-renegotiate-client-auth-require-server
+client = 4-renegotiate-client-auth-require-client
+
+[4-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[4-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-renegotiate-client-auth-once]
+ssl_conf = 5-renegotiate-client-auth-once-ssl
+
+[5-renegotiate-client-auth-once-ssl]
+server = 5-renegotiate-client-auth-once-server
+client = 5-renegotiate-client-auth-once-client
+
+[5-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[5-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
index ab581ec..3f76cb8 100644 (file)
@@ -14,6 +14,7 @@ use warnings;
 
 package ssltests;
 
+my $dir_sep = $^O ne "VMS" ? "/" : "";
 
 our @tests = (
     {
@@ -70,4 +71,42 @@ our @tests = (
             "ExpectedResult" => "Success"
         }
     },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
 );
index 32eeaf0..fbde68a 100644 (file)
@@ -1,10 +1,12 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 3
+num_tests = 5
 
 test-0 = 0-renegotiate-client-no-resume
 test-1 = 1-renegotiate-client-resume
 test-2 = 2-renegotiate-server-resume
+test-3 = 3-renegotiate-client-auth-require
+test-4 = 4-renegotiate-client-auth-once
 # ===========================================================
 
 [0-renegotiate-client-no-resume]
@@ -84,3 +86,63 @@ Method = DTLS
 ResumptionExpected = No
 
 
+# ===========================================================
+
+[3-renegotiate-client-auth-require]
+ssl_conf = 3-renegotiate-client-auth-require-ssl
+
+[3-renegotiate-client-auth-require-ssl]
+server = 3-renegotiate-client-auth-require-server
+client = 3-renegotiate-client-auth-require-client
+
+[3-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[3-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-once]
+ssl_conf = 4-renegotiate-client-auth-once-ssl
+
+[4-renegotiate-client-auth-once-ssl]
+server = 4-renegotiate-client-auth-once-server
+client = 4-renegotiate-client-auth-once-client
+
+[4-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[4-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
index 440fb25..3f877f6 100644 (file)
@@ -14,6 +14,7 @@ use warnings;
 
 package ssltests;
 
+my $dir_sep = $^O ne "VMS" ? "/" : "";
 
 our @tests = (
     {
@@ -60,4 +61,38 @@ our @tests = (
             "ExpectedResult" => "Success"
         }
     },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
 );