From: Matt Caswell Date: Wed, 22 Jun 2016 15:34:26 +0000 (+0100) Subject: Fix Client Auth tests X-Git-Tag: OpenSSL_1_1_0-pre6~207 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=78cbe94f89417150d5d334f6c02ed697f62029fe Fix Client Auth tests The Client Auth tests were not correctly setting the Protocol, so that this aspect had no effect. It was testing the same thing lots of times for TLSv1.2 every time. Reviewed-by: Emilia Käsper --- diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 02cba53d5a..04bb2345b9 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -161,12 +161,14 @@ client = 5-server-auth-TLSv1-client [5-server-auth-TLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 [5-server-auth-TLSv1-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -186,13 +188,15 @@ client = 6-client-auth-TLSv1-request-client [6-client-auth-TLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Request [6-client-auth-TLSv1-request-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -212,14 +216,16 @@ client = 7-client-auth-TLSv1-require-fail-client [7-client-auth-TLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [7-client-auth-TLSv1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -240,16 +246,18 @@ client = 8-client-auth-TLSv1-require-client [8-client-auth-TLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [8-client-auth-TLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -269,15 +277,17 @@ client = 9-client-auth-TLSv1-noroot-client [9-client-auth-TLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Require [9-client-auth-TLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -298,12 +308,14 @@ client = 10-server-auth-TLSv1.1-client [10-server-auth-TLSv1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 [10-server-auth-TLSv1.1-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -323,13 +335,15 @@ client = 11-client-auth-TLSv1.1-request-client [11-client-auth-TLSv1.1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Request [11-client-auth-TLSv1.1-request-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -349,14 +363,16 @@ client = 12-client-auth-TLSv1.1-require-fail-client [12-client-auth-TLSv1.1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [12-client-auth-TLSv1.1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -377,16 +393,18 @@ client = 13-client-auth-TLSv1.1-require-client [13-client-auth-TLSv1.1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [13-client-auth-TLSv1.1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -406,15 +424,17 @@ client = 14-client-auth-TLSv1.1-noroot-client [14-client-auth-TLSv1.1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Require [14-client-auth-TLSv1.1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -435,12 +455,14 @@ client = 15-server-auth-TLSv1.2-client [15-server-auth-TLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 [15-server-auth-TLSv1.2-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -460,13 +482,15 @@ client = 16-client-auth-TLSv1.2-request-client [16-client-auth-TLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Request [16-client-auth-TLSv1.2-request-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -486,14 +510,16 @@ client = 17-client-auth-TLSv1.2-require-fail-client [17-client-auth-TLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [17-client-auth-TLSv1.2-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -514,16 +540,18 @@ client = 18-client-auth-TLSv1.2-require-client [18-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [18-client-auth-TLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -543,15 +571,17 @@ client = 19-client-auth-TLSv1.2-noroot-client [19-client-auth-TLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Require [19-client-auth-TLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 36d13df04d..e1044f9ebc 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -31,10 +31,12 @@ sub generate_tests() { push @tests, { name => "server-auth-${protocol_name}", server => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -43,11 +45,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-request", server => { - "Protocol" => $protocol, - "VerifyMode" => "Request", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -56,12 +60,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require-fail", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "ServerFail", @@ -73,12 +79,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Request", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", }, @@ -89,11 +97,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-noroot", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", },