test/ssl-tests/03-custom_verify.cnf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## SSL test configurations
  11
  12 package ssltests;
  13
  14 our @tests = (
  15
  16     # Sanity-check that verification indeed succeeds without the
  17     # restrictive callback.
  18     {
  19         name => "verify-success",
  20         server => { },
  21         client => { },
  22         test   => { "ExpectedResult" => "Success" },
  23     },
  24
  25     # Same test as above but with a custom callback that always fails.
  26     {
  27         name => "verify-custom-reject",
  28         server => { },
  29         client => {
  30             extra => {
  31                 "VerifyCallback" => "RejectAll",
  32             },
  33         },
  34         test   => {
  35             "ExpectedResult" => "ClientFail",
  36             "ExpectedClientAlert" => "HandshakeFailure",
  37         },
  38     },
  39
  40     # Same test as above but with a custom callback that always succeeds.
  41     {
  42         name => "verify-custom-allow",
  43         server => { },
  44         client => {
  45             extra => {
  46                 "VerifyCallback" => "AcceptAll",
  47             },
  48         },
  49         test   => {
  50             "ExpectedResult" => "Success",
  51         },
  52     },
  53
  54     # Same test as above but with a custom callback that requests retry once.
  55     {
  56         name => "verify-custom-retry",
  57         server => { },
  58         client => {
  59             extra => {
  60                 "VerifyCallback" => "RetryOnce",
  61             },
  62         },
  63         test   => {
  64             "ExpectedResult" => "Success",
  65         },
  66     },
  67
  68     # Sanity-check that verification indeed succeeds if peer verification
  69     # is not requested.
  70     {
  71         name => "noverify-success",
  72         server => { },
  73         client => {
  74             "VerifyMode" => undef,
  75             "VerifyCAFile" => undef,
  76         },
  77         test   => { "ExpectedResult" => "Success" },
  78     },
  79
  80     # Same test as above but with a custom callback that always fails.
  81     # The callback return has no impact on handshake success in this mode.
  82     {
  83         name => "noverify-ignore-custom-reject",
  84         server => { },
  85         client => {
  86             "VerifyMode" => undef,
  87             "VerifyCAFile" => undef,
  88             extra => {
  89                 "VerifyCallback" => "RejectAll",
  90             },
  91         },
  92         test   => {
  93             "ExpectedResult" => "Success",
  94         },
  95     },
  96
  97     # Same test as above but with a custom callback that always succeeds.
  98     # The callback return has no impact on handshake success in this mode.
  99     {
 100         name => "noverify-accept-custom-allow",
 101         server => { },
 102         client => {
 103             "VerifyMode" => undef,
 104             "VerifyCAFile" => undef,
 105             extra => {
 106                 "VerifyCallback" => "AcceptAll",
 107             },
 108         },
 109         test   => {
 110             "ExpectedResult" => "Success",
 111         },
 112     },
 113
 114     # Sanity-check that verification indeed fails without the
 115     # permissive callback.
 116     {
 117         name => "verify-fail-no-root",
 118         server => { },
 119         client => {
 120             # Don't set up the client root file.
 121             "VerifyCAFile" => undef,
 122         },
 123         test   => {
 124           "ExpectedResult" => "ClientFail",
 125           "ExpectedClientAlert" => "UnknownCA",
 126         },
 127     },
 128
 129     # Same test as above but with a custom callback that always succeeds.
 130     {
 131         name => "verify-custom-success-no-root",
 132         server => { },
 133         client => {
 134             "VerifyCAFile" => undef,
 135             extra => {
 136                 "VerifyCallback" => "AcceptAll",
 137             },
 138         },
 139         test   => {
 140             "ExpectedResult" => "Success"
 141         },
 142     },
 143
 144     # Same test as above but with a custom callback that always fails.
 145     {
 146         name => "verify-custom-fail-no-root",
 147         server => { },
 148         client => {
 149             "VerifyCAFile" => undef,
 150             extra => {
 151                 "VerifyCallback" => "RejectAll",
 152             },
 153         },
 154         test   => {
 155             "ExpectedResult" => "ClientFail",
 156             "ExpectedClientAlert" => "HandshakeFailure",
 157         },
 158     },
 159 );