test/ssl-tests/03-custom_verify.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## SSL test configurations
  11
  12 package ssltests;
  13
  14 our @tests = (
  15
  16     # Sanity-check that verification indeed succeeds without the
  17     # restrictive callback.
  18     {
  19         name => "verify-success",
  20         server => { },
  21         client => { },
  22         test   => { "ExpectedResult" => "Success" },
  23     },
  24
  25     # Same test as above but with a custom callback that always fails.
  26     {
  27         name => "verify-custom-reject",
  28         server => { },
  29         client => {
  30             extra => {
  31                 "VerifyCallback" => "RejectAll",
  32             },
  33         },
  34         test   => {
  35             "ExpectedResult" => "ClientFail",
  36             "ExpectedClientAlert" => "HandshakeFailure",
  37         },
  38     },
  39
  40     # Same test as above but with a custom callback that always succeeds.
  41     {
  42         name => "verify-custom-allow",
  43         server => { },
  44         client => {
  45             extra => {
  46                 "VerifyCallback" => "AcceptAll",
  47             },
  48         },
  49         test   => {
  50             "ExpectedResult" => "Success",
  51         },
  52     },
  53
  54     # Sanity-check that verification indeed succeeds if peer verification
  55     # is not requested.
  56     {
  57         name => "noverify-success",
  58         server => { },
  59         client => {
  60             "VerifyMode" => undef,
  61             "VerifyCAFile" => undef,
  62         },
  63         test   => { "ExpectedResult" => "Success" },
  64     },
  65
  66     # Same test as above but with a custom callback that always fails.
  67     # The callback return has no impact on handshake success in this mode.
  68     {
  69         name => "noverify-ignore-custom-reject",
  70         server => { },
  71         client => {
  72             "VerifyMode" => undef,
  73             "VerifyCAFile" => undef,
  74             extra => {
  75                 "VerifyCallback" => "RejectAll",
  76             },
  77         },
  78         test   => {
  79             "ExpectedResult" => "Success",
  80         },
  81     },
  82
  83     # Same test as above but with a custom callback that always succeeds.
  84     # The callback return has no impact on handshake success in this mode.
  85     {
  86         name => "noverify-accept-custom-allow",
  87         server => { },
  88         client => {
  89             "VerifyMode" => undef,
  90             "VerifyCAFile" => undef,
  91             extra => {
  92                 "VerifyCallback" => "AcceptAll",
  93             },
  94         },
  95         test   => {
  96             "ExpectedResult" => "Success",
  97         },
  98     },
  99
 100     # Sanity-check that verification indeed fails without the
 101     # permissive callback.
 102     {
 103         name => "verify-fail-no-root",
 104         server => { },
 105         client => {
 106             # Don't set up the client root file.
 107             "VerifyCAFile" => undef,
 108         },
 109         test   => {
 110           "ExpectedResult" => "ClientFail",
 111           "ExpectedClientAlert" => "UnknownCA",
 112         },
 113     },
 114
 115     # Same test as above but with a custom callback that always succeeds.
 116     {
 117         name => "verify-custom-success-no-root",
 118         server => { },
 119         client => {
 120             "VerifyCAFile" => undef,
 121             extra => {
 122                 "VerifyCallback" => "AcceptAll",
 123             },
 124         },
 125         test   => {
 126             "ExpectedResult" => "Success"
 127         },
 128     },
 129
 130     # Same test as above but with a custom callback that always fails.
 131     {
 132         name => "verify-custom-fail-no-root",
 133         server => { },
 134         client => {
 135             "VerifyCAFile" => undef,
 136             extra => {
 137                 "VerifyCallback" => "RejectAll",
 138             },
 139         },
 140         test   => {
 141             "ExpectedResult" => "ClientFail",
 142             "ExpectedClientAlert" => "HandshakeFailure",
 143         },
 144     },
 145 );