Add DTLS renegotiation tests
[openssl.git] / test / ssl-tests / 03-custom_verify.conf.in
1 # -*- mode: perl; -*-
2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the OpenSSL license (the "License").  You may not use
5 # this file except in compliance with the License.  You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 ## SSL test configurations
11
12 package ssltests;
13
14 our @tests = (
15
16     # Sanity-check that verification indeed succeeds without the
17     # restrictive callback.
18     {
19         name => "verify-success",
20         server => { },
21         client => { },
22         test   => { "ExpectedResult" => "Success" },
23     },
24
25     # Same test as above but with a custom callback that always fails.
26     {
27         name => "verify-custom-reject",
28         server => { },
29         client => {
30             extra => {
31                 "VerifyCallback" => "RejectAll",
32             },
33         },
34         test   => {
35             "ExpectedResult" => "ClientFail",
36             "ExpectedClientAlert" => "HandshakeFailure",
37         },
38     },
39
40     # Same test as above but with a custom callback that always succeeds.
41     {
42         name => "verify-custom-allow",
43         server => { },
44         client => {
45             extra => {
46                 "VerifyCallback" => "AcceptAll",
47             },
48         },
49         test   => {
50             "ExpectedResult" => "Success",
51         },
52     },
53
54     # Sanity-check that verification indeed succeeds if peer verification
55     # is not requested.
56     {
57         name => "noverify-success",
58         server => { },
59         client => {
60             "VerifyMode" => undef,
61             "VerifyCAFile" => undef,
62         },
63         test   => { "ExpectedResult" => "Success" },
64     },
65
66     # Same test as above but with a custom callback that always fails.
67     # The callback return has no impact on handshake success in this mode.
68     {
69         name => "noverify-ignore-custom-reject",
70         server => { },
71         client => {
72             "VerifyMode" => undef,
73             "VerifyCAFile" => undef,
74             extra => {
75                 "VerifyCallback" => "RejectAll",
76             },
77         },
78         test   => {
79             "ExpectedResult" => "Success",
80         },
81     },
82
83     # Same test as above but with a custom callback that always succeeds.
84     # The callback return has no impact on handshake success in this mode.
85     {
86         name => "noverify-accept-custom-allow",
87         server => { },
88         client => {
89             "VerifyMode" => undef,
90             "VerifyCAFile" => undef,
91             extra => {
92                 "VerifyCallback" => "AcceptAll",
93             },
94         },
95         test   => {
96             "ExpectedResult" => "Success",
97         },
98     },
99
100     # Sanity-check that verification indeed fails without the
101     # permissive callback.
102     {
103         name => "verify-fail-no-root",
104         server => { },
105         client => {
106             # Don't set up the client root file.
107             "VerifyCAFile" => undef,
108         },
109         test   => {
110           "ExpectedResult" => "ClientFail",
111           "ExpectedClientAlert" => "UnknownCA",
112         },
113     },
114
115     # Same test as above but with a custom callback that always succeeds.
116     {
117         name => "verify-custom-success-no-root",
118         server => { },
119         client => {
120             "VerifyCAFile" => undef,
121             extra => {
122                 "VerifyCallback" => "AcceptAll",
123             },
124         },
125         test   => {
126             "ExpectedResult" => "Success"
127         },
128     },
129
130     # Same test as above but with a custom callback that always fails.
131     {
132         name => "verify-custom-fail-no-root",
133         server => { },
134         client => {
135             "VerifyCAFile" => undef,
136             extra => {
137                 "VerifyCallback" => "RejectAll",
138             },
139         },
140         test   => {
141             "ExpectedResult" => "ClientFail",
142             "ExpectedClientAlert" => "HandshakeFailure",
143         },
144     },
145 );