36d13df04d6bddb469eb0c8e44377f301bae928d
[openssl.git] / test / ssl-tests / 04-client_auth.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5 package ssltests;
6
7 use strict;
8 use warnings;
9
10 use OpenSSL::Test;
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
13
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
16
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
19
20 our @tests = ();
21
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
23
24 sub generate_tests() {
25
26     foreach (0..$#protocols) {
27         my $protocol = $protocols[$_];
28         my $protocol_name = $protocol || "flex";
29         if (!$is_disabled[$_]) {
30             # Sanity-check simple handshake.
31             push @tests, {
32                 name => "server-auth-${protocol_name}",
33                 server => {
34                     "Protocol" => $protocol
35                 },
36                 client => {
37                     "Protocol" => $protocol
38                 },
39                 test   => { "ExpectedResult" => "Success" },
40             };
41
42             # Handshake with client cert requested but not required or received.
43             push @tests, {
44                 name => "client-auth-${protocol_name}-request",
45                 server => {
46                     "Protocol" => $protocol,
47                     "VerifyMode" => "Request",
48                 },
49                 client => {
50                     "Protocol" => $protocol
51                 },
52                 test   => { "ExpectedResult" => "Success" },
53             };
54
55             # Handshake with client cert required but not present.
56             push @tests, {
57                 name => "client-auth-${protocol_name}-require-fail",
58                 server => {
59                     "Protocol" => $protocol,
60                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
61                     "VerifyMode" => "Require",
62                 },
63                 client => {
64                     "Protocol" => $protocol,
65                 },
66                 test   => {
67                     "ExpectedResult" => "ServerFail",
68                     "ServerAlert" => "HandshakeFailure",
69                 },
70             };
71
72             # Successful handshake with client authentication.
73             push @tests, {
74                 name => "client-auth-${protocol_name}-require",
75                 server => {
76                     "Protocol" => $protocol,
77                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
78                     "VerifyMode" => "Request",
79                 },
80                 client => {
81                     "Protocol" => $protocol,
82                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
83                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
84                 },
85                 test   => { "ExpectedResult" => "Success" },
86             };
87
88             # Handshake with client authentication but without the root certificate.
89             push @tests, {
90                 name => "client-auth-${protocol_name}-noroot",
91                 server => {
92                     "Protocol" => $protocol,
93                     "VerifyMode" => "Require",
94                 },
95                 client => {
96                     "Protocol" => $protocol,
97                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
98                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
99                 },
100                 test   => {
101                     "ExpectedResult" => "ServerFail",
102                     "ServerAlert" => "UnknownCA",
103                 },
104             };
105         }
106     }
107 }
108  
109 generate_tests();