3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 sub generate_tests() {
24 foreach (0..$#protocols) {
25 my $protocol = $protocols[$_];
26 my $protocol_name = $protocol || "flex";
28 if (!$is_disabled[$_]) {
29 if ($protocol_name eq "SSLv3") {
30 $caalert = "BadCertificate";
32 $caalert = "UnknownCA";
37 # TODO(TLS1.3) add TLSv1.3 versions
38 if ($protocol_name eq "TLSv1.2") {
41 $clisigalgs = "SHA256+RSA";
43 # Sanity-check simple handshake.
45 name => "server-auth-${protocol_name}",
47 "MinProtocol" => $protocol,
48 "MaxProtocol" => $protocol
51 "MinProtocol" => $protocol,
52 "MaxProtocol" => $protocol
54 test => { "ExpectedResult" => "Success" },
57 # Handshake with client cert requested but not required or received.
59 name => "client-auth-${protocol_name}-request",
61 "MinProtocol" => $protocol,
62 "MaxProtocol" => $protocol,
63 "VerifyMode" => "Request"
66 "MinProtocol" => $protocol,
67 "MaxProtocol" => $protocol
69 test => { "ExpectedResult" => "Success" },
72 # Handshake with client cert required but not present.
74 name => "client-auth-${protocol_name}-require-fail",
76 "MinProtocol" => $protocol,
77 "MaxProtocol" => $protocol,
78 "VerifyCAFile" => test_pem("root-cert.pem"),
79 "VerifyMode" => "Require",
82 "MinProtocol" => $protocol,
83 "MaxProtocol" => $protocol
86 "ExpectedResult" => "ServerFail",
87 "ExpectedServerAlert" => "HandshakeFailure",
91 # Successful handshake with client authentication.
93 name => "client-auth-${protocol_name}-require",
95 "MinProtocol" => $protocol,
96 "MaxProtocol" => $protocol,
97 "ClientSignatureAlgorithms" => $clisigalgs,
98 "VerifyCAFile" => test_pem("root-cert.pem"),
99 "VerifyMode" => "Request",
102 "MinProtocol" => $protocol,
103 "MaxProtocol" => $protocol,
104 "Certificate" => test_pem("ee-client-chain.pem"),
105 "PrivateKey" => test_pem("ee-key.pem"),
107 test => { "ExpectedResult" => "Success",
108 "ExpectedClientCertType" => "RSA",
109 "ExpectedClientSignType" => $clisigtype,
110 "ExpectedClientSignHash" => $clihash,
114 # Handshake with client authentication but without the root certificate.
116 name => "client-auth-${protocol_name}-noroot",
118 "MinProtocol" => $protocol,
119 "MaxProtocol" => $protocol,
120 "VerifyMode" => "Require",
123 "MinProtocol" => $protocol,
124 "MaxProtocol" => $protocol,
125 "Certificate" => test_pem("ee-client-chain.pem"),
126 "PrivateKey" => test_pem("ee-key.pem"),
129 "ExpectedResult" => "ServerFail",
130 "ExpectedServerAlert" => $caalert,