test/ssl-tests/04-client_auth.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5 package ssltests;
   6
   7 use strict;
   8 use warnings;
   9
  10 use OpenSSL::Test;
  11 use OpenSSL::Test::Utils qw(anydisabled);
  12 setup("no_test_here");
  13
  14 # We test version-flexible negotiation (undef) and each protocol version.
  15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
  16
  17 my @is_disabled = (0);
  18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
  19
  20 our @tests = ();
  21
  22 my $dir_sep = $^O ne "VMS" ? "/" : "";
  23
  24 sub generate_tests() {
  25
  26     foreach (0..$#protocols) {
  27         my $protocol = $protocols[$_];
  28         my $protocol_name = $protocol || "flex";
  29         my $caalert;
  30         if (!$is_disabled[$_]) {
  31             if ($protocol_name eq "SSLv3") {
  32                 $caalert = "BadCertificate";
  33             } else {
  34                 $caalert = "UnknownCA";
  35             }
  36             # Sanity-check simple handshake.
  37             push @tests, {
  38                 name => "server-auth-${protocol_name}",
  39                 server => {
  40                     "MinProtocol" => $protocol,
  41                     "MaxProtocol" => $protocol
  42                 },
  43                 client => {
  44                     "MinProtocol" => $protocol,
  45                     "MaxProtocol" => $protocol
  46                 },
  47                 test   => { "ExpectedResult" => "Success" },
  48             };
  49
  50             # Handshake with client cert requested but not required or received.
  51             push @tests, {
  52                 name => "client-auth-${protocol_name}-request",
  53                 server => {
  54                     "MinProtocol" => $protocol,
  55                     "MaxProtocol" => $protocol,
  56                     "VerifyMode" => "Request"
  57                 },
  58                 client => {
  59                     "MinProtocol" => $protocol,
  60                     "MaxProtocol" => $protocol
  61                 },
  62                 test   => { "ExpectedResult" => "Success" },
  63             };
  64
  65             # Handshake with client cert required but not present.
  66             push @tests, {
  67                 name => "client-auth-${protocol_name}-require-fail",
  68                 server => {
  69                     "MinProtocol" => $protocol,
  70                     "MaxProtocol" => $protocol,
  71                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  72                     "VerifyMode" => "Require",
  73                 },
  74                 client => {
  75                     "MinProtocol" => $protocol,
  76                     "MaxProtocol" => $protocol
  77                 },
  78                 test   => {
  79                     "ExpectedResult" => "ServerFail",
  80                     "ExpectedServerAlert" => "HandshakeFailure",
  81                 },
  82             };
  83
  84             # Successful handshake with client authentication.
  85             push @tests, {
  86                 name => "client-auth-${protocol_name}-require",
  87                 server => {
  88                     "MinProtocol" => $protocol,
  89                     "MaxProtocol" => $protocol,
  90                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  91                     "VerifyMode" => "Request",
  92                 },
  93                 client => {
  94                     "MinProtocol" => $protocol,
  95                     "MaxProtocol" => $protocol,
  96                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
  97                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
  98                 },
  99                 test   => { "ExpectedResult" => "Success" },
 100             };
 101
 102             # Handshake with client authentication but without the root certificate.
 103             push @tests, {
 104                 name => "client-auth-${protocol_name}-noroot",
 105                 server => {
 106                     "MinProtocol" => $protocol,
 107                     "MaxProtocol" => $protocol,
 108                     "VerifyMode" => "Require",
 109                 },
 110                 client => {
 111                     "MinProtocol" => $protocol,
 112                     "MaxProtocol" => $protocol,
 113                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
 114                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
 115                 },
 116                 test   => {
 117                     "ExpectedResult" => "ServerFail",
 118                     "ExpectedServerAlert" => $caalert,
 119                 },
 120             };
 121         }
 122     }
 123 }
 124
 125 generate_tests();