d45e399c3ff0ca9f6a6c394cc505f9dac9a19ec5
[openssl.git] / test / ssl-tests / 04-client_auth.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5 package ssltests;
6
7 use strict;
8 use warnings;
9
10 use OpenSSL::Test;
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
13
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
16
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
19
20 our @tests = ();
21
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
23
24 sub generate_tests() {
25
26     foreach (0..$#protocols) {
27         my $protocol = $protocols[$_];
28         my $protocol_name = $protocol || "flex";
29         my $caalert;
30         if (!$is_disabled[$_]) {
31             if ($protocol_name eq "SSLv3") {
32                 $caalert = "BadCertificate";
33             } else {
34                 $caalert = "UnknownCA";
35             }
36             my $clihash;
37             my $clisigalgs;
38             # TODO add TLSv1.3 versions
39             if ($protocol_name eq "TLSv1.2") {
40                 $clihash = "SHA256";
41                 $clisigalgs = "SHA256+RSA";
42             }
43             # Sanity-check simple handshake.
44             push @tests, {
45                 name => "server-auth-${protocol_name}",
46                 server => {
47                     "MinProtocol" => $protocol,
48                     "MaxProtocol" => $protocol
49                 },
50                 client => {
51                     "MinProtocol" => $protocol,
52                     "MaxProtocol" => $protocol
53                 },
54                 test   => { "ExpectedResult" => "Success" },
55             };
56
57             # Handshake with client cert requested but not required or received.
58             push @tests, {
59                 name => "client-auth-${protocol_name}-request",
60                 server => {
61                     "MinProtocol" => $protocol,
62                     "MaxProtocol" => $protocol,
63                     "VerifyMode" => "Request"
64                 },
65                 client => {
66                     "MinProtocol" => $protocol,
67                     "MaxProtocol" => $protocol
68                 },
69                 test   => { "ExpectedResult" => "Success" },
70             };
71
72             # Handshake with client cert required but not present.
73             push @tests, {
74                 name => "client-auth-${protocol_name}-require-fail",
75                 server => {
76                     "MinProtocol" => $protocol,
77                     "MaxProtocol" => $protocol,
78                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
79                     "VerifyMode" => "Require",
80                 },
81                 client => {
82                     "MinProtocol" => $protocol,
83                     "MaxProtocol" => $protocol
84                 },
85                 test   => {
86                     "ExpectedResult" => "ServerFail",
87                     "ExpectedServerAlert" => "HandshakeFailure",
88                 },
89             };
90
91             # Successful handshake with client authentication.
92             push @tests, {
93                 name => "client-auth-${protocol_name}-require",
94                 server => {
95                     "MinProtocol" => $protocol,
96                     "MaxProtocol" => $protocol,
97                     "ClientSignatureAlgorithms" => $clisigalgs,
98                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
99                     "VerifyMode" => "Request",
100                 },
101                 client => {
102                     "MinProtocol" => $protocol,
103                     "MaxProtocol" => $protocol,
104                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
105                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
106                 },
107                 test   => { "ExpectedResult" => "Success",
108                             "ExpectedClientCertType" => "RSA",
109                             "ExpectedClientSignHash" => $clihash,
110                 },
111             };
112
113             # Handshake with client authentication but without the root certificate.
114             push @tests, {
115                 name => "client-auth-${protocol_name}-noroot",
116                 server => {
117                     "MinProtocol" => $protocol,
118                     "MaxProtocol" => $protocol,
119                     "VerifyMode" => "Require",
120                 },
121                 client => {
122                     "MinProtocol" => $protocol,
123                     "MaxProtocol" => $protocol,
124                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
125                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
126                 },
127                 test   => {
128                     "ExpectedResult" => "ServerFail",
129                     "ExpectedServerAlert" => $caalert,
130                 },
131             };
132         }
133     }
134 }
135  
136 generate_tests();