3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
24 sub generate_tests() {
26 foreach (0..$#protocols) {
27 my $protocol = $protocols[$_];
28 my $protocol_name = $protocol || "flex";
30 if (!$is_disabled[$_]) {
31 if ($protocol_name eq "SSLv3") {
32 $caalert = "BadCertificate";
34 $caalert = "UnknownCA";
38 # TODO add TLSv1.3 versions
39 if ($protocol_name eq "TLSv1.2") {
41 $clisigalgs = "SHA256+RSA";
43 # Sanity-check simple handshake.
45 name => "server-auth-${protocol_name}",
47 "MinProtocol" => $protocol,
48 "MaxProtocol" => $protocol
51 "MinProtocol" => $protocol,
52 "MaxProtocol" => $protocol
54 test => { "ExpectedResult" => "Success" },
57 # Handshake with client cert requested but not required or received.
59 name => "client-auth-${protocol_name}-request",
61 "MinProtocol" => $protocol,
62 "MaxProtocol" => $protocol,
63 "VerifyMode" => "Request"
66 "MinProtocol" => $protocol,
67 "MaxProtocol" => $protocol
69 test => { "ExpectedResult" => "Success" },
72 # Handshake with client cert required but not present.
74 name => "client-auth-${protocol_name}-require-fail",
76 "MinProtocol" => $protocol,
77 "MaxProtocol" => $protocol,
78 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
79 "VerifyMode" => "Require",
82 "MinProtocol" => $protocol,
83 "MaxProtocol" => $protocol
86 "ExpectedResult" => "ServerFail",
87 "ExpectedServerAlert" => "HandshakeFailure",
91 # Successful handshake with client authentication.
93 name => "client-auth-${protocol_name}-require",
95 "MinProtocol" => $protocol,
96 "MaxProtocol" => $protocol,
97 "ClientSignatureAlgorithms" => $clisigalgs,
98 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
99 "VerifyMode" => "Request",
102 "MinProtocol" => $protocol,
103 "MaxProtocol" => $protocol,
104 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
105 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
107 test => { "ExpectedResult" => "Success",
108 "ExpectedClientCertType" => "RSA",
109 "ExpectedClientSignHash" => $clihash,
113 # Handshake with client authentication but without the root certificate.
115 name => "client-auth-${protocol_name}-noroot",
117 "MinProtocol" => $protocol,
118 "MaxProtocol" => $protocol,
119 "VerifyMode" => "Require",
122 "MinProtocol" => $protocol,
123 "MaxProtocol" => $protocol,
124 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
125 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
128 "ExpectedResult" => "ServerFail",
129 "ExpectedServerAlert" => $caalert,