Fix Client Auth tests
[openssl.git] / test / ssl-tests / 04-client_auth.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5 package ssltests;
6
7 use strict;
8 use warnings;
9
10 use OpenSSL::Test;
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
13
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
16
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
19
20 our @tests = ();
21
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
23
24 sub generate_tests() {
25
26     foreach (0..$#protocols) {
27         my $protocol = $protocols[$_];
28         my $protocol_name = $protocol || "flex";
29         if (!$is_disabled[$_]) {
30             # Sanity-check simple handshake.
31             push @tests, {
32                 name => "server-auth-${protocol_name}",
33                 server => {
34                     "MinProtocol" => $protocol,
35                     "MaxProtocol" => $protocol
36                 },
37                 client => {
38                     "MinProtocol" => $protocol,
39                     "MaxProtocol" => $protocol
40                 },
41                 test   => { "ExpectedResult" => "Success" },
42             };
43
44             # Handshake with client cert requested but not required or received.
45             push @tests, {
46                 name => "client-auth-${protocol_name}-request",
47                 server => {
48                     "MinProtocol" => $protocol,
49                     "MaxProtocol" => $protocol,
50                     "VerifyMode" => "Request"
51                 },
52                 client => {
53                     "MinProtocol" => $protocol,
54                     "MaxProtocol" => $protocol
55                 },
56                 test   => { "ExpectedResult" => "Success" },
57             };
58
59             # Handshake with client cert required but not present.
60             push @tests, {
61                 name => "client-auth-${protocol_name}-require-fail",
62                 server => {
63                     "MinProtocol" => $protocol,
64                     "MaxProtocol" => $protocol,
65                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
66                     "VerifyMode" => "Require",
67                 },
68                 client => {
69                     "MinProtocol" => $protocol,
70                     "MaxProtocol" => $protocol
71                 },
72                 test   => {
73                     "ExpectedResult" => "ServerFail",
74                     "ServerAlert" => "HandshakeFailure",
75                 },
76             };
77
78             # Successful handshake with client authentication.
79             push @tests, {
80                 name => "client-auth-${protocol_name}-require",
81                 server => {
82                     "MinProtocol" => $protocol,
83                     "MaxProtocol" => $protocol,
84                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
85                     "VerifyMode" => "Request",
86                 },
87                 client => {
88                     "MinProtocol" => $protocol,
89                     "MaxProtocol" => $protocol,
90                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
91                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
92                 },
93                 test   => { "ExpectedResult" => "Success" },
94             };
95
96             # Handshake with client authentication but without the root certificate.
97             push @tests, {
98                 name => "client-auth-${protocol_name}-noroot",
99                 server => {
100                     "MinProtocol" => $protocol,
101                     "MaxProtocol" => $protocol,
102                     "VerifyMode" => "Require",
103                 },
104                 client => {
105                     "MinProtocol" => $protocol,
106                     "MaxProtocol" => $protocol,
107                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
108                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
109                 },
110                 test   => {
111                     "ExpectedResult" => "ServerFail",
112                     "ServerAlert" => "UnknownCA",
113                 },
114             };
115         }
116     }
117 }
118  
119 generate_tests();