Reorganize SSL test structures
[openssl.git] / test / ssl-tests / 04-client_auth.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5 package ssltests;
6
7 use strict;
8 use warnings;
9
10 use OpenSSL::Test;
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
13
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
16
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
19
20 our @tests = ();
21
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
23
24 sub generate_tests() {
25
26     foreach (0..$#protocols) {
27         my $protocol = $protocols[$_];
28         my $protocol_name = $protocol || "flex";
29         my $caalert;
30         if (!$is_disabled[$_]) {
31             if ($protocol_name eq "SSLv3") {
32                 $caalert = "BadCertificate";
33             } else {
34                 $caalert = "UnknownCA";
35             }
36             # Sanity-check simple handshake.
37             push @tests, {
38                 name => "server-auth-${protocol_name}",
39                 server => {
40                     "MinProtocol" => $protocol,
41                     "MaxProtocol" => $protocol
42                 },
43                 client => {
44                     "MinProtocol" => $protocol,
45                     "MaxProtocol" => $protocol
46                 },
47                 test   => { "ExpectedResult" => "Success" },
48             };
49
50             # Handshake with client cert requested but not required or received.
51             push @tests, {
52                 name => "client-auth-${protocol_name}-request",
53                 server => {
54                     "MinProtocol" => $protocol,
55                     "MaxProtocol" => $protocol,
56                     "VerifyMode" => "Request"
57                 },
58                 client => {
59                     "MinProtocol" => $protocol,
60                     "MaxProtocol" => $protocol
61                 },
62                 test   => { "ExpectedResult" => "Success" },
63             };
64
65             # Handshake with client cert required but not present.
66             push @tests, {
67                 name => "client-auth-${protocol_name}-require-fail",
68                 server => {
69                     "MinProtocol" => $protocol,
70                     "MaxProtocol" => $protocol,
71                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
72                     "VerifyMode" => "Require",
73                 },
74                 client => {
75                     "MinProtocol" => $protocol,
76                     "MaxProtocol" => $protocol
77                 },
78                 test   => {
79                     "ExpectedResult" => "ServerFail",
80                     "ExpectedServerAlert" => "HandshakeFailure",
81                 },
82             };
83
84             # Successful handshake with client authentication.
85             push @tests, {
86                 name => "client-auth-${protocol_name}-require",
87                 server => {
88                     "MinProtocol" => $protocol,
89                     "MaxProtocol" => $protocol,
90                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
91                     "VerifyMode" => "Request",
92                 },
93                 client => {
94                     "MinProtocol" => $protocol,
95                     "MaxProtocol" => $protocol,
96                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
97                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
98                 },
99                 test   => { "ExpectedResult" => "Success" },
100             };
101
102             # Handshake with client authentication but without the root certificate.
103             push @tests, {
104                 name => "client-auth-${protocol_name}-noroot",
105                 server => {
106                     "MinProtocol" => $protocol,
107                     "MaxProtocol" => $protocol,
108                     "VerifyMode" => "Require",
109                 },
110                 client => {
111                     "MinProtocol" => $protocol,
112                     "MaxProtocol" => $protocol,
113                     "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
114                     "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
115                 },
116                 test   => {
117                     "ExpectedResult" => "ServerFail",
118                     "ExpectedServerAlert" => $caalert,
119                 },
120             };
121         }
122     }
123 }
124  
125 generate_tests();