test/ssl-tests/12-ct.cnf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test version negotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16
  17
  18 our @tests = (
  19     {
  20         name => "ct-permissive-without-scts",
  21         server => {
  22         },
  23         client => {
  24             extra => {
  25                 "CTValidation" => "Permissive",
  26             },
  27         },
  28         test => {
  29             "ExpectedResult" => "Success",
  30         },
  31     },
  32     {
  33         name => "ct-permissive-with-scts",
  34         server => {
  35             "Certificate" => test_pem("embeddedSCTs1.pem"),
  36             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  37         },
  38         client => {
  39             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  40             extra => {
  41                 "CTValidation" => "Permissive",
  42             },
  43         },
  44         test => {
  45             "ExpectedResult" => "Success",
  46         },
  47     },
  48     {
  49         name => "ct-strict-without-scts",
  50         server => {
  51         },
  52         client => {
  53             extra => {
  54                 "CTValidation" => "Strict",
  55             },
  56         },
  57         test => {
  58             "ExpectedResult" => "ClientFail",
  59             "ExpectedClientAlert" => "HandshakeFailure",
  60         },
  61     },
  62     {
  63         name => "ct-strict-with-scts",
  64         server => {
  65             "Certificate" => test_pem("embeddedSCTs1.pem"),
  66             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  67         },
  68         client => {
  69             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  70             extra => {
  71                 "CTValidation" => "Strict",
  72             },
  73         },
  74         test => {
  75             "ExpectedResult" => "Success",
  76         },
  77     },
  78     {
  79         name => "ct-permissive-resumption",
  80         server => {
  81             "Certificate" => test_pem("embeddedSCTs1.pem"),
  82             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  83         },
  84         client => {
  85             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  86             extra => {
  87                 "CTValidation" => "Permissive",
  88             },
  89         },
  90         test => {
  91             "HandshakeMode" => "Resume",
  92             "ResumptionExpected" => "Yes",
  93             "ExpectedResult" => "Success",
  94         },
  95     },
  96     {
  97         name => "ct-strict-resumption",
  98         server => {
  99             "Certificate" => test_pem("embeddedSCTs1.pem"),
 100             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
 101         },
 102         client => {
 103             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
 104             extra => {
 105                 "CTValidation" => "Strict",
 106             },
 107         },
 108         # SCTs are not present during resumption, so the resumption
 109         # should succeed.
 110         resume_client => {
 111             extra => {
 112                 "CTValidation" => "Strict",
 113             },
 114         },
 115         test => {
 116             "HandshakeMode" => "Resume",
 117             "ResumptionExpected" => "Yes",
 118             "ExpectedResult" => "Success",
 119         },
 120     },
 121 );