test/ssl-tests/12-ct.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test version negotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16
  17
  18 our @tests = (
  19     {
  20         name => "ct-permissive-without-scts",
  21         server => { },
  22         client => {
  23             extra => {
  24                 "CTValidation" => "Permissive",
  25             },
  26         },
  27         test => {
  28             "ExpectedResult" => "Success",
  29         },
  30     },
  31     {
  32         name => "ct-permissive-with-scts",
  33         server => {
  34             "Certificate" => test_pem("embeddedSCTs1.pem"),
  35             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  36         },
  37         client => {
  38             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  39             extra => {
  40                 "CTValidation" => "Permissive",
  41             },
  42         },
  43         test => {
  44             "ExpectedResult" => "Success",
  45         },
  46     },
  47     {
  48         name => "ct-strict-without-scts",
  49         server => { },
  50         client => {
  51             extra => {
  52                 "CTValidation" => "Strict",
  53             },
  54         },
  55         test => {
  56             "ExpectedResult" => "ClientFail",
  57             "ExpectedClientAlert" => "HandshakeFailure",
  58         },
  59     },
  60     {
  61         name => "ct-strict-with-scts",
  62         server => {
  63             "Certificate" => test_pem("embeddedSCTs1.pem"),
  64             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  65         },
  66         client => {
  67             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  68             extra => {
  69                 "CTValidation" => "Strict",
  70             },
  71         },
  72         test => {
  73             "ExpectedResult" => "Success",
  74         },
  75     },
  76     {
  77         name => "ct-permissive-resumption",
  78         server => {
  79             "Certificate" => test_pem("embeddedSCTs1.pem"),
  80             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  81         },
  82         client => {
  83             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  84             extra => {
  85                 "CTValidation" => "Permissive",
  86             },
  87         },
  88         test => {
  89             "HandshakeMode" => "Resume",
  90             "ResumptionExpected" => "Yes",
  91             "ExpectedResult" => "Success",
  92         },
  93     },
  94     {
  95         name => "ct-strict-resumption",
  96         server => {
  97             "Certificate" => test_pem("embeddedSCTs1.pem"),
  98             "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
  99         },
 100         client => {
 101             "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
 102             extra => {
 103                 "CTValidation" => "Strict",
 104             },
 105         },
 106         # SCTs are not present during resumption, so the resumption
 107         # should succeed.
 108         resume_client => {
 109             extra => {
 110                 "CTValidation" => "Strict",
 111             },
 112         },
 113         test => {
 114             "HandshakeMode" => "Resume",
 115             "ResumptionExpected" => "Yes",
 116             "ExpectedResult" => "Success",
 117         },
 118     },
 119 );