setup("test_ssl");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+
my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
$no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
- $no_dtls, $no_dtls1, $no_dtls1_2) =
+ $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
anydisabled qw/rsa dsa dh ec srp psk
ssl3 tls1 tls1_1 tls1_2
- dtls dtls1 dtls1_2/;
+ dtls dtls1 dtls1_2 ct/;
my $no_anytls = alldisabled(available_protocols("tls"));
my $no_anydtls = alldisabled(available_protocols("dtls"));
plan tests =>
1 # For testss
+ 1 # For ssltest -test_cipherlist
- + 10 # For the first testssl
+ + 13 # For the first testssl
+ 16 # For the first testsslproxy
+ 16 # For the second testsslproxy
;
}
- # plan tests => 10;
+ # plan tests => 11;
subtest 'standard SSL tests' => sub {
######################################################################
}
};
+ subtest 'SNI tests' => sub {
+
+ plan tests => 7;
+
+ SKIP: {
+ skip "TLSv1.x is not supported by this OpenSSL build", 7
+ if $no_tls1 && $no_tls1_1 && $no_tls1_2;
+
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo"])));
+ ok(run(test([@ssltest, "-bio_pair", "-sn_server1", "foo"])));
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_expect1"])));
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "bar", "-sn_expect1"])));
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foo", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "bar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect2"])));
+ # Negative test - make sure it doesn't crash, and doesn't switch contexts
+ ok(run(test([@ssltest, "-bio_pair", "-sn_client", "foobar", "-sn_server1", "foo", "-sn_server2", "bar", "-sn_expect1"])));
+ }
+ };
+
subtest 'ALPN tests' => sub {
######################################################################
- plan tests => 14;
+ plan tests => 12;
SKIP: {
skip "TLSv1.0 is not supported by this OpenSSL build", 12
is(run(test([@ssltest, "-bio_pair", "-tls1", "-alpn_client", "baz", "-alpn_server", "bar,foo"])), 0,
"Testing ALPN with protocol mismatch, expecting failure");
- SKIP: {
- skip "skipping SRP tests", 4
- if $no_srp;
+ # ALPN + SNI
+ ok(run(test([@ssltest, "-bio_pair",
+ "-alpn_client", "foo,bar", "-sn_client", "alice",
+ "-alpn_server1", "foo,123", "-sn_server1", "alice",
+ "-alpn_server2", "bar,456", "-sn_server2", "bob",
+ "-alpn_expected", "foo"])));
+ ok(run(test([@ssltest, "-bio_pair",
+ "-alpn_client", "foo,bar", "-sn_client", "bob",
+ "-alpn_server1", "foo,123", "-sn_server1", "alice",
+ "-alpn_server2", "bar,456", "-sn_server2", "bob",
+ "-alpn_expected", "bar"])));
+ }
+ };
- ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
- 'test tls1 with SRP');
+ subtest 'SRP tests' => sub {
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
- 'test tls1 with SRP via BIO pair');
+ plan tests => 4;
- ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
- 'test tls1 with SRP auth');
+ SKIP: {
+ skip "skipping SRP tests", 4
+ if $no_srp;
- ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
- 'test tls1 with SRP auth via BIO pair');
- }
+ ok(run(test([@ssltest, "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
+ 'test tls1 with SRP');
+
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "SRP", "-srpuser", "test", "-srppass", "abc123"])),
+ 'test tls1 with SRP via BIO pair');
+
+ ok(run(test([@ssltest, "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
+ 'test tls1 with SRP auth');
+
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "aSRP", "-srpuser", "test", "-srppass", "abc123"])),
+ 'test tls1 with SRP auth via BIO pair');
}
};
ok($ok);
}}}}}
};
+
+ subtest 'Certificate Transparency tests' => sub {
+ ######################################################################
+
+ plan tests => 3;
+
+ SKIP: {
+ skip "Certificate Transparency is not supported by this OpenSSL build", 3
+ if $no_ct;
+ skip "TLSv1.0 is not supported by this OpenSSL build", 3
+ if $no_tls1;
+
+ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-noct"])));
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requestct"])));
+ # No SCTs provided, so this should fail.
+ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-requirect",
+ "-should_negotiate", "fail-client"])));
+ }
+ };
+
}
sub testsslproxy {