our @tests = (
- # Currently only have tests for certs without SCTs.
{
- name => "ct-permissive",
+ name => "ct-permissive-without-scts",
server => { },
client => {
extra => {
test => {
"ExpectedResult" => "Success",
},
- },
+ },
{
- name => "ct-strict",
+ name => "ct-permissive-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Permissive",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "ct-strict-without-scts",
server => { },
client => {
extra => {
"ExpectedClientAlert" => "HandshakeFailure",
},
},
+ {
+ name => "ct-strict-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
{
name => "ct-permissive-resumption",
- server => { },
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
client => {
- #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
- # resumption
- MaxProtocol => "TLSv1.2",
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Permissive",
},
"ResumptionExpected" => "Yes",
"ExpectedResult" => "Success",
},
- },
+ },
{
name => "ct-strict-resumption",
- server => { },
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
client => {
- #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
- # resumption
- MaxProtocol => "TLSv1.2",
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
- "CTValidation" => "Permissive",
+ "CTValidation" => "Strict",
},
},
# SCTs are not present during resumption, so the resumption
# should succeed.
resume_client => {
- #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
- # resumption
- MaxProtocol => "TLSv1.2",
extra => {
"CTValidation" => "Strict",
},