X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssl-tests%2F12-ct.conf.in;h=7c0304995ff9b580db568c301ada9cdd93243d73;hp=e7fe1b93d24c155fb2ed48271341f4e7aea5b47e;hb=da9b249fd994124e954d871ff220cc2c0ddf9e6a;hpb=71728dd8aa3acc0bc9d621f8c4a4032aa3325fe4

diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in
index e7fe1b93d2..7c0304995f 100644
--- a/test/ssl-tests/12-ct.conf.in
+++ b/test/ssl-tests/12-ct.conf.in
@@ -16,9 +16,8 @@ package ssltests;
 
 
 our @tests = (
-    # Currently only have tests for certs without SCTs.
     {
-        name => "ct-permissive",
+        name => "ct-permissive-without-scts",
         server => { },
         client => {
             extra => {
@@ -28,9 +27,25 @@ our @tests = (
         test => {
             "ExpectedResult" => "Success",
         },
-    }, 
+    },
     {
-        name => "ct-strict",
+        name => "ct-permissive-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-strict-without-scts",
         server => { },
         client => {
             extra => {
@@ -42,13 +57,30 @@ our @tests = (
             "ExpectedClientAlert" => "HandshakeFailure",
         },
     },
+    {
+        name => "ct-strict-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
     {
         name => "ct-permissive-resumption",
-        server => { },
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
         client => {
-            #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
-            #              resumption
-            MaxProtocol => "TLSv1.2",
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
             extra => {
                 "CTValidation" => "Permissive",
             },
@@ -58,24 +90,22 @@ our @tests = (
             "ResumptionExpected" => "Yes",
             "ExpectedResult" => "Success",
         },
-    }, 
+    },
     {
         name => "ct-strict-resumption",
-        server => { },
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
         client => {
-            #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
-            #              resumption
-            MaxProtocol => "TLSv1.2",
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
             extra => {
-                "CTValidation" => "Permissive",
+                "CTValidation" => "Strict",
             },
         },
         # SCTs are not present during resumption, so the resumption
         # should succeed.
         resume_client => {
-            #TODO(TLS1.3): Temporarily set to TLSv1.2 until we implement TLS1.3
-            #              resumption
-            MaxProtocol => "TLSv1.2",
             extra => {
                 "CTValidation" => "Strict",
             },