Port DTLS version negotiation tests
authorEmilia Kasper <emilia@openssl.org>
Fri, 3 Jun 2016 15:49:04 +0000 (17:49 +0200)
committerEmilia Kasper <emilia@openssl.org>
Mon, 13 Jun 2016 14:13:13 +0000 (16:13 +0200)
Reviewed-by: Rich Salz <rsalz@openssl.org>
12 files changed:
test/README.ssltest.md
test/recipes/80-test_ssl_new.t
test/recipes/80-test_ssl_old.t
test/ssl-tests/02-protocol-version.conf.in
test/ssl-tests/07-dtls-protocol-version.conf [new file with mode: 0644]
test/ssl-tests/07-dtls-protocol-version.conf.in [new file with mode: 0644]
test/ssl-tests/protocol_version.pm [new file with mode: 0644]
test/ssl_test.c
test/ssl_test_ctx.c
test/ssl_test_ctx.h
test/ssl_test_ctx_test.c
test/ssl_test_ctx_test.conf

index 03b9f93..5797cf6 100644 (file)
@@ -64,6 +64,8 @@ The test section supports the following options:
   - AcceptAll - accepts all certificates.
   - RejectAll - rejects all certificates.
 
+* Method - the method to test. One of DTLS or TLS.
+
 * ServerName - the server the client should attempt to connect to. One of
   - None - do not use SNI (default)
   - server1 - the initial context
index b7ab408..a024753 100644 (file)
@@ -26,28 +26,43 @@ map { s/;.*// } @conf_srcs if $^O eq "VMS";
 my @conf_files = map { basename($_) } @conf_srcs;
 map { s/\.in// } @conf_files;
 
-# 02-protocol-version.conf test results depend on the configuration of enabled
-# protocols. We only verify generated sources in the default configuration.
-my $is_default = (disabled("ssl3") && !disabled("tls1") &&
-                  !disabled("tls1_1") && !disabled("tls1_2"));
+# 02-protocol-version.conf test and 05-dtls-protocol-version.conf results
+# depend on the configuration of enabled protocols. We only verify generated
+# sources in the default configuration.
+my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
+                      !disabled("tls1_1") && !disabled("tls1_2"));
 
-my %conf_dependent_tests = ("02-protocol-version.conf" => 1);
+my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
+
+my $no_tls = alldisabled(available_protocols("tls"));
+my $no_dtls = alldisabled(available_protocols("dtls"));
+
+my %conf_dependent_tests = (
+  "02-protocol-version.conf" => !$is_default_tls,
+  "05-dtls-protocol-version.conf" => !$is_default_dtls,
+);
+
+# Default is $no_tls but some tests have different skip conditions.
+my %skip = (
+  "05-dtls-protocol-version.conf" => $no_dtls,
+);
 
 foreach my $conf (@conf_files) {
     subtest "Test configuration $conf" => sub {
         test_conf($conf,
-                  $conf_dependent_tests{$conf} || $^O eq "VMS" ?  0 : 1);
+                  $conf_dependent_tests{$conf} || $^O eq "VMS" ?  0 : 1,
+                  $skip{$conf} || $no_tls);
     }
 }
 
 # We hard-code the number of tests to double-check that the globbing above
 # finds all files as expected.
-plan tests => 6;  # = scalar @conf_srcs
+plan tests => 7;  # = scalar @conf_srcs
 
 sub test_conf {
     plan tests => 3;
 
-    my ($conf, $check_source) = @_;
+    my ($conf, $check_source, $skip) = @_;
 
     my $conf_file = srctop_file("test", "ssl-tests", $conf);
     my $tmp_file = "${conf}.$$.tmp";
@@ -73,8 +88,7 @@ sub test_conf {
       }
 
       # Test 3. Run the test.
-      my $no_tls = alldisabled(available_protocols("tls"));
-      skip "No TLS tests available; skipping tests", 1 if $no_tls;
+      skip "No tests available; skipping tests", 1 if $skip;
       skip "Stale sources; skipping tests", 1 if !$run_test;
 
       ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");
index 4b932fd..716f23b 100644 (file)
@@ -79,7 +79,7 @@ my $client_sess="client.ss";
 # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.
 plan tests =>
     1                          # For testss
-    + 14                       # For the first testssl
+    + 13                       # For the first testssl
     ;
 
 subtest 'test_ss' => sub {
@@ -331,7 +331,7 @@ sub testssl {
 
     subtest 'standard SSL tests' => sub {
        ######################################################################
-        plan tests => 21;
+      plan tests => 21;
 
       SKIP: {
          skip "SSLv3 is not supported by this OpenSSL build", 4
@@ -683,53 +683,6 @@ sub testssl {
        }
     };
 
-    subtest 'DTLS Version min/max tests' => sub {
-        my @protos;
-        push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls);
-        push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls);
-        my @minprotos = (undef, @protos);
-        my @maxprotos = (@protos, undef);
-        my @shdprotos = (@protos, $protos[$#protos]);
-        my $n = ((@protos+2) * (@protos+3))/2 - 2;
-        my $ntests = $n * $n;
-       plan tests => $ntests;
-      SKIP: {
-        skip "DTLS disabled", 1 if $ntests == 1;
-
-        my $should;
-        for (my $smin = 0; $smin < @minprotos; ++$smin) {
-        for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {
-        for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {
-        for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {
-            if ($cmax < $smin-1) {
-                $should = "fail-server";
-            } elsif ($smax < $cmin-1) {
-                $should = "fail-client";
-            } elsif ($cmax > $smax) {
-                $should = $shdprotos[$smax];
-            } else {
-                $should = $shdprotos[$cmax];
-            }
-
-            my @args = (@ssltest, "-dtls");
-            push(@args, "-should_negotiate", $should);
-            push(@args, "-server_min_proto", $minprotos[$smin])
-                if (defined($minprotos[$smin]));
-            push(@args, "-server_max_proto", $maxprotos[$smax])
-                if (defined($maxprotos[$smax]));
-            push(@args, "-client_min_proto", $minprotos[$cmin])
-                if (defined($minprotos[$cmin]));
-            push(@args, "-client_max_proto", $maxprotos[$cmax])
-                if (defined($maxprotos[$cmax]));
-            my $ok = run(test[@args]);
-            if (! $ok) {
-                print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";
-                print STDERR "\nFailed: @args\n";
-            }
-            ok($ok);
-        }}}}}
-    };
-
     subtest 'TLS session reuse' => sub {
         plan tests => 12;
 
index 22e1f36..46851c9 100644 (file)
 # https://www.openssl.org/source/license.html
 
 
-## Test version negotiation
+## Test TLS version negotiation
 
 package ssltests;
 
-use List::Util qw/max min/;
+use strict;
+use warnings;
 
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
-setup("no_test_here");
+use protocol_version;
 
-my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-# undef stands for "no limit".
-my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
-
-my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-
-my $min_enabled; my $max_enabled;
-
-# Protocol configuration works in cascades, i.e.,
-# $no_tls1_1 disables TLSv1.1 and below.
-#
-# $min_enabled and $max_enabled will be correct if there is at least one
-# protocol enabled.
-foreach my $i (0..$#protocols) {
-    if (!$is_disabled[$i]) {
-        $min_enabled = $i;
-        last;
-    }
-}
-
-foreach my $i (0..$#protocols) {
-    if (!$is_disabled[$i]) {
-        $max_enabled = $i;
-    }
-}
-
-our @tests = ();
-
-sub generate_tests() {
-    foreach my $c_min (0..$#min_protocols) {
-        my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
-        foreach my $c_max ($c_max_min..$#max_protocols) {
-            foreach my $s_min (0..$#min_protocols) {
-                my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
-                foreach my $s_max ($s_max_min..$#max_protocols) {
-                    my ($result, $protocol) =
-                        expected_result($c_min, $c_max, $s_min, $s_max);
-                    push @tests, {
-                        "name" => "version-negotiation",
-                        "client" => {
-                            "MinProtocol" => $min_protocols[$c_min],
-                            "MaxProtocol" => $max_protocols[$c_max],
-                        },
-                        "server" => {
-                            "MinProtocol" => $min_protocols[$s_min],
-                            "MaxProtocol" => $max_protocols[$s_max],
-                        },
-                        "test" => {
-                            "ExpectedResult" => $result,
-                            "Protocol" => $protocol
-                        }
-                    };
-                }
-            }
-        }
-    }
-}
-
-sub expected_result {
-    my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
-    if ($no_tls) {
-        return ("InternalError", undef);
-    }
-
-    my ($c_min, $c_max, $s_min, $s_max) = @_;
-
-    # Adjust for "undef" (no limit).
-    $c_min = $c_min == 0 ? 0 : $c_min - 1;
-    $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;
-    $s_min = $s_min == 0 ? 0 : $s_min - 1;
-    $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;
-
-    # We now have at least one protocol enabled, so $min_enabled and
-    # $max_enabled are well-defined.
-    $c_min = max $c_min, $min_enabled;
-    $s_min = max $s_min, $min_enabled;
-    $c_max = min $c_max, $max_enabled;
-    $s_max = min $s_max, $max_enabled;
-
-    if ($c_min > $c_max) {
-        # Client should fail to even send a hello.
-        # This results in an internal error since the server will be
-        # waiting for input that never arrives.
-        return ("InternalError", undef);
-    } elsif ($s_min > $s_max) {
-        # Server has no protocols, should always fail.
-        return ("ServerFail", undef);
-    } elsif ($s_min > $c_max) {
-        # Server doesn't support the client range.
-        return ("ServerFail", undef);
-    } elsif ($c_min > $s_max) {
-        # Server will try with a version that is lower than the lowest
-        # supported client version.
-        return ("ClientFail", undef);
-    } else {
-        # Server and client ranges overlap.
-        my $max_common = $s_max < $c_max ? $s_max : $c_max;
-        return ("Success", $protocols[$max_common]);
-    }
-}
-
-generate_tests();
+our @tests = generate_tests("TLS");
diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf
new file mode 100644 (file)
index 0000000..0cb183a
--- /dev/null
@@ -0,0 +1,2476 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 64
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+server2 = 0-version-negotiation-server2
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[0-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-0]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+server2 = 1-version-negotiation-server2
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[1-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-1]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+server2 = 2-version-negotiation-server2
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[2-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-2]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+server2 = 3-version-negotiation-server2
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[3-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-3]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+server2 = 4-version-negotiation-server2
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[4-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-4]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+server2 = 5-version-negotiation-server2
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[5-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-5]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+server2 = 6-version-negotiation-server2
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[6-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-6]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+server2 = 7-version-negotiation-server2
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[7-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-7]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+server2 = 8-version-negotiation-server2
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[8-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-8]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+server2 = 9-version-negotiation-server2
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[9-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-9]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+server2 = 10-version-negotiation-server2
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[10-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-10]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+server2 = 11-version-negotiation-server2
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[11-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-11]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+server2 = 12-version-negotiation-server2
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[12-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-12]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+server2 = 13-version-negotiation-server2
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[13-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-13]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+server2 = 14-version-negotiation-server2
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[14-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-14]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+server2 = 15-version-negotiation-server2
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[15-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-15]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+server2 = 16-version-negotiation-server2
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[16-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-16]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+server2 = 17-version-negotiation-server2
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[17-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-17]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+server2 = 18-version-negotiation-server2
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[18-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-18]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+server2 = 19-version-negotiation-server2
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[19-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-19]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+server2 = 20-version-negotiation-server2
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[20-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-20]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+server2 = 21-version-negotiation-server2
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[21-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-21]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+server2 = 22-version-negotiation-server2
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[22-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-22]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+server2 = 23-version-negotiation-server2
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[23-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-23]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+server2 = 24-version-negotiation-server2
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[24-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-24]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+server2 = 25-version-negotiation-server2
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[25-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-25]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+server2 = 26-version-negotiation-server2
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[26-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-26]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+server2 = 27-version-negotiation-server2
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[27-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-27]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+server2 = 28-version-negotiation-server2
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[28-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-28]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+server2 = 29-version-negotiation-server2
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[29-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-29]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+server2 = 30-version-negotiation-server2
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[30-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-30]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+server2 = 31-version-negotiation-server2
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[31-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-31]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+server2 = 32-version-negotiation-server2
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[32-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-32]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+server2 = 33-version-negotiation-server2
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[33-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-33]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+server2 = 34-version-negotiation-server2
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[34-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-34]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+server2 = 35-version-negotiation-server2
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[35-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-35]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+server2 = 36-version-negotiation-server2
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[36-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-36]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+server2 = 37-version-negotiation-server2
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[37-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-37]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+server2 = 38-version-negotiation-server2
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[38-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-38]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+server2 = 39-version-negotiation-server2
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[39-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-39]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+server2 = 40-version-negotiation-server2
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[40-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-40]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+server2 = 41-version-negotiation-server2
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[41-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-41]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+server2 = 42-version-negotiation-server2
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[42-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-42]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+server2 = 43-version-negotiation-server2
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[43-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-43]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+server2 = 44-version-negotiation-server2
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[44-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-44]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+server2 = 45-version-negotiation-server2
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[45-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-45]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+server2 = 46-version-negotiation-server2
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[46-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-46]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+server2 = 47-version-negotiation-server2
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[47-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-47]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+server2 = 48-version-negotiation-server2
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[48-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-48]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+server2 = 49-version-negotiation-server2
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[49-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-49]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+server2 = 50-version-negotiation-server2
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[50-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-50]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+server2 = 51-version-negotiation-server2
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[51-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-51]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+server2 = 52-version-negotiation-server2
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[52-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-52]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+server2 = 53-version-negotiation-server2
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[53-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-53]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+server2 = 54-version-negotiation-server2
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[54-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-54]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+server2 = 55-version-negotiation-server2
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[55-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-55]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+server2 = 56-version-negotiation-server2
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[56-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-56]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+server2 = 57-version-negotiation-server2
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[57-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-57]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+server2 = 58-version-negotiation-server2
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[58-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-58]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+server2 = 59-version-negotiation-server2
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[59-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-59]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+server2 = 60-version-negotiation-server2
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[60-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-60]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+server2 = 61-version-negotiation-server2
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[61-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-61]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+server2 = 62-version-negotiation-server2
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[62-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-62]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+server2 = 63-version-negotiation-server2
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[63-version-negotiation-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+
+[test-63]
+ExpectedResult = Success
+Method = DTLS
+Protocol = DTLSv1.2
+
+
diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in
new file mode 100644 (file)
index 0000000..965ed3e
--- /dev/null
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test DTLS version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use protocol_version;
+
+our @tests = generate_tests("DTLS");
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
new file mode 100644 (file)
index 0000000..cb99756
--- /dev/null
@@ -0,0 +1,166 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use List::Util qw/max min/;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
+setup("no_test_here");
+
+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+# undef stands for "no limit".
+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
+
+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+
+my $min_tls_enabled; my $max_tls_enabled;
+
+# Protocol configuration works in cascades, i.e.,
+# $no_tls1_1 disables TLSv1.1 and below.
+#
+# $min_enabled and $max_enabled will be correct if there is at least one
+# protocol enabled.
+foreach my $i (0..$#tls_protocols) {
+    if (!$is_tls_disabled[$i]) {
+        $min_tls_enabled = $i;
+        last;
+    }
+}
+
+foreach my $i (0..$#tls_protocols) {
+    if (!$is_tls_disabled[$i]) {
+        $max_tls_enabled = $i;
+    }
+}
+
+my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
+# undef stands for "no limit".
+my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
+my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
+
+my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
+
+my $min_dtls_enabled; my $max_dtls_enabled;
+
+# $min_enabled and $max_enabled will be correct if there is at least one
+# protocol enabled.
+foreach my $i (0..$#dtls_protocols) {
+    if (!$is_dtls_disabled[$i]) {
+        $min_dtls_enabled = $i;
+        last;
+    }
+}
+
+foreach my $i (0..$#dtls_protocols) {
+    if (!$is_dtls_disabled[$i]) {
+        $max_dtls_enabled = $i;
+    }
+}
+
+sub generate_tests {
+    my ($method) = @_;
+
+    my $dtls = $method eq "DTLS";
+    # Don't write the redundant "Method = TLS" into the configuration.
+    undef $method if !$dtls; 
+
+    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
+    my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
+    my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
+    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+    my $max_enabled  = $dtls ? $max_dtls_enabled : $max_tls_enabled;
+
+    my $no_tests = $dtls ? alldisabled("dtls1", "dtls1_2") :
+      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+    if ($no_tests) {
+        return;
+    }
+
+    my @tests = ();
+
+    foreach my $c_min (0..$#min_protocols) {
+        my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
+        foreach my $c_max ($c_max_min..$#max_protocols) {
+            foreach my $s_min (0..$#min_protocols) {
+                my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
+                foreach my $s_max ($s_max_min..$#max_protocols) {
+                    my ($result, $protocol) =
+                        expected_result($c_min, $c_max, $s_min, $s_max,
+                                        $min_enabled, $max_enabled, \@protocols);
+                    push @tests, {
+                        "name" => "version-negotiation",
+                        "client" => {
+                            "MinProtocol" => $min_protocols[$c_min],
+                            "MaxProtocol" => $max_protocols[$c_max],
+                        },
+                        "server" => {
+                            "MinProtocol" => $min_protocols[$s_min],
+                            "MaxProtocol" => $max_protocols[$s_max],
+                        },
+                        "test" => {
+                            "ExpectedResult" => $result,
+                            "Protocol" => $protocol,
+                            "Method" => $method,
+                        }
+                    };
+                }
+            }
+        }
+    }
+    return @tests;
+}
+
+sub expected_result {
+    my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
+        $protocols) = @_;
+
+    # Adjust for "undef" (no limit).
+    $c_min = $c_min == 0 ? 0 : $c_min - 1;
+    $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
+    $s_min = $s_min == 0 ? 0 : $s_min - 1;
+    $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
+
+    # We now have at least one protocol enabled, so $min_enabled and
+    # $max_enabled are well-defined.
+    $c_min = max $c_min, $min_enabled;
+    $s_min = max $s_min, $min_enabled;
+    $c_max = min $c_max, $max_enabled;
+    $s_max = min $s_max, $max_enabled;
+
+    if ($c_min > $c_max) {
+        # Client should fail to even send a hello.
+        # This results in an internal error since the server will be
+        # waiting for input that never arrives.
+        return ("InternalError", undef);
+    } elsif ($s_min > $s_max) {
+        # Server has no protocols, should always fail.
+        return ("ServerFail", undef);
+    } elsif ($s_min > $c_max) {
+        # Server doesn't support the client range.
+        return ("ServerFail", undef);
+    } elsif ($c_min > $s_max) {
+        # Server will try with a version that is lower than the lowest
+        # supported client version.
+        return ("ClientFail", undef);
+    } else {
+        # Server and client ranges overlap.
+        my $max_common = $s_max < $c_max ? $s_max : $c_max;
+        return ("Success", $protocols->[$max_common]);
+    }
+}
+
+1;
index 0062c51..176f6a1 100644 (file)
@@ -177,10 +177,25 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
     SSL_TEST_CTX *test_ctx = NULL;
     HANDSHAKE_RESULT result;
 
-    server_ctx = SSL_CTX_new(TLS_server_method());
-    server2_ctx = SSL_CTX_new(TLS_server_method());
-    client_ctx = SSL_CTX_new(TLS_client_method());
-    OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL && client_ctx != NULL);
+    test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
+    if (test_ctx == NULL)
+        goto err;
+
+#ifndef OPENSSL_NO_DTLS
+    if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
+        server_ctx = SSL_CTX_new(DTLS_server_method());
+        server2_ctx = SSL_CTX_new(DTLS_server_method());
+        client_ctx = SSL_CTX_new(DTLS_client_method());
+    }
+#endif
+    if (test_ctx->method == SSL_TEST_METHOD_TLS) {
+        server_ctx = SSL_CTX_new(TLS_server_method());
+        server2_ctx = SSL_CTX_new(TLS_server_method());
+        client_ctx = SSL_CTX_new(TLS_client_method());
+    }
+
+    OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL &&
+                   client_ctx != NULL);
 
     OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
 
index 87060f3..d6e2843 100644 (file)
@@ -113,6 +113,8 @@ static const test_enum ssl_protocols[] = {
      {"TLSv1.1", TLS1_1_VERSION},
      {"TLSv1", TLS1_VERSION},
      {"SSLv3", SSL3_VERSION},
+     {"DTLSv1", DTLS1_VERSION},
+     {"DTLSv1.2", DTLS1_2_VERSION},
 };
 
 __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
@@ -211,6 +213,31 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server)
                      server);
 }
 
+/***********************/
+/* Method.             */
+/***********************/
+
+static const test_enum ssl_test_methods[] = {
+    {"TLS", SSL_TEST_METHOD_TLS},
+    {"DTLS", SSL_TEST_METHOD_DTLS},
+};
+
+__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
+{
+    int ret_value;
+    if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
+                    &ret_value, value)) {
+        return 0;
+    }
+    test_ctx->method = ret_value;
+    return 1;
+}
+
+const char *ssl_test_method_name(ssl_test_method_t method)
+{
+    return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
+}
+
 /*************************************************************/
 /* Known test options and their corresponding parse methods. */
 /*************************************************************/
@@ -228,6 +255,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ClientVerifyCallback", &parse_client_verify_callback },
     { "ServerName", &parse_servername },
     { "SessionTicketExpected", &parse_session_ticket },
+    { "Method", &parse_test_method },
 };
 
 
index e1541c0..b75cf08 100644 (file)
@@ -39,6 +39,11 @@ typedef enum {
     SSL_TEST_SESSION_TICKET_BROKEN, /* Special test */
 } ssl_session_ticket_t;
 
+typedef enum {
+    SSL_TEST_METHOD_TLS = 0, /* Default */
+    SSL_TEST_METHOD_DTLS,
+} ssl_test_method_t;
+
 typedef struct ssl_test_ctx {
     /* Test expectations. */
     /* Defaults to SUCCESS. */
@@ -57,6 +62,8 @@ typedef struct ssl_test_ctx {
     /* One of a number of predefined server names use by the client */
     ssl_servername_t servername;
     ssl_session_ticket_t session_ticket_expected;
+    /* Whether the server/client CTX should use DTLS or TLS. */
+    ssl_test_method_t method;
 } SSL_TEST_CTX;
 
 const char *ssl_test_result_name(ssl_test_result_t result);
@@ -65,6 +72,7 @@ const char *ssl_protocol_name(int protocol);
 const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback);
 const char *ssl_servername_name(ssl_servername_t server);
 const char *ssl_session_ticket_name(ssl_session_ticket_t server);
+const char *ssl_test_method_name(ssl_test_method_t method);
 
 /*
  * Load the test case context from |conf|.
index 3f0101f..9824d66 100644 (file)
@@ -156,6 +156,7 @@ static int test_good_configuration()
     fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL;
     fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2;
     fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
+    fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
     EXECUTE_SSL_TEST_CTX_TEST();
 }
 
@@ -167,6 +168,7 @@ static const char *bad_configurations[] = {
     "ssltest_unknown_verify_callback",
     "ssltest_unknown_servername",
     "ssltest_unknown_session_ticket_expected",
+    "ssltest_unknown_method",
 };
 
 static int test_bad_configuration(int idx)
index 7a8ffc8..9c1057d 100644 (file)
@@ -7,6 +7,7 @@ Protocol = TLSv1.1
 ClientVerifyCallback = RejectAll
 ServerName = server2
 SessionTicketExpected = Yes
+Method = DTLS
 
 [ssltest_unknown_option]
 UnknownOption = Foo
@@ -28,3 +29,7 @@ ServerName = Foo
 
 [ssltest_unknown_session_ticket_expected]
 SessionTicketExpected = Foo
+
+[ssltest_unknown_method]
+Method = TLS2
+