3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
24 sub generate_tests() {
26 foreach (0..$#protocols) {
27 my $protocol = $protocols[$_];
28 my $protocol_name = $protocol || "flex";
30 if (!$is_disabled[$_]) {
31 if ($protocol_name eq "SSLv3") {
32 $caalert = "BadCertificate";
34 $caalert = "UnknownCA";
36 # Sanity-check simple handshake.
38 name => "server-auth-${protocol_name}",
40 "MinProtocol" => $protocol,
41 "MaxProtocol" => $protocol
44 "MinProtocol" => $protocol,
45 "MaxProtocol" => $protocol
47 test => { "ExpectedResult" => "Success" },
50 # Handshake with client cert requested but not required or received.
52 name => "client-auth-${protocol_name}-request",
54 "MinProtocol" => $protocol,
55 "MaxProtocol" => $protocol,
56 "VerifyMode" => "Request"
59 "MinProtocol" => $protocol,
60 "MaxProtocol" => $protocol
62 test => { "ExpectedResult" => "Success" },
65 # Handshake with client cert required but not present.
67 name => "client-auth-${protocol_name}-require-fail",
69 "MinProtocol" => $protocol,
70 "MaxProtocol" => $protocol,
71 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
72 "VerifyMode" => "Require",
75 "MinProtocol" => $protocol,
76 "MaxProtocol" => $protocol
79 "ExpectedResult" => "ServerFail",
80 "ExpectedServerAlert" => "HandshakeFailure",
84 # Successful handshake with client authentication.
86 name => "client-auth-${protocol_name}-require",
88 "MinProtocol" => $protocol,
89 "MaxProtocol" => $protocol,
90 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
91 "VerifyMode" => "Request",
94 "MinProtocol" => $protocol,
95 "MaxProtocol" => $protocol,
96 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
97 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
99 test => { "ExpectedResult" => "Success" },
102 # Handshake with client authentication but without the root certificate.
104 name => "client-auth-${protocol_name}-noroot",
106 "MinProtocol" => $protocol,
107 "MaxProtocol" => $protocol,
108 "VerifyMode" => "Require",
111 "MinProtocol" => $protocol,
112 "MaxProtocol" => $protocol,
113 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
114 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
117 "ExpectedResult" => "ServerFail",
118 "ExpectedServerAlert" => $caalert,