3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 sub generate_tests() {
24 foreach (0..$#protocols) {
25 my $protocol = $protocols[$_];
26 my $protocol_name = $protocol || "flex";
28 if (!$is_disabled[$_]) {
29 if ($protocol_name eq "SSLv3") {
30 $caalert = "BadCertificate";
32 $caalert = "UnknownCA";
34 # Sanity-check simple handshake.
36 name => "server-auth-${protocol_name}",
38 "MinProtocol" => $protocol,
39 "MaxProtocol" => $protocol
42 "MinProtocol" => $protocol,
43 "MaxProtocol" => $protocol
45 test => { "ExpectedResult" => "Success" },
48 # Handshake with client cert requested but not required or received.
50 name => "client-auth-${protocol_name}-request",
52 "MinProtocol" => $protocol,
53 "MaxProtocol" => $protocol,
54 "VerifyMode" => "Request"
57 "MinProtocol" => $protocol,
58 "MaxProtocol" => $protocol
60 test => { "ExpectedResult" => "Success" },
63 # Handshake with client cert required but not present.
65 name => "client-auth-${protocol_name}-require-fail",
67 "MinProtocol" => $protocol,
68 "MaxProtocol" => $protocol,
69 "VerifyCAFile" => test_pem("root-cert.pem"),
70 "VerifyMode" => "Require",
73 "MinProtocol" => $protocol,
74 "MaxProtocol" => $protocol
77 "ExpectedResult" => "ServerFail",
78 "ExpectedServerAlert" => "HandshakeFailure",
82 # Successful handshake with client authentication.
84 name => "client-auth-${protocol_name}-require",
86 "MinProtocol" => $protocol,
87 "MaxProtocol" => $protocol,
88 "VerifyCAFile" => test_pem("root-cert.pem"),
89 "VerifyMode" => "Request",
92 "MinProtocol" => $protocol,
93 "MaxProtocol" => $protocol,
94 "Certificate" => test_pem("ee-client-chain.pem"),
95 "PrivateKey" => test_pem("ee-key.pem"),
97 test => { "ExpectedResult" => "Success" },
100 # Handshake with client authentication but without the root certificate.
102 name => "client-auth-${protocol_name}-noroot",
104 "MinProtocol" => $protocol,
105 "MaxProtocol" => $protocol,
106 "VerifyMode" => "Require",
109 "MinProtocol" => $protocol,
110 "MaxProtocol" => $protocol,
111 "Certificate" => test_pem("ee-client-chain.pem"),
112 "PrivateKey" => test_pem("ee-key.pem"),
115 "ExpectedResult" => "ServerFail",
116 "ExpectedServerAlert" => $caalert,