test/ssl-tests/04-client_auth.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5 package ssltests;
   6
   7 use strict;
   8 use warnings;
   9
  10 use OpenSSL::Test;
  11 use OpenSSL::Test::Utils qw(anydisabled);
  12 setup("no_test_here");
  13
  14 # We test version-flexible negotiation (undef) and each protocol version.
  15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
  16
  17 my @is_disabled = (0);
  18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
  19
  20 our @tests = ();
  21
  22 sub generate_tests() {
  23
  24     foreach (0..$#protocols) {
  25         my $protocol = $protocols[$_];
  26         my $protocol_name = $protocol || "flex";
  27         my $caalert;
  28         if (!$is_disabled[$_]) {
  29             if ($protocol_name eq "SSLv3") {
  30                 $caalert = "BadCertificate";
  31             } else {
  32                 $caalert = "UnknownCA";
  33             }
  34             # Sanity-check simple handshake.
  35             push @tests, {
  36                 name => "server-auth-${protocol_name}",
  37                 server => {
  38                     "MinProtocol" => $protocol,
  39                     "MaxProtocol" => $protocol
  40                 },
  41                 client => {
  42                     "MinProtocol" => $protocol,
  43                     "MaxProtocol" => $protocol
  44                 },
  45                 test   => { "ExpectedResult" => "Success" },
  46             };
  47
  48             # Handshake with client cert requested but not required or received.
  49             push @tests, {
  50                 name => "client-auth-${protocol_name}-request",
  51                 server => {
  52                     "MinProtocol" => $protocol,
  53                     "MaxProtocol" => $protocol,
  54                     "VerifyMode" => "Request"
  55                 },
  56                 client => {
  57                     "MinProtocol" => $protocol,
  58                     "MaxProtocol" => $protocol
  59                 },
  60                 test   => { "ExpectedResult" => "Success" },
  61             };
  62
  63             # Handshake with client cert required but not present.
  64             push @tests, {
  65                 name => "client-auth-${protocol_name}-require-fail",
  66                 server => {
  67                     "MinProtocol" => $protocol,
  68                     "MaxProtocol" => $protocol,
  69                     "VerifyCAFile" => test_pem("root-cert.pem"),
  70                     "VerifyMode" => "Require",
  71                 },
  72                 client => {
  73                     "MinProtocol" => $protocol,
  74                     "MaxProtocol" => $protocol
  75                 },
  76                 test   => {
  77                     "ExpectedResult" => "ServerFail",
  78                     "ExpectedServerAlert" => "HandshakeFailure",
  79                 },
  80             };
  81
  82             # Successful handshake with client authentication.
  83             push @tests, {
  84                 name => "client-auth-${protocol_name}-require",
  85                 server => {
  86                     "MinProtocol" => $protocol,
  87                     "MaxProtocol" => $protocol,
  88                     "VerifyCAFile" => test_pem("root-cert.pem"),
  89                     "VerifyMode" => "Request",
  90                 },
  91                 client => {
  92                     "MinProtocol" => $protocol,
  93                     "MaxProtocol" => $protocol,
  94                     "Certificate" => test_pem("ee-client-chain.pem"),
  95                     "PrivateKey"  => test_pem("ee-key.pem"),
  96                 },
  97                 test   => { "ExpectedResult" => "Success" },
  98             };
  99
 100             # Handshake with client authentication but without the root certificate.
 101             push @tests, {
 102                 name => "client-auth-${protocol_name}-noroot",
 103                 server => {
 104                     "MinProtocol" => $protocol,
 105                     "MaxProtocol" => $protocol,
 106                     "VerifyMode" => "Require",
 107                 },
 108                 client => {
 109                     "MinProtocol" => $protocol,
 110                     "MaxProtocol" => $protocol,
 111                     "Certificate" => test_pem("ee-client-chain.pem"),
 112                     "PrivateKey"  => test_pem("ee-key.pem"),
 113                 },
 114                 test   => {
 115                     "ExpectedResult" => "ServerFail",
 116                     "ExpectedServerAlert" => $caalert,
 117                 },
 118             };
 119         }
 120     }
 121 }
 122
 123 generate_tests();