test/ssl-tests/18-dtls-renegotiate.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16
  17 my $dir_sep = $^O ne "VMS" ? "/" : "";
  18
  19 our @tests = (
  20     {
  21         name => "renegotiate-client-no-resume",
  22         server => {
  23             "Options" => "NoResumptionOnRenegotiation"
  24         },
  25         client => {},
  26         test => {
  27             "Method" => "DTLS",
  28             "HandshakeMode" => "RenegotiateClient",
  29             "ResumptionExpected" => "No",
  30             "ExpectedResult" => "Success"
  31         }
  32     },
  33     {
  34         name => "renegotiate-client-resume",
  35         server => {},
  36         client => {},
  37         test => {
  38             "Method" => "DTLS",
  39             "HandshakeMode" => "RenegotiateClient",
  40             "ResumptionExpected" => "Yes",
  41             "ExpectedResult" => "Success"
  42         }
  43     },
  44 # Note: Unlike the TLS tests, we will never do resumption with server
  45 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
  46 # handshake (i.e. it doesn't supply a session id) when it receives a
  47 # HelloRequest. This is different to the OpenSSL TLS implementation where an
  48 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
  49 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
  50 # handshake support was first added. Neither behaviour is wrong, but the
  51 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
  52 # and if so, what to?
  53     {
  54         name => "renegotiate-server-resume",
  55         server => {},
  56         client => {},
  57         test => {
  58             "Method" => "DTLS",
  59             "HandshakeMode" => "RenegotiateServer",
  60             "ResumptionExpected" => "No",
  61             "ExpectedResult" => "Success"
  62         }
  63     },
  64     {
  65         name => "renegotiate-client-auth-require",
  66         server => {
  67             "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  68             "VerifyMode" => "Require",
  69         },
  70         client => {
  71             "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
  72             "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
  73         },
  74         test => {
  75             "Method" => "DTLS",
  76             "HandshakeMode" => "RenegotiateServer",
  77             "ResumptionExpected" => "No",
  78             "ExpectedResult" => "Success"
  79         }
  80     },
  81     {
  82         name => "renegotiate-client-auth-once",
  83         server => {
  84             "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
  85             "VerifyMode" => "Once",
  86         },
  87         client => {
  88             "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
  89             "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
  90         },
  91         test => {
  92             "Method" => "DTLS",
  93             "HandshakeMode" => "RenegotiateServer",
  94             "ResumptionExpected" => "No",
  95             "ExpectedResult" => "Success"
  96         }
  97     }
  98 );