}
```
-The test section supports the following options:
+The test section supports the following options
+
+### Test mode
+
+* Method - the method to test. One of DTLS or TLS.
+
+* HandshakeMode - which handshake flavour to test:
+ - Simple - plain handshake (default)
+ - Resume - test resumption
+ - (Renegotiate - test renegotiation, not yet implemented)
+
+When HandshakeMode is Resume or Renegotiate, the original handshake is expected
+to succeed. All configured test expectations are verified against the second
+handshake.
+
+### Test expectations
* ExpectedResult - expected handshake outcome. One of
- Success - handshake success
- ClientFail - clientside handshake failure
- InternalError - some other error
-* ClientAlert, ServerAlert - expected alert. See `ssl_test_ctx.c` for known
- values.
+* ExpectedClientAlert, ExpectedServerAlert - expected alert. See
+ `ssl_test_ctx.c` for known values.
-* Protocol - expected negotiated protocol. One of
+* ExpectedProtocol - expected negotiated protocol. One of
SSLv3, TLSv1, TLSv1.1, TLSv1.2.
-* ClientVerifyCallback - the client's custom certificate verify callback.
- Used to test callback behaviour. One of
- - None - no custom callback (default)
- - AcceptAll - accepts all certificates.
- - RejectAll - rejects all certificates.
-
-* Method - the method to test. One of DTLS or TLS.
-
-* ServerName - the server the client should attempt to connect to. One of
- - None - do not use SNI (default)
- - server1 - the initial context
- - server2 - the secondary context
- - invalid - an unknown context
-
-* ServerNameCallback - the SNI switching callback to use
- - None - no callback (default)
- - IgnoreMismatch - continue the handshake on SNI mismatch
- - RejectMismatch - abort the handshake on SNI mismatch
-
* SessionTicketExpected - whether or not a session ticket is expected
- Ignore - do not check for a session ticket (default)
- Yes - a session ticket is expected
- No - a session ticket is not expected
- - Broken - a special test case where the session ticket callback does not
- initialize crypto
-
-* HandshakeMode - which handshake flavour to test:
- - Simple - plain handshake (default)
- - Resume - test resumption
- - (Renegotiate - test renegotiation, not yet implemented)
* ResumptionExpected - whether or not resumption is expected (Resume mode only)
- Yes - resumed handshake
- No - full handshake (default)
-When HandshakeMode is Resume or Renegotiate, the original handshake is expected
-to succeed. All configured test expectations are verified against the second handshake.
-
-* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol,
- ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol -
- NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list,
- and a callback with the recommended behaviour will be installed automatically.
+* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
## Configuring the client and server
whenever HandshakeMode is Resume. If the resume_client section is not present,
then the configuration matches client.
+### Configuring callbacks and additional options
+
+Additional handshake settings can be configured in the `extra` section of each
+client and server:
+
+```
+client => {
+ "CipherString" => "DEFAULT",
+ extra => {
+ "ServerName" => "server2",
+ }
+}
+```
+
+#### Supported client-side options
+
+* ClientVerifyCallback - the client's custom certificate verify callback.
+ Used to test callback behaviour. One of
+ - None - no custom callback (default)
+ - AcceptAll - accepts all certificates.
+ - RejectAll - rejects all certificates.
+
+* ServerName - the server the client should attempt to connect to. One of
+ - None - do not use SNI (default)
+ - server1 - the initial context
+ - server2 - the secondary context
+ - invalid - an unknown context
+
+#### Supported server-side options
+
+* ServerNameCallback - the SNI switching callback to use
+ - None - no callback (default)
+ - IgnoreMismatch - continue the handshake on SNI mismatch
+ - RejectMismatch - abort the handshake on SNI mismatch
+
+* BrokenSessionTicket - a special test case where the session ticket callback
+ does not initialize crypto.
+ - No (default)
+ - Yes
+
+#### Mutually supported options
+
+* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
+ protocols can be specified as a comma-separated list, and a callback with the
+ recommended behaviour will be installed automatically.
+
### Default server and client configurations
The default server certificate and CA files are added to the configurations
if (defined $test->{"server2"}) {
$test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) };
} else {
- if (defined $test->{"test"}->{"ServerNameCallback"}) {
+ if ($test->{"server"}->{"extra"} &&
+ defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) {
# Default is the same as server.
$test->{"reuse_server2"} = 1;
}
*/
static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX *client_ctx,
- const SSL_TEST_CTX *test_ctx,
+ const SSL_TEST_EXTRA_CONF *extra,
CTX_DATA *server_ctx_data,
CTX_DATA *server2_ctx_data,
CTX_DATA *client_ctx_data)
unsigned char *ticket_keys;
size_t ticket_key_len;
- switch (test_ctx->client_verify_callback) {
+ switch (extra->client.verify_callback) {
case SSL_TEST_VERIFY_ACCEPT_ALL:
SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb,
NULL);
}
/* link the two contexts for SNI purposes */
- switch (test_ctx->servername_callback) {
+ switch (extra->server.servername_callback) {
case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb);
SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx,
do_not_call_session_ticket_cb);
- if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
+ if (extra->server.broken_session_ticket) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
}
#ifndef OPENSSL_NO_NEXTPROTONEG
- if (test_ctx->server_npn_protocols != NULL) {
- parse_protos(test_ctx->server_npn_protocols,
+ if (extra->server.npn_protocols != NULL) {
+ parse_protos(extra->server.npn_protocols,
&server_ctx_data->npn_protocols,
&server_ctx_data->npn_protocols_len);
SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
server_ctx_data);
}
- if (test_ctx->server2_npn_protocols != NULL) {
- parse_protos(test_ctx->server2_npn_protocols,
+ if (extra->server2.npn_protocols != NULL) {
+ parse_protos(extra->server2.npn_protocols,
&server2_ctx_data->npn_protocols,
&server2_ctx_data->npn_protocols_len);
OPENSSL_assert(server2_ctx != NULL);
SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
server2_ctx_data);
}
- if (test_ctx->client_npn_protocols != NULL) {
- parse_protos(test_ctx->client_npn_protocols,
+ if (extra->client.npn_protocols != NULL) {
+ parse_protos(extra->client.npn_protocols,
&client_ctx_data->npn_protocols,
&client_ctx_data->npn_protocols_len);
SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
client_ctx_data);
}
- if (test_ctx->server_alpn_protocols != NULL) {
- parse_protos(test_ctx->server_alpn_protocols,
+ if (extra->server.alpn_protocols != NULL) {
+ parse_protos(extra->server.alpn_protocols,
&server_ctx_data->alpn_protocols,
&server_ctx_data->alpn_protocols_len);
SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
}
- if (test_ctx->server2_alpn_protocols != NULL) {
+ if (extra->server2.alpn_protocols != NULL) {
OPENSSL_assert(server2_ctx != NULL);
- parse_protos(test_ctx->server2_alpn_protocols,
+ parse_protos(extra->server2.alpn_protocols,
&server2_ctx_data->alpn_protocols,
&server2_ctx_data->alpn_protocols_len);
SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data);
}
- if (test_ctx->client_alpn_protocols != NULL) {
+ if (extra->client.alpn_protocols != NULL) {
unsigned char *alpn_protos = NULL;
size_t alpn_protos_len;
- parse_protos(test_ctx->client_alpn_protocols,
+ parse_protos(extra->client.alpn_protocols,
&alpn_protos, &alpn_protos_len);
/* Reversed return value convention... */
OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
/* Configure per-SSL callbacks and other properties. */
static void configure_handshake_ssl(SSL *server, SSL *client,
- const SSL_TEST_CTX *test_ctx)
+ const SSL_TEST_EXTRA_CONF *extra)
{
- if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE)
+ if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
SSL_set_tlsext_host_name(client,
- ssl_servername_name(test_ctx->servername));
+ ssl_servername_name(extra->client.servername));
}
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
- const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in,
+ const SSL_TEST_EXTRA_CONF *extra, SSL_SESSION *session_in,
SSL_SESSION **session_out)
{
SSL *server, *client;
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
memset(&client_ctx_data, 0, sizeof(client_ctx_data));
- configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx,
+ configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, extra,
&server_ctx_data, &server2_ctx_data, &client_ctx_data);
server = SSL_new(server_ctx);
client = SSL_new(client_ctx);
OPENSSL_assert(server != NULL && client != NULL);
- configure_handshake_ssl(server, client, test_ctx);
+ configure_handshake_ssl(server, client, extra);
if (session_in != NULL) {
/* In case we're testing resumption without tickets. */
OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in));
SSL_SESSION *session = NULL;
result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
- test_ctx, NULL, &session);
+ &test_ctx->extra, NULL, &session);
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE)
goto end;
HANDSHAKE_RESULT_free(result);
/* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
- test_ctx, session, NULL);
+ &test_ctx->resume_extra, session, NULL);
end:
SSL_SESSION_free(session);
return result;
VerifyMode = Peer
[test-1]
-ClientAlert = UnknownCA
+ExpectedClientAlert = UnknownCA
ExpectedResult = ClientFail
},
test => {
"ExpectedResult" => "ClientFail",
- "ClientAlert" => "UnknownCA",
+ "ExpectedClientAlert" => "UnknownCA",
},
},
);
VerifyMode = Peer
[test-20]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-21]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-22]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-23]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-25]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-26]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-27]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-28]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-29]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-30]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-31]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-32]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-39]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-40]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-41]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-42]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-44]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-45]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-46]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-47]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-48]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-49]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-50]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-51]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-52]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-53]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-54]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-58]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-59]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-60]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-61]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-63]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-64]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-65]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-66]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-67]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-68]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-69]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-70]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-71]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-72]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-73]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-74]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-75]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-77]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-78]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-79]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-80]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-82]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-83]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-84]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-85]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-86]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-87]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-88]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-89]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-90]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-91]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-92]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-93]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-94]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-115]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-116]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-117]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-118]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-120]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-121]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-122]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-123]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-124]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-125]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-126]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-127]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-134]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-135]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-136]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-137]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-139]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-140]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-141]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-142]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-143]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-144]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-145]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-146]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-147]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-148]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-149]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-153]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-154]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-155]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-156]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-158]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-159]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-160]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-161]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-162]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-163]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-164]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-165]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-166]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-167]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-168]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-169]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-170]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-172]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-173]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-174]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-175]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-177]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-178]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-179]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-180]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-181]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-182]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-183]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-184]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-185]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-186]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-187]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-188]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-189]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-191]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-192]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-193]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-194]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-196]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-197]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-198]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-199]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-200]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-201]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-202]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-203]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-210]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-211]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-212]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-213]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-215]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-216]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-217]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-218]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-219]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-220]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-221]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-222]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-223]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-224]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-225]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-229]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-230]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-231]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-232]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-234]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-235]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-236]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-237]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-238]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-239]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-240]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-241]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-242]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-243]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-244]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-245]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-246]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-248]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-249]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-250]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-251]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-253]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-254]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-255]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-256]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-257]
+ExpectedProtocol = TLSv1
ExpectedResult = Success
-Protocol = TLSv1
# ===========================================================
VerifyMode = Peer
[test-258]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-259]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-260]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-261]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-262]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-263]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-264]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-265]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-268]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-269]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-270]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-273]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-274]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-275]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-277]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-278]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-279]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-280]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-281]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-282]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-287]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-288]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-289]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-292]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-293]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-294]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-296]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-297]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-298]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-299]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-300]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-301]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-302]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-303]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-306]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-307]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-308]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-311]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-312]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-313]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-315]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-316]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-317]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-318]
+ExpectedProtocol = TLSv1.1
ExpectedResult = Success
-Protocol = TLSv1.1
# ===========================================================
VerifyMode = Peer
[test-319]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-320]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-321]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-322]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-326]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-327]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-331]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-332]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-335]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-336]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-338]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-339]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-340]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-341]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-345]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-346]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-350]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-351]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-354]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-355]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-357]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-358]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-359]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
# ===========================================================
VerifyMode = Peer
[test-360]
+ExpectedProtocol = TLSv1.2
ExpectedResult = Success
-Protocol = TLSv1.2
VerifyMode = Peer
[test-1]
-ClientAlert = HandshakeFailure
-ClientVerifyCallback = RejectAll
+ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
+client = 1-verify-custom-reject-client-extra
+
+[1-verify-custom-reject-client-extra]
+VerifyCallback = RejectAll
# ===========================================================
VerifyMode = Peer
[test-2]
-ClientVerifyCallback = AcceptAll
ExpectedResult = Success
+client = 2-verify-custom-allow-client-extra
+
+[2-verify-custom-allow-client-extra]
+VerifyCallback = AcceptAll
# ===========================================================
CipherString = DEFAULT
[test-4]
-ClientVerifyCallback = RejectAll
ExpectedResult = Success
+client = 4-noverify-ignore-custom-reject-client-extra
+
+[4-noverify-ignore-custom-reject-client-extra]
+VerifyCallback = RejectAll
# ===========================================================
CipherString = DEFAULT
[test-5]
-ClientVerifyCallback = AcceptAll
ExpectedResult = Success
+client = 5-noverify-accept-custom-allow-client-extra
+
+[5-noverify-accept-custom-allow-client-extra]
+VerifyCallback = AcceptAll
# ===========================================================
VerifyMode = Peer
[test-6]
-ClientAlert = UnknownCA
+ExpectedClientAlert = UnknownCA
ExpectedResult = ClientFail
VerifyMode = Peer
[test-7]
-ClientVerifyCallback = AcceptAll
ExpectedResult = Success
+client = 7-verify-custom-success-no-root-client-extra
+
+[7-verify-custom-success-no-root-client-extra]
+VerifyCallback = AcceptAll
# ===========================================================
VerifyMode = Peer
[test-8]
-ClientAlert = HandshakeFailure
-ClientVerifyCallback = RejectAll
+ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
+client = 8-verify-custom-fail-no-root-client-extra
+
+[8-verify-custom-fail-no-root-client-extra]
+VerifyCallback = RejectAll
{
name => "verify-custom-reject",
server => { },
- client => { },
+ client => {
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
+ },
test => {
- "ClientVerifyCallback" => "RejectAll",
"ExpectedResult" => "ClientFail",
- "ClientAlert" => "HandshakeFailure",
+ "ExpectedClientAlert" => "HandshakeFailure",
},
},
{
name => "verify-custom-allow",
server => { },
- client => { },
+ client => {
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
+ },
test => {
- "ClientVerifyCallback" => "AcceptAll",
"ExpectedResult" => "Success",
},
},
client => {
"VerifyMode" => undef,
"VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
},
test => {
- "ClientVerifyCallback" => "RejectAll",
"ExpectedResult" => "Success",
},
},
client => {
"VerifyMode" => undef,
"VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
},
test => {
- "ClientVerifyCallback" => "AcceptAll",
"ExpectedResult" => "Success",
},
},
},
test => {
"ExpectedResult" => "ClientFail",
- "ClientAlert" => "UnknownCA",
+ "ExpectedClientAlert" => "UnknownCA",
},
},
server => { },
client => {
"VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "AcceptAll",
+ },
},
test => {
- "ClientVerifyCallback" => "AcceptAll",
"ExpectedResult" => "Success"
},
},
server => { },
client => {
"VerifyCAFile" => undef,
+ extra => {
+ "VerifyCallback" => "RejectAll",
+ },
},
test => {
- "ClientVerifyCallback" => "RejectAll",
"ExpectedResult" => "ClientFail",
- "ClientAlert" => "HandshakeFailure",
+ "ExpectedClientAlert" => "HandshakeFailure",
},
},
-
-
-
);
[test-2]
ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
# ===========================================================
[test-4]
ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
# ===========================================================
[test-7]
ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
# ===========================================================
[test-9]
ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
# ===========================================================
[test-12]
ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
# ===========================================================
[test-14]
ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
# ===========================================================
[test-17]
ExpectedResult = ServerFail
-ServerAlert = HandshakeFailure
+ExpectedServerAlert = HandshakeFailure
# ===========================================================
[test-19]
ExpectedResult = ServerFail
-ServerAlert = UnknownCA
+ExpectedServerAlert = UnknownCA
},
test => {
"ExpectedResult" => "ServerFail",
- "ServerAlert" => "HandshakeFailure",
+ "ExpectedServerAlert" => "HandshakeFailure",
},
};
},
test => {
"ExpectedResult" => "ServerFail",
- "ServerAlert" => $caalert,
+ "ExpectedServerAlert" => $caalert,
},
};
}
[test-0]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
+server = 0-SNI-switch-context-server-extra
+server2 = 0-SNI-switch-context-server-extra
+client = 0-SNI-switch-context-client-extra
+
+[0-SNI-switch-context-server-extra]
ServerNameCallback = IgnoreMismatch
+[0-SNI-switch-context-client-extra]
+ServerName = server2
+
# ===========================================================
[test-1]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
+server = 1-SNI-keep-context-server-extra
+server2 = 1-SNI-keep-context-server-extra
+client = 1-SNI-keep-context-client-extra
+
+[1-SNI-keep-context-server-extra]
ServerNameCallback = IgnoreMismatch
+[1-SNI-keep-context-client-extra]
+ServerName = server1
+
# ===========================================================
[test-2]
ExpectedResult = Success
+client = 2-SNI-no-server-support-client-extra
+
+[2-SNI-no-server-support-client-extra]
ServerName = server1
[test-3]
ExpectedResult = Success
ExpectedServerName = server1
+server = 3-SNI-no-client-support-server-extra
+server2 = 3-SNI-no-client-support-server-extra
+
+[3-SNI-no-client-support-server-extra]
ServerNameCallback = IgnoreMismatch
[test-4]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = invalid
+server = 4-SNI-bad-sni-ignore-mismatch-server-extra
+server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
+client = 4-SNI-bad-sni-ignore-mismatch-client-extra
+
+[4-SNI-bad-sni-ignore-mismatch-server-extra]
ServerNameCallback = IgnoreMismatch
+[4-SNI-bad-sni-ignore-mismatch-client-extra]
+ServerName = invalid
+
# ===========================================================
[test-5]
ExpectedResult = ServerFail
-ServerAlert = UnrecognizedName
-ServerName = invalid
+ExpectedServerAlert = UnrecognizedName
+server = 5-SNI-bad-sni-reject-mismatch-server-extra
+server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
+client = 5-SNI-bad-sni-reject-mismatch-client-extra
+
+[5-SNI-bad-sni-reject-mismatch-server-extra]
ServerNameCallback = RejectMismatch
+[5-SNI-bad-sni-reject-mismatch-client-extra]
+ServerName = invalid
+
our @tests = (
{
name => "SNI-switch-context",
- server => { },
- client => { },
- test => { "ServerName" => "server2",
- "ExpectedServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
- "ExpectedResult" => "Success" },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server2",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server2",
+ "ExpectedResult" => "Success"
+ },
},
{
name => "SNI-keep-context",
- server => { },
- client => { },
- test => { "ServerName" => "server1",
- "ExpectedServerName" => "server1",
- "ServerNameCallback" => "IgnoreMismatch",
- "ExpectedResult" => "Success" },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server1",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
},
{
name => "SNI-no-server-support",
server => { },
- client => { },
- test => { "ServerName" => "server1",
- "ExpectedResult" => "Success" },
+ client => {
+ extra => {
+ "ServerName" => "server1",
+ },
+ },
+ test => { "ExpectedResult" => "Success" },
},
{
name => "SNI-no-client-support",
- server => { },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
client => { },
test => {
# We expect that the callback is still called
# to let the application decide whether they tolerate
# missing SNI (as our test callback does).
"ExpectedServerName" => "server1",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedResult" => "Success"
},
},
{
name => "SNI-bad-sni-ignore-mismatch",
- server => { },
- client => { },
- test => { "ServerName" => "invalid",
- "ExpectedServerName" => "server1",
- "ServerNameCallback" => "IgnoreMismatch",
- "ExpectedResult" => "Success" },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
},
{
name => "SNI-bad-sni-reject-mismatch",
- server => { },
- client => { },
- test => { "ServerName" => "invalid",
- "ServerNameCallback" => "RejectMismatch",
- "ExpectedResult" => "ServerFail",
- "ServerAlert" => "UnrecognizedName"},
+ server => {
+ extra => {
+ "ServerNameCallback" => "RejectMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "UnrecognizedName"
+ },
},
);
[test-0]
ExpectedResult = Success
+SessionTicketExpected = No
+server = 0-sni-session-ticket-server-extra
+client = 0-sni-session-ticket-client-extra
+
+[0-sni-session-ticket-server-extra]
+BrokenSessionTicket = Yes
+
+[0-sni-session-ticket-client-extra]
ServerName = server1
-SessionTicketExpected = Broken
# ===========================================================
[test-1]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = Yes
+server = 1-sni-session-ticket-server-extra
+client = 1-sni-session-ticket-client-extra
+
+[1-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[1-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-2]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = Yes
+server = 2-sni-session-ticket-server-extra
+client = 2-sni-session-ticket-client-extra
+
+[2-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[2-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-3]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = Yes
+server = 3-sni-session-ticket-server-extra
+client = 3-sni-session-ticket-client-extra
+
+[3-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[3-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-4]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 4-sni-session-ticket-server-extra
+client = 4-sni-session-ticket-client-extra
+
+[4-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[4-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-5]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 5-sni-session-ticket-server-extra
+client = 5-sni-session-ticket-client-extra
+
+[5-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[5-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-6]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 6-sni-session-ticket-server-extra
+client = 6-sni-session-ticket-client-extra
+
+[6-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[6-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-7]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 7-sni-session-ticket-server-extra
+client = 7-sni-session-ticket-client-extra
+
+[7-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[7-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-8]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 8-sni-session-ticket-server-extra
+client = 8-sni-session-ticket-client-extra
+
+[8-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-9]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 9-sni-session-ticket-server-extra
+client = 9-sni-session-ticket-client-extra
+
+[9-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[9-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-10]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 10-sni-session-ticket-server-extra
+client = 10-sni-session-ticket-client-extra
+
+[10-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[10-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-11]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 11-sni-session-ticket-server-extra
+client = 11-sni-session-ticket-client-extra
+
+[11-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[11-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-12]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 12-sni-session-ticket-server-extra
+client = 12-sni-session-ticket-client-extra
+
+[12-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[12-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-13]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 13-sni-session-ticket-server-extra
+client = 13-sni-session-ticket-client-extra
+
+[13-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[13-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-14]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 14-sni-session-ticket-server-extra
+client = 14-sni-session-ticket-client-extra
+
+[14-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[14-sni-session-ticket-client-extra]
+ServerName = server2
# ===========================================================
[test-15]
ExpectedResult = Success
ExpectedServerName = server1
-ServerName = server1
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 15-sni-session-ticket-server-extra
+client = 15-sni-session-ticket-client-extra
+
+[15-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[15-sni-session-ticket-client-extra]
+ServerName = server1
# ===========================================================
[test-16]
ExpectedResult = Success
ExpectedServerName = server2
-ServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = No
+server = 16-sni-session-ticket-server-extra
+client = 16-sni-session-ticket-client-extra
+
+[16-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[16-sni-session-ticket-client-extra]
+ServerName = server2
"name" => "sni-session-ticket",
"client" => {
"Options" => $c,
+ "extra" => {
+ "ServerName" => $n,
+ },
},
"server" => {
"Options" => $s1,
+ "extra" => {
+ # We don't test mismatch here.
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
},
"server2" => {
"Options" => $s2,
},
"test" => {
- "ServerName" => $n,
"ExpectedServerName" => $n,
- # We don't test mismatch here.
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedResult" => "Success",
"SessionTicketExpected" => $result,
}
"name" => "sni-session-ticket",
"client" => {
"Options" => "SessionTicket",
+ "extra" => {
+ "ServerName" => "server1",
+ }
},
"server" => {
"Options" => "SessionTicket",
+ "extra" => {
+ "BrokenSessionTicket" => "Yes",
+ },
},
"server2" => {
"Options" => "SessionTicket",
},
"test" => {
- "ServerName" => "server1",
"ExpectedResult" => "Success",
- "SessionTicketExpected" => "Broken",
+ "SessionTicketExpected" => "No",
}
};
VerifyMode = Peer
[test-0]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-1]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-2]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-3]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-4]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-5]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-8]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-9]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-10]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-11]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-12]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-13]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-14]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-15]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-16]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-17]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-18]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-19]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-20]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-21]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-22]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-23]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-24]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-25]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-26]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-27]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-28]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-29]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-32]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-33]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-34]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-35]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-36]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-37]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-38]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-39]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-40]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-41]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-42]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-43]
+ExpectedProtocol = DTLSv1
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1
# ===========================================================
VerifyMode = Peer
[test-44]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-45]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-46]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-47]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-49]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-50]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-52]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-53]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-54]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-55]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-57]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-58]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-60]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-61]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-62]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
# ===========================================================
VerifyMode = Peer
[test-63]
+ExpectedProtocol = DTLSv1.2
ExpectedResult = Success
Method = DTLS
-Protocol = DTLSv1.2
VerifyMode = Peer
[test-0]
-ClientNPNProtocols = foo
ExpectedNPNProtocol = foo
-ServerNPNProtocols = foo
+server = 0-npn-simple-server-extra
+client = 0-npn-simple-client-extra
+
+[0-npn-simple-server-extra]
+NPNProtocols = foo
+
+[0-npn-simple-client-extra]
+NPNProtocols = foo
# ===========================================================
VerifyMode = Peer
[test-1]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = bar
-ServerNPNProtocols = baz,bar
+server = 1-npn-client-finds-match-server-extra
+client = 1-npn-client-finds-match-client-extra
+
+[1-npn-client-finds-match-server-extra]
+NPNProtocols = baz,bar
+
+[1-npn-client-finds-match-client-extra]
+NPNProtocols = foo,bar
# ===========================================================
VerifyMode = Peer
[test-2]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = bar
-ServerNPNProtocols = bar,foo
+server = 2-npn-client-honours-server-pref-server-extra
+client = 2-npn-client-honours-server-pref-client-extra
+
+[2-npn-client-honours-server-pref-server-extra]
+NPNProtocols = bar,foo
+
+[2-npn-client-honours-server-pref-client-extra]
+NPNProtocols = foo,bar
# ===========================================================
VerifyMode = Peer
[test-3]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = foo
-ServerNPNProtocols = baz
+server = 3-npn-client-first-pref-on-mismatch-server-extra
+client = 3-npn-client-first-pref-on-mismatch-client-extra
+
+[3-npn-client-first-pref-on-mismatch-server-extra]
+NPNProtocols = baz
+
+[3-npn-client-first-pref-on-mismatch-client-extra]
+NPNProtocols = foo,bar
# ===========================================================
VerifyMode = Peer
[test-4]
-ClientNPNProtocols = foo
+client = 4-npn-no-server-support-client-extra
+
+[4-npn-no-server-support-client-extra]
+NPNProtocols = foo
# ===========================================================
VerifyMode = Peer
[test-5]
-ServerNPNProtocols = foo
+server = 5-npn-no-client-support-server-extra
+
+[5-npn-no-client-support-server-extra]
+NPNProtocols = foo
# ===========================================================
VerifyMode = Peer
[test-6]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = foo
ExpectedServerName = server1
-Server2NPNProtocols = bar
-ServerNPNProtocols = foo
-ServerName = server1
+server = 6-npn-with-sni-no-context-switch-server-extra
+server2 = 6-npn-with-sni-no-context-switch-server2-extra
+client = 6-npn-with-sni-no-context-switch-client-extra
+
+[6-npn-with-sni-no-context-switch-server-extra]
+NPNProtocols = foo
ServerNameCallback = IgnoreMismatch
+[6-npn-with-sni-no-context-switch-server2-extra]
+NPNProtocols = bar
+
+[6-npn-with-sni-no-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server1
+
# ===========================================================
VerifyMode = Peer
[test-7]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = bar
ExpectedServerName = server2
-Server2NPNProtocols = bar
-ServerNPNProtocols = foo
-ServerName = server2
+server = 7-npn-with-sni-context-switch-server-extra
+server2 = 7-npn-with-sni-context-switch-server2-extra
+client = 7-npn-with-sni-context-switch-client-extra
+
+[7-npn-with-sni-context-switch-server-extra]
+NPNProtocols = foo
ServerNameCallback = IgnoreMismatch
+[7-npn-with-sni-context-switch-server2-extra]
+NPNProtocols = bar
+
+[7-npn-with-sni-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
# ===========================================================
VerifyMode = Peer
[test-8]
-ClientNPNProtocols = foo,bar
ExpectedNPNProtocol = bar
ExpectedServerName = server2
-Server2NPNProtocols = bar
-ServerName = server2
+server = 8-npn-selected-sni-server-supports-npn-server-extra
+server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
+client = 8-npn-selected-sni-server-supports-npn-client-extra
+
+[8-npn-selected-sni-server-supports-npn-server-extra]
ServerNameCallback = IgnoreMismatch
+[8-npn-selected-sni-server-supports-npn-server2-extra]
+NPNProtocols = bar
+
+[8-npn-selected-sni-server-supports-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
# ===========================================================
VerifyMode = Peer
[test-9]
-ClientNPNProtocols = foo,bar
ExpectedServerName = server2
-ServerNPNProtocols = foo
-ServerName = server2
+server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
+client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
+
+[9-npn-selected-sni-server-does-not-support-npn-server-extra]
+NPNProtocols = bar
ServerNameCallback = IgnoreMismatch
+[9-npn-selected-sni-server-does-not-support-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
# ===========================================================
VerifyMode = Peer
[test-10]
-ClientALPNProtocols = foo
-ClientNPNProtocols = bar
ExpectedALPNProtocol = foo
-ServerALPNProtocols = foo
-ServerNPNProtocols = bar
+server = 10-alpn-preferred-over-npn-server-extra
+client = 10-alpn-preferred-over-npn-client-extra
+
+[10-alpn-preferred-over-npn-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[10-alpn-preferred-over-npn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
# ===========================================================
VerifyMode = Peer
[test-11]
-ClientALPNProtocols = foo
-ClientNPNProtocols = bar
ExpectedNPNProtocol = bar
ExpectedServerName = server2
-Server2NPNProtocols = bar
-ServerALPNProtocols = foo
-ServerName = server2
+server = 11-sni-npn-preferred-over-alpn-server-extra
+server2 = 11-sni-npn-preferred-over-alpn-server2-extra
+client = 11-sni-npn-preferred-over-alpn-client-extra
+
+[11-sni-npn-preferred-over-alpn-server-extra]
+ALPNProtocols = foo
ServerNameCallback = IgnoreMismatch
+[11-sni-npn-preferred-over-alpn-server2-extra]
+NPNProtocols = bar
+
+[11-sni-npn-preferred-over-alpn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+ServerName = server2
+
our @tests = (
{
name => "npn-simple",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo",
- "ServerNPNProtocols" => "foo",
"ExpectedNPNProtocol" => "foo",
},
},
{
name => "npn-client-finds-match",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "baz,bar",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "baz,bar",
"ExpectedNPNProtocol" => "bar",
},
},
{
name => "npn-client-honours-server-pref",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "bar,foo",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "bar,foo",
"ExpectedNPNProtocol" => "bar",
},
},
{
name => "npn-client-first-pref-on-mismatch",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "baz",
"ExpectedNPNProtocol" => "foo",
},
},
{
name => "npn-no-server-support",
server => { },
- client => { },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo",
"ExpectedNPNProtocol" => undef,
},
},
{
name => "npn-no-client-support",
- server => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ },
+ },
client => { },
test => {
- "ServerNPNProtocols" => "foo",
"ExpectedNPNProtocol" => undef,
},
},
{
name => "npn-with-sni-no-context-switch",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ "ServerName" => "server1",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "foo",
- "Server2NPNProtocols" => "bar",
- "ServerName" => "server1",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server1",
"ExpectedNPNProtocol" => "foo",
},
},
{
name => "npn-with-sni-context-switch",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "foo",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "foo",
- "Server2NPNProtocols" => "bar",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedNPNProtocol" => "bar",
},
},
{
name => "npn-selected-sni-server-supports-npn",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "Server2NPNProtocols" => "bar",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedNPNProtocol" => "bar",
},
},
{
name => "npn-selected-sni-server-does-not-support-npn",
- server => { },
+ server => {
+ extra => {
+ "NPNProtocols" => "bar",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
server2 => { },
- client => { },
+ client => {
+ extra => {
+ "NPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientNPNProtocols" => "foo,bar",
- "ServerNPNProtocols" => "foo",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedNPNProtocol" => undef,
},
},
{
name => "alpn-preferred-over-npn",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo",
- "ClientNPNProtocols" => "bar",
- "ServerALPNProtocols" => "foo",
- "ServerNPNProtocols" => "bar",
"ExpectedALPNProtocol" => "foo",
"ExpectedNPNProtocol" => undef,
},
},
{
name => "sni-npn-preferred-over-alpn",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ "ALPNProtocols" => "foo",
+ },
+ },
+ server2 => {
+ extra => {
+ "NPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server2",
+ "ALPNProtocols" => "foo",
+ "NPNProtocols" => "bar",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo",
- "ClientNPNProtocols" => "bar",
- "ServerALPNProtocols" => "foo",
- "Server2NPNProtocols" => "bar",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
- "ExpectedServerName" => "server2",
"ExpectedALPNProtocol" => undef,
"ExpectedNPNProtocol" => "bar",
+ "ExpectedServerName" => "server2",
},
},
);
num_tests = 10
test-0 = 0-alpn-simple
-test-1 = 1-alpn-client-finds-match
-test-2 = 2-alpn-client-honours-server-pref
+test-1 = 1-alpn-server-finds-match
+test-2 = 2-alpn-server-honours-server-pref
test-3 = 3-alpn-alert-on-mismatch
test-4 = 4-alpn-no-server-support
test-5 = 5-alpn-no-client-support
VerifyMode = Peer
[test-0]
-ClientALPNProtocols = foo
ExpectedALPNProtocol = foo
-ServerALPNProtocols = foo
+server = 0-alpn-simple-server-extra
+client = 0-alpn-simple-client-extra
+
+[0-alpn-simple-server-extra]
+ALPNProtocols = foo
+
+[0-alpn-simple-client-extra]
+ALPNProtocols = foo
# ===========================================================
-[1-alpn-client-finds-match]
-ssl_conf = 1-alpn-client-finds-match-ssl
+[1-alpn-server-finds-match]
+ssl_conf = 1-alpn-server-finds-match-ssl
-[1-alpn-client-finds-match-ssl]
-server = 1-alpn-client-finds-match-server
-client = 1-alpn-client-finds-match-client
+[1-alpn-server-finds-match-ssl]
+server = 1-alpn-server-finds-match-server
+client = 1-alpn-server-finds-match-client
-[1-alpn-client-finds-match-server]
+[1-alpn-server-finds-match-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-alpn-client-finds-match-client]
+[1-alpn-server-finds-match-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-1]
-ClientALPNProtocols = foo,bar
ExpectedALPNProtocol = bar
-ServerALPNProtocols = baz,bar
+server = 1-alpn-server-finds-match-server-extra
+client = 1-alpn-server-finds-match-client-extra
+
+[1-alpn-server-finds-match-server-extra]
+ALPNProtocols = baz,bar
+
+[1-alpn-server-finds-match-client-extra]
+ALPNProtocols = foo,bar
# ===========================================================
-[2-alpn-client-honours-server-pref]
-ssl_conf = 2-alpn-client-honours-server-pref-ssl
+[2-alpn-server-honours-server-pref]
+ssl_conf = 2-alpn-server-honours-server-pref-ssl
-[2-alpn-client-honours-server-pref-ssl]
-server = 2-alpn-client-honours-server-pref-server
-client = 2-alpn-client-honours-server-pref-client
+[2-alpn-server-honours-server-pref-ssl]
+server = 2-alpn-server-honours-server-pref-server
+client = 2-alpn-server-honours-server-pref-client
-[2-alpn-client-honours-server-pref-server]
+[2-alpn-server-honours-server-pref-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[2-alpn-client-honours-server-pref-client]
+[2-alpn-server-honours-server-pref-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-2]
-ClientALPNProtocols = foo,bar
ExpectedALPNProtocol = bar
-ServerALPNProtocols = bar,foo
+server = 2-alpn-server-honours-server-pref-server-extra
+client = 2-alpn-server-honours-server-pref-client-extra
+
+[2-alpn-server-honours-server-pref-server-extra]
+ALPNProtocols = bar,foo
+
+[2-alpn-server-honours-server-pref-client-extra]
+ALPNProtocols = foo,bar
# ===========================================================
VerifyMode = Peer
[test-3]
-ClientALPNProtocols = foo,bar
ExpectedResult = ServerFail
-ServerALPNProtocols = baz
-ServerAlert = NoApplicationProtocol
+ExpectedServerAlert = NoApplicationProtocol
+server = 3-alpn-alert-on-mismatch-server-extra
+client = 3-alpn-alert-on-mismatch-client-extra
+
+[3-alpn-alert-on-mismatch-server-extra]
+ALPNProtocols = baz
+
+[3-alpn-alert-on-mismatch-client-extra]
+ALPNProtocols = foo,bar
# ===========================================================
VerifyMode = Peer
[test-4]
-ClientALPNProtocols = foo
+client = 4-alpn-no-server-support-client-extra
+
+[4-alpn-no-server-support-client-extra]
+ALPNProtocols = foo
# ===========================================================
VerifyMode = Peer
[test-5]
-ServerALPNProtocols = foo
+server = 5-alpn-no-client-support-server-extra
+
+[5-alpn-no-client-support-server-extra]
+ALPNProtocols = foo
# ===========================================================
VerifyMode = Peer
[test-6]
-ClientALPNProtocols = foo,bar
ExpectedALPNProtocol = foo
ExpectedServerName = server1
-Server2ALPNProtocols = bar
-ServerALPNProtocols = foo
-ServerName = server1
+server = 6-alpn-with-sni-no-context-switch-server-extra
+server2 = 6-alpn-with-sni-no-context-switch-server2-extra
+client = 6-alpn-with-sni-no-context-switch-client-extra
+
+[6-alpn-with-sni-no-context-switch-server-extra]
+ALPNProtocols = foo
ServerNameCallback = IgnoreMismatch
+[6-alpn-with-sni-no-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[6-alpn-with-sni-no-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server1
+
# ===========================================================
VerifyMode = Peer
[test-7]
-ClientALPNProtocols = foo,bar
ExpectedALPNProtocol = bar
ExpectedServerName = server2
-Server2ALPNProtocols = bar
-ServerALPNProtocols = foo
-ServerName = server2
+server = 7-alpn-with-sni-context-switch-server-extra
+server2 = 7-alpn-with-sni-context-switch-server2-extra
+client = 7-alpn-with-sni-context-switch-client-extra
+
+[7-alpn-with-sni-context-switch-server-extra]
+ALPNProtocols = foo
ServerNameCallback = IgnoreMismatch
+[7-alpn-with-sni-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[7-alpn-with-sni-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
# ===========================================================
VerifyMode = Peer
[test-8]
-ClientALPNProtocols = foo,bar
ExpectedALPNProtocol = bar
ExpectedServerName = server2
-Server2ALPNProtocols = bar
-ServerName = server2
+server = 8-alpn-selected-sni-server-supports-alpn-server-extra
+server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra
+client = 8-alpn-selected-sni-server-supports-alpn-client-extra
+
+[8-alpn-selected-sni-server-supports-alpn-server-extra]
ServerNameCallback = IgnoreMismatch
+[8-alpn-selected-sni-server-supports-alpn-server2-extra]
+ALPNProtocols = bar
+
+[8-alpn-selected-sni-server-supports-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
# ===========================================================
VerifyMode = Peer
[test-9]
-ClientALPNProtocols = foo,bar
ExpectedServerName = server2
-ServerALPNProtocols = foo
-ServerName = server2
+server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra
+client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server-extra]
+ALPNProtocols = bar
ServerNameCallback = IgnoreMismatch
+[9-alpn-selected-sni-server-does-not-support-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
our @tests = (
{
name => "alpn-simple",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo",
- "ServerALPNProtocols" => "foo",
"ExpectedALPNProtocol" => "foo",
},
},
{
- name => "alpn-client-finds-match",
- server => { },
- client => { },
+ name => "alpn-server-finds-match",
+ server => {
+ extra => {
+ "ALPNProtocols" => "baz,bar",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "baz,bar",
"ExpectedALPNProtocol" => "bar",
},
},
{
- name => "alpn-client-honours-server-pref",
- server => { },
- client => { },
+ name => "alpn-server-honours-server-pref",
+ server => {
+ extra => {
+ "ALPNProtocols" => "bar,foo",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "bar,foo",
"ExpectedALPNProtocol" => "bar",
},
},
{
name => "alpn-alert-on-mismatch",
- server => { },
- client => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "baz",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "baz",
"ExpectedResult" => "ServerFail",
- "ServerAlert" => "NoApplicationProtocol",
+ "ExpectedServerAlert" => "NoApplicationProtocol",
},
},
{
name => "alpn-no-server-support",
server => { },
- client => { },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo",
"ExpectedALPNProtocol" => undef,
},
},
{
name => "alpn-no-client-support",
- server => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ },
+ },
client => { },
test => {
- "ServerALPNProtocols" => "foo",
"ExpectedALPNProtocol" => undef,
},
},
{
name => "alpn-with-sni-no-context-switch",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "ALPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ "ServerName" => "server1",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "foo",
- "Server2ALPNProtocols" => "bar",
- "ServerName" => "server1",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server1",
"ExpectedALPNProtocol" => "foo",
},
},
{
name => "alpn-with-sni-context-switch",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "foo",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "ALPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "foo",
- "Server2ALPNProtocols" => "bar",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedALPNProtocol" => "bar",
},
},
{
name => "alpn-selected-sni-server-supports-alpn",
- server => { },
- server2 => { },
- client => { },
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ server2 => {
+ extra => {
+ "ALPNProtocols" => "bar",
+ },
+ },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "Server2ALPNProtocols" => "bar",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedALPNProtocol" => "bar",
},
},
{
name => "alpn-selected-sni-server-does-not-support-alpn",
- server => { },
+ server => {
+ extra => {
+ "ALPNProtocols" => "bar",
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
server2 => { },
- client => { },
+ client => {
+ extra => {
+ "ALPNProtocols" => "foo,bar",
+ "ServerName" => "server2",
+ },
+ },
test => {
- "ClientALPNProtocols" => "foo,bar",
- "ServerALPNProtocols" => "foo",
- "ServerName" => "server2",
- "ServerNameCallback" => "IgnoreMismatch",
"ExpectedServerName" => "server2",
"ExpectedALPNProtocol" => undef,
},
VerifyMode = Peer
[test-0]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-1]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-2]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-3]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-4]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-5]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-6]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-7]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-8]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = Yes
VerifyMode = Peer
[test-9]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = Yes
VerifyMode = Peer
[test-10]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-11]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-12]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-13]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-14]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-15]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-16]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-17]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-18]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-19]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-20]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-21]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-22]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-23]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-24]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-25]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-26]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = Yes
VerifyMode = Peer
[test-27]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = Yes
VerifyMode = Peer
[test-28]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-29]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-30]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-31]
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-Protocol = TLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-32]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-33]
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-Protocol = TLSv1.1
ResumptionExpected = No
VerifyMode = Peer
[test-34]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-35]
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-Protocol = TLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-0]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-1]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-2]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-3]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-4]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-5]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-6]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-7]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-8]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-9]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = Yes
VerifyMode = Peer
[test-10]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-11]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = No
VerifyMode = Peer
[test-12]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-13]
+ExpectedProtocol = DTLSv1
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1
ResumptionExpected = No
VerifyMode = Peer
[test-14]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = Yes
VerifyMode = Peer
[test-15]
+ExpectedProtocol = DTLSv1.2
HandshakeMode = Resume
Method = DTLS
-Protocol = DTLSv1.2
ResumptionExpected = Yes
},
"test" => {
"ExpectedResult" => $result,
- "Protocol" => $protocol,
+ "ExpectedProtocol" => $protocol,
"Method" => $method,
}
};
"MaxProtocol" => $protocols[$resume_protocol],
},
"test" => {
- "Protocol" => $protocols[$resume_protocol],
+ "ExpectedProtocol" => $protocols[$resume_protocol],
"Method" => $method,
"HandshakeMode" => "Resume",
"ResumptionExpected" => $resumption_expected,
"MaxProtocol" => $protocols[$resume_protocol],
},
"test" => {
- "Protocol" => $protocols[$resume_protocol],
+ "ExpectedProtocol" => $protocols[$resume_protocol],
"Method" => $method,
"HandshakeMode" => "Resume",
"ResumptionExpected" => $resumption_expected,
}
/* Tolerate an alert if one wasn't explicitly specified in the test. */
- if (test_ctx->client_alert
+ if (test_ctx->expected_client_alert
/*
* The info callback alert value is computed as
* (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
* where the low byte is the alert code and the high byte is other stuff.
*/
- && (result->client_alert_sent & 0xff) != test_ctx->client_alert) {
+ && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
- print_alert(test_ctx->client_alert),
+ print_alert(test_ctx->expected_client_alert),
print_alert(result->client_alert_sent));
return 0;
}
- if (test_ctx->server_alert
- && (result->server_alert_sent & 0xff) != test_ctx->server_alert) {
+ if (test_ctx->expected_server_alert
+ && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
- print_alert(test_ctx->server_alert),
+ print_alert(test_ctx->expected_server_alert),
print_alert(result->server_alert_sent));
return 0;
}
return 0;
}
- if (test_ctx->protocol) {
- if (result->client_protocol != test_ctx->protocol) {
+ if (test_ctx->expected_protocol) {
+ if (result->client_protocol != test_ctx->expected_protocol) {
fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
- ssl_protocol_name(test_ctx->protocol),
+ ssl_protocol_name(test_ctx->expected_protocol),
ssl_protocol_name(result->client_protocol));
return 0;
}
{
if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
return 1;
- if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN &&
- result->session_ticket == SSL_TEST_SESSION_TICKET_NO)
- return 1;
if (result->session_ticket != test_ctx->session_ticket_expected) {
fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
ssl_session_ticket_name(test_ctx->session_ticket_expected),
#ifndef OPENSSL_NO_DTLS
if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
server_ctx = SSL_CTX_new(DTLS_server_method());
- if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
+ if (test_ctx->extra.server.servername_callback !=
+ SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(DTLS_server_method());
OPENSSL_assert(server2_ctx != NULL);
}
#endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method());
- if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
+ /* SNI on resumption isn't supported/tested yet. */
+ if (test_ctx->extra.server.servername_callback !=
+ SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
OPENSSL_assert(server2_ctx != NULL);
}
[{-$testname-}-server]
{-
foreach my $key (sort keys %server) {
+ # Emitted in the test section.
+ next if ($key eq "extra");
$OUT .= qq{$key} . " = " . qq{$server{$key}\n} if defined $server{$key};
}
if (%server2) {
$OUT .= "\n[$testname-server2]\n";
foreach my $key (sort keys %server2) {
+ next if ($key eq "extra");
$OUT .= qq{$key} . " = " . qq{$server2{$key}\n} if defined $server2{$key};
}
}
if (%resume_server) {
$OUT .= "\n[$testname-resume-server]\n";
foreach my $key (sort keys %resume_server) {
+ next if ($key eq "extra");
$OUT .= qq{$key} . " = " . qq{$resume_server{$key}\n} if defined $resume_server{$key};
}
}
[{-$testname-}-client]
{-
foreach my $key (sort keys %client) {
+ next if ($key eq "extra");
$OUT .= qq{$key} . " = " . qq{$client{$key}\n} if defined $client{$key};
}
if (%resume_client) {
$OUT .= "\n[$testname-resume-client]\n";
foreach my $key (sort keys %resume_client) {
+ next if ($key eq "extra");
$OUT .= qq{$key} . " = " . qq{$resume_client{$key}\n} if defined $resume_client{$key};
}
}
foreach my $key (sort keys %test) {
$OUT .= qq{$key} ." = " . qq{$test{$key}\n} if defined $test{$key};
}
+
+ # The extra server/client configuration sections.
+ if ($server{"extra"}) {
+ $OUT .= "server = $testname-server-extra\n";
+ }
+ if (%server2 && $server2{"extra"}) {
+ $OUT .= "server2 = $testname-server2-extra\n";
+ } elsif ($reuse_server2 && $server{"extra"}) {
+ $OUT .= "server2 = $testname-server-extra\n";
+ }
+ if (%resume_server && $resume_server{"extra"}) {
+ $OUT .= "resume-server = $testname-resume-server-extra\n";
+ } elsif ($reuse_resume_server && $server{"extra"}) {
+ $OUT .= "resume-server = $testname-server-extra\n";
+ }
+ if ($client{"extra"}) {
+ $OUT .= "client = $testname-client-extra\n";
+ }
+ if (%resume_client && $resume_client{"extra"}) {
+ $OUT .= "resume-client = $testname-resume-client-extra\n";
+ } elsif ($reuse_resume_client && $client{"extra"}) {
+ $OUT .= "client = $testname-client-extra\n";
+ }
+
+ if ($server{"extra"}) {
+ $OUT .= "\n[$testname-server-extra]\n";
+ foreach my $key (sort keys $server{"extra"}) {
+ $OUT .= qq{$key} . " = " . qq{$server{"extra"}{$key}\n}
+ if defined $server{"extra"}{$key};
+ }
+ }
+ if (%server2 && $server2{"extra"}) {
+ $OUT .= "\n[$testname-server2-extra]\n";
+ foreach my $key (sort keys $server2{"extra"}) {
+ $OUT .= qq{$key} . " = " . qq{$server2{"extra"}{$key}\n}
+ if defined $server2{"extra"}{$key};
+ }
+ }
+ if (%resume_server && $resume_server{"extra"}) {
+ $OUT .= "\n[$testname-resume-server-extra]\n";
+ foreach my $key (sort keys $resume_server{"extra"}) {
+ $OUT .= qq{$key} . " = " . qq{$resume_server{"extra"}{$key}\n}
+ if defined $resume_server{"extra"}{$key};
+ }
+ }
+ if ($client{"extra"}) {
+ $OUT .= "\n[$testname-client-extra]\n";
+ foreach my $key (sort keys $client{"extra"}) {
+ $OUT .= qq{$key} . " = " . qq{$client{"extra"}{$key}\n}
+ if defined $client{"extra"}{$key};
+ }
+ }
+ if (%resume_client && $resume_client{"extra"}) {
+ $OUT .= "\n[$testname-resume-client-extra]\n";
+ foreach my $key (sort keys $resume_client{"extra"}) {
+ $OUT .= qq{$key} . " = " . qq{$resume_client{"extra"}{$key}\n}
+ if defined $resume_client{"extra"}{$key};
+ }
+ }
-}
return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
}
-/******************************/
-/* ClientAlert / ServerAlert. */
-/******************************/
+/**********************************************/
+/* ExpectedClientAlert / ExpectedServerAlert. */
+/**********************************************/
static const test_enum ssl_alerts[] = {
{"UnknownCA", SSL_AD_UNKNOWN_CA},
__owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
{
- return parse_alert(&test_ctx->client_alert, value);
+ return parse_alert(&test_ctx->expected_client_alert, value);
}
__owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
{
- return parse_alert(&test_ctx->server_alert, value);
+ return parse_alert(&test_ctx->expected_server_alert, value);
}
const char *ssl_alert_name(int alert)
return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
}
-/************/
-/* Protocol */
-/************/
+/********************/
+/* ExpectedProtocol */
+/********************/
static const test_enum ssl_protocols[] = {
{"TLSv1.2", TLS1_2_VERSION},
__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
{
return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
- &test_ctx->protocol, value);
+ &test_ctx->expected_protocol, value);
}
const char *ssl_protocol_name(int protocol)
}
/***********************/
-/* CertVerifyCallback. */
+/* VerifyCallback. */
/***********************/
static const test_enum ssl_verify_callbacks[] = {
{"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
};
-__owur static int parse_client_verify_callback(SSL_TEST_CTX *test_ctx,
+__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
const char *value)
{
int ret_value;
&ret_value, value)) {
return 0;
}
- test_ctx->client_verify_callback = ret_value;
+ client_conf->verify_callback = ret_value;
return 1;
}
{"invalid", SSL_TEST_SERVERNAME_INVALID},
};
-__owur static int parse_servername(SSL_TEST_CTX *test_ctx,
+__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
const char *value)
{
int ret_value;
&ret_value, value)) {
return 0;
}
- test_ctx->servername = ret_value;
+ client_conf->servername = ret_value;
return 1;
}
server);
}
-/***********************/
-/* ServerNameCallback. */
-/***********************/
+/**********************/
+/* ServerNameCallback */
+/**********************/
static const test_enum ssl_servername_callbacks[] = {
{"None", SSL_TEST_SERVERNAME_CB_NONE},
{"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
};
-__owur static int parse_servername_callback(SSL_TEST_CTX *test_ctx,
- const char *value)
+__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
+ const char *value)
{
int ret_value;
if (!parse_enum(ssl_servername_callbacks,
OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
return 0;
}
- test_ctx->servername_callback = ret_value;
+ server_conf->servername_callback = ret_value;
return 1;
}
{"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
{"Yes", SSL_TEST_SESSION_TICKET_YES},
{"No", SSL_TEST_SESSION_TICKET_NO},
- {"Broken", SSL_TEST_SESSION_TICKET_BROKEN},
};
__owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
}
/***********************/
-/* Method. */
+/* Method */
/***********************/
static const test_enum ssl_test_methods[] = {
return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
}
-#define IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(field) \
- static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
+#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
+ static int parse_##name##_##field(struct_type *ctx, const char *value) \
{ \
- OPENSSL_free(test_ctx->field); \
- test_ctx->field = OPENSSL_strdup(value); \
- OPENSSL_assert(test_ctx->field != NULL); \
+ OPENSSL_free(ctx->field); \
+ ctx->field = OPENSSL_strdup(value); \
+ OPENSSL_assert(ctx->field != NULL); \
return 1; \
}
/* NPN and ALPN options */
/************************************/
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_npn_protocol)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_alpn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
-IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
/***********************/
/* Handshake mode */
return 0;
}
-#define IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(field) \
- static int parse_##field(SSL_TEST_CTX *test_ctx, const char *value) \
+#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
+ static int parse_##name##_##field(struct_type *ctx, const char *value) \
{ \
- return parse_boolean(value, &test_ctx->field); \
+ return parse_boolean(value, &ctx->field); \
}
-IMPLEMENT_SSL_TEST_CTX_BOOL_OPTION(resumption_expected)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
/*************************************************************/
/* Known test options and their corresponding parse methods. */
/*************************************************************/
+/* Top-level options. */
typedef struct {
const char *name;
int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
static const ssl_test_ctx_option ssl_test_ctx_options[] = {
{ "ExpectedResult", &parse_expected_result },
- { "ClientAlert", &parse_client_alert },
- { "ServerAlert", &parse_server_alert },
- { "Protocol", &parse_protocol },
- { "ClientVerifyCallback", &parse_client_verify_callback },
- { "ServerName", &parse_servername },
+ { "ExpectedClientAlert", &parse_client_alert },
+ { "ExpectedServerAlert", &parse_server_alert },
+ { "ExpectedProtocol", &parse_protocol },
{ "ExpectedServerName", &parse_expected_servername },
- { "ServerNameCallback", &parse_servername_callback },
{ "SessionTicketExpected", &parse_session_ticket },
{ "Method", &parse_test_method },
- { "ClientNPNProtocols", &parse_client_npn_protocols },
- { "ServerNPNProtocols", &parse_server_npn_protocols },
- { "Server2NPNProtocols", &parse_server2_npn_protocols },
- { "ExpectedNPNProtocol", &parse_expected_npn_protocol },
- { "ClientALPNProtocols", &parse_client_alpn_protocols },
- { "ServerALPNProtocols", &parse_server_alpn_protocols },
- { "Server2ALPNProtocols", &parse_server2_alpn_protocols },
- { "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
+ { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
+ { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
{ "HandshakeMode", &parse_handshake_mode },
- { "ResumptionExpected", &parse_resumption_expected },
+ { "ResumptionExpected", &parse_test_resumption_expected },
+};
+
+/* Nested client options. */
+typedef struct {
+ const char *name;
+ int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
+} ssl_test_client_option;
+
+static const ssl_test_client_option ssl_test_client_options[] = {
+ { "VerifyCallback", &parse_client_verify_callback },
+ { "ServerName", &parse_servername },
+ { "NPNProtocols", &parse_client_npn_protocols },
+ { "ALPNProtocols", &parse_client_alpn_protocols },
+};
+
+/* Nested server options. */
+typedef struct {
+ const char *name;
+ int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
+} ssl_test_server_option;
+
+static const ssl_test_server_option ssl_test_server_options[] = {
+ { "ServerNameCallback", &parse_servername_callback },
+ { "NPNProtocols", &parse_server_npn_protocols },
+ { "ALPNProtocols", &parse_server_alpn_protocols },
+ { "BrokenSessionTicket", &parse_server_broken_session_ticket },
};
/*
return ret;
}
-void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
+static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
+{
+ OPENSSL_free(conf->client.npn_protocols);
+ OPENSSL_free(conf->server.npn_protocols);
+ OPENSSL_free(conf->server2.npn_protocols);
+ OPENSSL_free(conf->client.alpn_protocols);
+ OPENSSL_free(conf->server.alpn_protocols);
+ OPENSSL_free(conf->server2.alpn_protocols);
+}
+
+static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
{
+ ssl_test_extra_conf_free_data(&ctx->extra);
+ ssl_test_extra_conf_free_data(&ctx->resume_extra);
+}
-#ifndef OPENSSL_NO_NEXTPROTONEG
- OPENSSL_free(ctx->client_npn_protocols);
- OPENSSL_free(ctx->server_npn_protocols);
- OPENSSL_free(ctx->server2_npn_protocols);
- OPENSSL_free(ctx->client_alpn_protocols);
- OPENSSL_free(ctx->server_alpn_protocols);
- OPENSSL_free(ctx->server2_alpn_protocols);
+void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
+{
+ ssl_test_ctx_free_extra_data(ctx);
OPENSSL_free(ctx->expected_npn_protocol);
OPENSSL_free(ctx->expected_alpn_protocol);
-#endif
OPENSSL_free(ctx);
}
-SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
+static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
+ const char *client_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
- SSL_TEST_CTX *ctx;
int i;
size_t j;
- sk_conf = NCONF_get_section(conf, test_section);
+ sk_conf = NCONF_get_section(conf, client_section);
OPENSSL_assert(sk_conf != NULL);
- ctx = SSL_TEST_CTX_new();
- OPENSSL_assert(ctx != NULL);
+ for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
+ int found = 0;
+ const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
+ for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
+ if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
+ if (!ssl_test_client_options[j].parse(client, option->value)) {
+ fprintf(stderr, "Bad value %s for option %s\n",
+ option->value, option->name);
+ return 0;
+ }
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ fprintf(stderr, "Unknown test option: %s\n", option->name);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
+ const char *server_section)
+{
+ STACK_OF(CONF_VALUE) *sk_conf;
+ int i;
+ size_t j;
+
+ sk_conf = NCONF_get_section(conf, server_section);
+ OPENSSL_assert(sk_conf != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
- for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
- if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
- if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
+ for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
+ if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
+ if (!ssl_test_server_options[j].parse(server, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
- goto err;
+ return 0;
}
found = 1;
break;
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
- goto err;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
+{
+ STACK_OF(CONF_VALUE) *sk_conf;
+ SSL_TEST_CTX *ctx;
+ int i;
+ size_t j;
+
+ sk_conf = NCONF_get_section(conf, test_section);
+ OPENSSL_assert(sk_conf != NULL);
+
+ ctx = SSL_TEST_CTX_new();
+ OPENSSL_assert(ctx != NULL);
+
+ for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
+ int found = 0;
+ const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
+
+ /* Subsections */
+ if (strcmp(option->name, "client") == 0) {
+ if (!parse_client_options(&ctx->extra.client, conf,
+ option->value))
+ goto err;
+ } else if (strcmp(option->name, "server") == 0) {
+ if (!parse_server_options(&ctx->extra.server, conf,
+ option->value))
+ goto err;
+ } else if (strcmp(option->name, "server2") == 0) {
+ if (!parse_server_options(&ctx->extra.server2, conf,
+ option->value))
+ goto err;
+ } else if (strcmp(option->name, "resume-client") == 0) {
+ if (!parse_client_options(&ctx->resume_extra.client, conf,
+ option->value))
+ goto err;
+ } else if (strcmp(option->name, "resume-server") == 0) {
+ if (!parse_server_options(&ctx->resume_extra.server, conf,
+ option->value))
+ goto err;
+ } else if (strcmp(option->name, "resume-server2") == 0) {
+ if (!parse_server_options(&ctx->resume_extra.server2, conf,
+ option->value))
+ goto err;
+
+ } else {
+ for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
+ if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
+ if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
+ fprintf(stderr, "Bad value %s for option %s\n",
+ option->value, option->name);
+ goto err;
+ }
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ fprintf(stderr, "Unknown test option: %s\n", option->name);
+ goto err;
+ }
}
}
SSL_TEST_HANDSHAKE_RENEGOTIATE
} ssl_handshake_mode_t;
-typedef struct ssl_test_ctx {
- /* Test expectations. */
+/*
+ * Server/client settings that aren't supported by the SSL CONF library,
+ * such as callbacks.
+ */
+typedef struct {
+ /* One of a number of predefined custom callbacks. */
+ ssl_verify_callback_t verify_callback;
+ /* One of a number of predefined server names use by the client */
+ ssl_servername_t servername;
+ /* Supported NPN and ALPN protocols. A comma-separated list. */
+ char *npn_protocols;
+ char *alpn_protocols;
+} SSL_TEST_CLIENT_CONF;
+
+typedef struct {
+ /* SNI callback (server-side). */
+ ssl_servername_callback_t servername_callback;
+ /* Supported NPN and ALPN protocols. A comma-separated list. */
+ char *npn_protocols;
+ char *alpn_protocols;
+ /* Whether to set a broken session ticket callback. */
+ int broken_session_ticket;
+} SSL_TEST_SERVER_CONF;
+
+typedef struct {
+ SSL_TEST_CLIENT_CONF client;
+ SSL_TEST_SERVER_CONF server;
+ SSL_TEST_SERVER_CONF server2;
+} SSL_TEST_EXTRA_CONF;
+
+typedef struct {
+ /*
+ * Global test configuration. Does not change between handshakes.
+ */
+ /* Whether the server/client CTX should use DTLS or TLS. */
+ ssl_test_method_t method;
+ /* Whether to test a resumed/renegotiated handshake. */
+ ssl_handshake_mode_t handshake_mode;
+
+ /*
+ * Extra server/client configurations. Per-handshake.
+ */
+ /* First handshake. */
+ SSL_TEST_EXTRA_CONF extra;
+ /* Resumed handshake. */
+ SSL_TEST_EXTRA_CONF resume_extra;
+
+ /*
+ * Test expectations. These apply to the LAST handshake.
+ */
/* Defaults to SUCCESS. */
ssl_test_result_t expected_result;
/* Alerts. 0 if no expectation. */
/* See ssl.h for alert codes. */
/* Alert sent by the client / received by the server. */
- int client_alert;
+ int expected_client_alert;
/* Alert sent by the server / received by the client. */
- int server_alert;
+ int expected_server_alert;
/* Negotiated protocol version. 0 if no expectation. */
/* See ssl.h for protocol versions. */
- int protocol;
- /* One of a number of predefined custom callbacks. */
- ssl_verify_callback_t client_verify_callback;
- /* One of a number of predefined server names use by the client */
- ssl_servername_t servername;
+ int expected_protocol;
/*
* The expected SNI context to use.
* We test server-side that the server switched to the expected context.
* client-side via the API that this was the case.
*/
ssl_servername_t expected_servername;
- ssl_servername_callback_t servername_callback;
ssl_session_ticket_t session_ticket_expected;
- /* Whether the server/client CTX should use DTLS or TLS. */
- ssl_test_method_t method;
-
- /*
- * NPN and ALPN protocols supported by the client, server, and second
- * (SNI) server. A comma-separated list.
- */
- char *client_npn_protocols;
- char *server_npn_protocols;
- char *server2_npn_protocols;
+ /* The expected NPN/ALPN protocol to negotiate. */
char *expected_npn_protocol;
- char *client_alpn_protocols;
- char *server_alpn_protocols;
- char *server2_alpn_protocols;
char *expected_alpn_protocol;
-
- /* Whether to test a resumed/renegotiated handshake. */
- ssl_handshake_mode_t handshake_mode;
/* Whether the second handshake is resumed or a full handshake (boolean). */
int resumption_expected;
} SSL_TEST_CTX;
/*
* Load the test case context from |conf|.
- * See test/README.ssl_test for details on the conf file format.
+ * See test/README.ssltest.md for details on the conf file format.
*/
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section);
SSL_TEST_CTX *expected_ctx;
} SSL_TEST_CTX_TEST_FIXTURE;
+
+static int SSL_TEST_CLIENT_CONF_equal(SSL_TEST_CLIENT_CONF *client,
+ SSL_TEST_CLIENT_CONF *client2)
+{
+ if (client->verify_callback != client2->verify_callback) {
+ fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
+ ssl_verify_callback_name(client->verify_callback),
+ ssl_verify_callback_name(client2->verify_callback));
+ return 0;
+ }
+ if (client->servername != client2->servername) {
+ fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
+ ssl_servername_name(client->servername),
+ ssl_servername_name(client2->servername));
+ return 0;
+ }
+ if (!strings_equal("Client NPNProtocols", client->npn_protocols,
+ client2->npn_protocols))
+ return 0;
+ if (!strings_equal("Client ALPNProtocols", client->alpn_protocols,
+ client2->alpn_protocols))
+ return 0;
+ return 1;
+}
+
+static int SSL_TEST_SERVER_CONF_equal(SSL_TEST_SERVER_CONF *server,
+ SSL_TEST_SERVER_CONF *server2)
+{
+ if (server->servername_callback != server2->servername_callback) {
+ fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
+ ssl_servername_callback_name(server->servername_callback),
+ ssl_servername_callback_name(server2->servername_callback));
+ return 0;
+ }
+ if (!strings_equal("Server NPNProtocols", server->npn_protocols,
+ server2->npn_protocols))
+ return 0;
+ if (!strings_equal("Server ALPNProtocols", server->alpn_protocols,
+ server2->alpn_protocols))
+ return 0;
+ if (server->broken_session_ticket != server2->broken_session_ticket) {
+ fprintf(stderr, "Broken session ticket mismatch: %d vs %d.\n",
+ server->broken_session_ticket, server2->broken_session_ticket);
+ return 0;
+ }
+ return 1;
+}
+
+static int SSL_TEST_EXTRA_CONF_equal(SSL_TEST_EXTRA_CONF *extra,
+ SSL_TEST_EXTRA_CONF *extra2)
+{
+ return SSL_TEST_CLIENT_CONF_equal(&extra->client, &extra2->client)
+ && SSL_TEST_SERVER_CONF_equal(&extra->server, &extra2->server)
+ && SSL_TEST_SERVER_CONF_equal(&extra->server2, &extra2->server2);
+}
+
/* Returns 1 if the contexts are equal, 0 otherwise. */
static int SSL_TEST_CTX_equal(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2)
{
+ if (ctx->method != ctx2->method) {
+ fprintf(stderr, "Method mismatch: %s vs %s.\n",
+ ssl_test_method_name(ctx->method),
+ ssl_test_method_name(ctx2->method));
+ return 0;
+ }
+ if (ctx->handshake_mode != ctx2->handshake_mode) {
+ fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
+ ssl_handshake_mode_name(ctx->handshake_mode),
+ ssl_handshake_mode_name(ctx2->handshake_mode));
+ return 0;
+ }
+
+ if (!SSL_TEST_EXTRA_CONF_equal(&ctx->extra, &ctx2->extra)) {
+ fprintf(stderr, "Extra conf mismatch.\n");
+ return 0;
+ }
+ if (!SSL_TEST_EXTRA_CONF_equal(&ctx->resume_extra, &ctx2->resume_extra)) {
+ fprintf(stderr, "Resume extra conf mismatch.\n");
+ return 0;
+ }
+
if (ctx->expected_result != ctx2->expected_result) {
fprintf(stderr, "ExpectedResult mismatch: %s vs %s.\n",
ssl_test_result_name(ctx->expected_result),
ssl_test_result_name(ctx2->expected_result));
return 0;
}
- if (ctx->client_alert != ctx2->client_alert) {
+ if (ctx->expected_client_alert != ctx2->expected_client_alert) {
fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
- ssl_alert_name(ctx->client_alert),
- ssl_alert_name(ctx2->client_alert));
+ ssl_alert_name(ctx->expected_client_alert),
+ ssl_alert_name(ctx2->expected_client_alert));
return 0;
}
- if (ctx->server_alert != ctx2->server_alert) {
+ if (ctx->expected_server_alert != ctx2->expected_server_alert) {
fprintf(stderr, "ServerAlert mismatch: %s vs %s.\n",
- ssl_alert_name(ctx->server_alert),
- ssl_alert_name(ctx2->server_alert));
+ ssl_alert_name(ctx->expected_server_alert),
+ ssl_alert_name(ctx2->expected_server_alert));
return 0;
}
- if (ctx->protocol != ctx2->protocol) {
+ if (ctx->expected_protocol != ctx2->expected_protocol) {
fprintf(stderr, "ClientAlert mismatch: %s vs %s.\n",
- ssl_protocol_name(ctx->protocol),
- ssl_protocol_name(ctx2->protocol));
- return 0;
- }
- if (ctx->client_verify_callback != ctx2->client_verify_callback) {
- fprintf(stderr, "ClientVerifyCallback mismatch: %s vs %s.\n",
- ssl_verify_callback_name(ctx->client_verify_callback),
- ssl_verify_callback_name(ctx2->client_verify_callback));
- return 0;
- }
- if (ctx->servername != ctx2->servername) {
- fprintf(stderr, "ServerName mismatch: %s vs %s.\n",
- ssl_servername_name(ctx->servername),
- ssl_servername_name(ctx2->servername));
+ ssl_protocol_name(ctx->expected_protocol),
+ ssl_protocol_name(ctx2->expected_protocol));
return 0;
}
if (ctx->expected_servername != ctx2->expected_servername) {
ssl_servername_name(ctx2->expected_servername));
return 0;
}
- if (ctx->servername_callback != ctx2->servername_callback) {
- fprintf(stderr, "ServerNameCallback mismatch: %s vs %s.\n",
- ssl_servername_callback_name(ctx->servername_callback),
- ssl_servername_callback_name(ctx2->servername_callback));
- return 0;
- }
if (ctx->session_ticket_expected != ctx2->session_ticket_expected) {
fprintf(stderr, "SessionTicketExpected mismatch: %s vs %s.\n",
ssl_session_ticket_name(ctx->session_ticket_expected),
ssl_session_ticket_name(ctx2->session_ticket_expected));
return 0;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
- if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
- ctx2->client_npn_protocols))
- return 0;
- if (ctx->method != ctx2->method) {
- fprintf(stderr, "Method mismatch: %s vs %s.\n",
- ssl_test_method_name(ctx->method),
- ssl_test_method_name(ctx2->method));
- return 0;
- }
- if (!strings_equal("ServerNPNProtocols", ctx->server_npn_protocols,
- ctx2->server_npn_protocols))
- return 0;
- if (!strings_equal("Server2NPNProtocols", ctx->server_npn_protocols,
- ctx2->server_npn_protocols))
- return 0;
if (!strings_equal("ExpectedNPNProtocol", ctx->expected_npn_protocol,
ctx2->expected_npn_protocol))
return 0;
- if (!strings_equal("ClientALPNProtocols", ctx->client_alpn_protocols,
- ctx2->client_alpn_protocols))
- return 0;
-
- if (!strings_equal("ServerALPNProtocols", ctx->server_alpn_protocols,
- ctx2->server_alpn_protocols))
- return 0;
- if (!strings_equal("Server2ALPNProtocols", ctx->server_alpn_protocols,
- ctx2->server_alpn_protocols))
- return 0;
if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
ctx2->expected_alpn_protocol))
return 0;
-#endif
- if (ctx->handshake_mode != ctx2->handshake_mode) {
- fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
- ssl_handshake_mode_name(ctx->handshake_mode),
- ssl_handshake_mode_name(ctx2->handshake_mode));
- return 0;
- }
if (ctx->resumption_expected != ctx2->resumption_expected) {
fprintf(stderr, "ResumptionExpected mismatch: %d vs %d.\n",
ctx->resumption_expected, ctx2->resumption_expected);
{
SETUP_SSL_TEST_CTX_TEST_FIXTURE();
fixture.test_section = "ssltest_good";
+ fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
+ fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
+
fixture.expected_ctx->expected_result = SSL_TEST_SERVER_FAIL;
- fixture.expected_ctx->client_alert = SSL_AD_UNKNOWN_CA;
- fixture.expected_ctx->server_alert = 0; /* No alert. */
- fixture.expected_ctx->protocol = TLS1_1_VERSION;
- fixture.expected_ctx->client_verify_callback = SSL_TEST_VERIFY_REJECT_ALL;
- fixture.expected_ctx->servername = SSL_TEST_SERVERNAME_SERVER2;
+ fixture.expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA;
+ fixture.expected_ctx->expected_server_alert = 0; /* No alert. */
+ fixture.expected_ctx->expected_protocol = TLS1_1_VERSION;
fixture.expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2;
- fixture.expected_ctx->servername_callback =
- SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
- fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
-#ifndef OPENSSL_NO_NEXTPROTONEG
- fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
- fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
- OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
- OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
-#endif
- fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
fixture.expected_ctx->resumption_expected = 1;
+
+ fixture.expected_ctx->extra.client.verify_callback =
+ SSL_TEST_VERIFY_REJECT_ALL;
+ fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
+ fixture.expected_ctx->extra.client.npn_protocols =
+ OPENSSL_strdup("foo,bar");
+ OPENSSL_assert(fixture.expected_ctx->extra.client.npn_protocols != NULL);
+
+ fixture.expected_ctx->extra.server.servername_callback =
+ SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
+ fixture.expected_ctx->extra.server.broken_session_ticket = 1;
+
+ fixture.expected_ctx->resume_extra.server2.alpn_protocols =
+ OPENSSL_strdup("baz");
+ OPENSSL_assert(
+ fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL);
+
EXECUTE_SSL_TEST_CTX_TEST();
}
[ssltest_default]
[ssltest_good]
+client = ssltest_good_client_extra
+server = ssltest_good_server_extra
+resume-server2 = ssltest_good_resume_server2_extra
+
+Method = DTLS
+HandshakeMode = Resume
+
ExpectedResult = ServerFail
-ClientAlert = UnknownCA
-Protocol = TLSv1.1
-ClientVerifyCallback = RejectAll
-ServerName = server2
+ExpectedClientAlert = UnknownCA
+ExpectedProtocol = TLSv1.1
ExpectedServerName = server2
-ServerNameCallback = IgnoreMismatch
SessionTicketExpected = Yes
-Method = DTLS
-ClientNPNProtocols = foo,bar
-Server2ALPNProtocols = baz
-HandshakeMode = Resume
-ResumptionExpected = yes
+ResumptionExpected = Yes
+
+[ssltest_good_client_extra]
+VerifyCallback = RejectAll
+ServerName = server2
+NPNProtocols = foo,bar
+
+[ssltest_good_server_extra]
+ServerNameCallback = IgnoreMismatch
+BrokenSessionTicket = Yes
+
+[ssltest_good_resume_server2_extra]
+ALPNProtocols = baz
[ssltest_unknown_option]
UnknownOption = Foo
projects / oweals / openssl.git / commitdiff