From: Matt Caswell <matt@openssl.org>
Date: Tue, 22 Nov 2016 16:55:35 +0000 (+0000)
Subject: Extend the test_ssl_new renegotiation tests to include client auth
X-Git-Tag: OpenSSL_1_1_1-pre1~2638
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=dff70a2b7368e759fae8e608375a0b9f28dce848;p=oweals%2Fopenssl.git

Extend the test_ssl_new renegotiation tests to include client auth

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
---

diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf
index fffb572a47..58992c0409 100644
--- a/test/ssl-tests/17-renegotiate.conf
+++ b/test/ssl-tests/17-renegotiate.conf
@@ -1,11 +1,13 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 4
+num_tests = 6
 
 test-0 = 0-renegotiate-client-no-resume
 test-1 = 1-renegotiate-client-resume
 test-2 = 2-renegotiate-server-no-resume
 test-3 = 3-renegotiate-server-resume
+test-4 = 4-renegotiate-client-auth-require
+test-5 = 5-renegotiate-client-auth-once
 # ===========================================================
 
 [0-renegotiate-client-no-resume]
@@ -116,3 +118,67 @@ Method = TLS
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[4-renegotiate-client-auth-require]
+ssl_conf = 4-renegotiate-client-auth-require-ssl
+
+[4-renegotiate-client-auth-require-ssl]
+server = 4-renegotiate-client-auth-require-server
+client = 4-renegotiate-client-auth-require-client
+
+[4-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[4-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-renegotiate-client-auth-once]
+ssl_conf = 5-renegotiate-client-auth-once-ssl
+
+[5-renegotiate-client-auth-once-ssl]
+server = 5-renegotiate-client-auth-once-server
+client = 5-renegotiate-client-auth-once-client
+
+[5-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[5-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in
index ab581eca72..3f76cb8860 100644
--- a/test/ssl-tests/17-renegotiate.conf.in
+++ b/test/ssl-tests/17-renegotiate.conf.in
@@ -14,6 +14,7 @@ use warnings;
 
 package ssltests;
 
+my $dir_sep = $^O ne "VMS" ? "/" : "";
 
 our @tests = (
     {
@@ -70,4 +71,42 @@ our @tests = (
             "ExpectedResult" => "Success"
         }
     },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
 );
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf
index 32eeaf0443..fbde68a5b3 100644
--- a/test/ssl-tests/18-dtls-renegotiate.conf
+++ b/test/ssl-tests/18-dtls-renegotiate.conf
@@ -1,10 +1,12 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 3
+num_tests = 5
 
 test-0 = 0-renegotiate-client-no-resume
 test-1 = 1-renegotiate-client-resume
 test-2 = 2-renegotiate-server-resume
+test-3 = 3-renegotiate-client-auth-require
+test-4 = 4-renegotiate-client-auth-once
 # ===========================================================
 
 [0-renegotiate-client-no-resume]
@@ -84,3 +86,63 @@ Method = DTLS
 ResumptionExpected = No
 
 
+# ===========================================================
+
+[3-renegotiate-client-auth-require]
+ssl_conf = 3-renegotiate-client-auth-require-ssl
+
+[3-renegotiate-client-auth-require-ssl]
+server = 3-renegotiate-client-auth-require-server
+client = 3-renegotiate-client-auth-require-client
+
+[3-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[3-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-once]
+ssl_conf = 4-renegotiate-client-auth-once-ssl
+
+[4-renegotiate-client-auth-once-ssl]
+server = 4-renegotiate-client-auth-once-server
+client = 4-renegotiate-client-auth-once-client
+
+[4-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[4-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+
+
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in
index 440fb2514a..3f877f6b0d 100644
--- a/test/ssl-tests/18-dtls-renegotiate.conf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.conf.in
@@ -14,6 +14,7 @@ use warnings;
 
 package ssltests;
 
+my $dir_sep = $^O ne "VMS" ? "/" : "";
 
 our @tests = (
     {
@@ -60,4 +61,38 @@ our @tests = (
             "ExpectedResult" => "Success"
         }
     },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
+            "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
+        },
+        test => {
+            "Method" => "DTLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
 );