From c4fec137617c2002f6f8a76981a47ab79908f628 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 22 Nov 2016 16:55:35 +0000 Subject: [PATCH] Extend the test_ssl_new renegotiation tests to include client auth Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/1983) --- test/ssl-tests/17-renegotiate.conf | 68 +++++++++++++++++++++- test/ssl-tests/17-renegotiate.conf.in | 39 +++++++++++++ test/ssl-tests/18-dtls-renegotiate.conf | 64 +++++++++++++++++++- test/ssl-tests/18-dtls-renegotiate.conf.in | 35 +++++++++++ 4 files changed, 204 insertions(+), 2 deletions(-) diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf index c47a9567dd..fb9f97ba19 100644 --- a/test/ssl-tests/17-renegotiate.conf +++ b/test/ssl-tests/17-renegotiate.conf @@ -1,11 +1,13 @@ # Generated with generate_ssl_tests.pl -num_tests = 4 +num_tests = 6 test-0 = 0-renegotiate-client-no-resume test-1 = 1-renegotiate-client-resume test-2 = 2-renegotiate-server-no-resume test-3 = 3-renegotiate-server-resume +test-4 = 4-renegotiate-client-auth-require +test-5 = 5-renegotiate-client-auth-once # =========================================================== [0-renegotiate-client-no-resume] @@ -112,3 +114,67 @@ Method = TLS ResumptionExpected = Yes +# =========================================================== + +[4-renegotiate-client-auth-require] +ssl_conf = 4-renegotiate-client-auth-require-ssl + +[4-renegotiate-client-auth-require-ssl] +server = 4-renegotiate-client-auth-require-server +client = 4-renegotiate-client-auth-require-client + +[4-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[4-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + +# =========================================================== + +[5-renegotiate-client-auth-once] +ssl_conf = 5-renegotiate-client-auth-once-ssl + +[5-renegotiate-client-auth-once-ssl] +server = 5-renegotiate-client-auth-once-server +client = 5-renegotiate-client-auth-once-client + +[5-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +Options = NoResumptionOnRenegotiation +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[5-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = TLS +ResumptionExpected = No + + diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in index a081617724..104b1fe89c 100644 --- a/test/ssl-tests/17-renegotiate.conf.in +++ b/test/ssl-tests/17-renegotiate.conf.in @@ -14,6 +14,7 @@ use warnings; package ssltests; +my $dir_sep = $^O ne "VMS" ? "/" : ""; our @tests = ( { @@ -64,4 +65,42 @@ our @tests = ( "ExpectedResult" => "Success" } }, + { + name => "renegotiate-client-auth-require", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", + "VerifyMode" => "Require", + }, + client => { + "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", + "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem" + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "Options" => "NoResumptionOnRenegotiation", + "MaxProtocol" => "TLSv1.2", + "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", + "VerifyMode" => "Once", + }, + client => { + "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", + "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem" + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } ); diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf index 32eeaf0443..fbde68a5b3 100644 --- a/test/ssl-tests/18-dtls-renegotiate.conf +++ b/test/ssl-tests/18-dtls-renegotiate.conf @@ -1,10 +1,12 @@ # Generated with generate_ssl_tests.pl -num_tests = 3 +num_tests = 5 test-0 = 0-renegotiate-client-no-resume test-1 = 1-renegotiate-client-resume test-2 = 2-renegotiate-server-resume +test-3 = 3-renegotiate-client-auth-require +test-4 = 4-renegotiate-client-auth-once # =========================================================== [0-renegotiate-client-no-resume] @@ -84,3 +86,63 @@ Method = DTLS ResumptionExpected = No +# =========================================================== + +[3-renegotiate-client-auth-require] +ssl_conf = 3-renegotiate-client-auth-require-ssl + +[3-renegotiate-client-auth-require-ssl] +server = 3-renegotiate-client-auth-require-server +client = 3-renegotiate-client-auth-require-client + +[3-renegotiate-client-auth-require-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[3-renegotiate-client-auth-require-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + +# =========================================================== + +[4-renegotiate-client-auth-once] +ssl_conf = 4-renegotiate-client-auth-once-ssl + +[4-renegotiate-client-auth-once-ssl] +server = 4-renegotiate-client-auth-once-server +client = 4-renegotiate-client-auth-once-client + +[4-renegotiate-client-auth-once-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Once + +[4-renegotiate-client-auth-once-client] +Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +HandshakeMode = RenegotiateServer +Method = DTLS +ResumptionExpected = No + + diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in index 440fb2514a..3f877f6b0d 100644 --- a/test/ssl-tests/18-dtls-renegotiate.conf.in +++ b/test/ssl-tests/18-dtls-renegotiate.conf.in @@ -14,6 +14,7 @@ use warnings; package ssltests; +my $dir_sep = $^O ne "VMS" ? "/" : ""; our @tests = ( { @@ -60,4 +61,38 @@ our @tests = ( "ExpectedResult" => "Success" } }, + { + name => "renegotiate-client-auth-require", + server => { + "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", + "VerifyMode" => "Require", + }, + client => { + "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", + "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem" + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + }, + { + name => "renegotiate-client-auth-once", + server => { + "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", + "VerifyMode" => "Once", + }, + client => { + "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", + "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem" + }, + test => { + "Method" => "DTLS", + "HandshakeMode" => "RenegotiateServer", + "ResumptionExpected" => "No", + "ExpectedResult" => "Success" + } + } ); -- 2.25.1