3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
12 setup("no_test_here");
14 # We test version-flexible negotiation (undef) and each protocol version.
15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
17 my @is_disabled = (0);
18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
22 my $dir_sep = $^O ne "VMS" ? "/" : "";
24 sub generate_tests() {
26 foreach (0..$#protocols) {
27 my $protocol = $protocols[$_];
28 my $protocol_name = $protocol || "flex";
29 if (!$is_disabled[$_]) {
30 # Sanity-check simple handshake.
32 name => "server-auth-${protocol_name}",
34 "Protocol" => $protocol
37 "Protocol" => $protocol
39 test => { "ExpectedResult" => "Success" },
42 # Handshake with client cert requested but not required or received.
44 name => "client-auth-${protocol_name}-request",
46 "Protocol" => $protocol,
47 "VerifyMode" => "Request",
50 "Protocol" => $protocol
52 test => { "ExpectedResult" => "Success" },
55 # Handshake with client cert required but not present.
57 name => "client-auth-${protocol_name}-require-fail",
59 "Protocol" => $protocol,
60 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
61 "VerifyMode" => "Require",
64 "Protocol" => $protocol,
67 "ExpectedResult" => "ServerFail",
68 "ServerAlert" => "HandshakeFailure",
72 # Successful handshake with client authentication.
74 name => "client-auth-${protocol_name}-require",
76 "Protocol" => $protocol,
77 "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
78 "VerifyMode" => "Request",
81 "Protocol" => $protocol,
82 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
83 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
85 test => { "ExpectedResult" => "Success" },
88 # Handshake with client authentication but without the root certificate.
90 name => "client-auth-${protocol_name}-noroot",
92 "Protocol" => $protocol,
93 "VerifyMode" => "Require",
96 "Protocol" => $protocol,
97 "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
98 "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",
101 "ExpectedResult" => "ServerFail",
102 "ServerAlert" => "UnknownCA",