"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.1.1b/test/ssl-tests/04-client_auth.conf.in" (26 Feb 2019, 8016 Bytes) of package /linux/misc/openssl-1.1.1b.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "04-client_auth.conf.in": 1.1.0i_vs_1.1.1.

    1 # -*- mode: perl; -*-
    2 
    3 ## SSL test configurations
    4 
    5 package ssltests;
    6 
    7 use strict;
    8 use warnings;
    9 
   10 use OpenSSL::Test;
   11 use OpenSSL::Test::Utils qw(anydisabled disabled);
   12 setup("no_test_here");
   13 
   14 # We test version-flexible negotiation (undef) and each protocol version.
   15 my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
   16 
   17 my @is_disabled = (0);
   18 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
   19 
   20 our @tests = ();
   21 
   22 sub generate_tests() {
   23     foreach (0..$#protocols) {
   24         my $protocol = $protocols[$_];
   25         my $protocol_name = $protocol || "flex";
   26         my $caalert;
   27         my $method;
   28         my $sctpenabled = 0;
   29         if (!$is_disabled[$_]) {
   30             if ($protocol_name eq "SSLv3") {
   31                 $caalert = "BadCertificate";
   32             } else {
   33                 $caalert = "UnknownCA";
   34             }
   35             if ($protocol_name =~ m/^DTLS/) {
   36                 $method = "DTLS";
   37                 $sctpenabled = 1 if !disabled("sctp");
   38             }
   39             my $clihash;
   40             my $clisigtype;
   41             my $clisigalgs;
   42             # TODO(TLS1.3) add TLSv1.3 versions
   43             if ($protocol_name eq "TLSv1.2") {
   44                 $clihash = "SHA256";
   45                 $clisigtype = "RSA";
   46                 $clisigalgs = "SHA256+RSA";
   47             }
   48             for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) {
   49                 # Sanity-check simple handshake.
   50                 push @tests, {
   51                     name => "server-auth-${protocol_name}"
   52                             .($sctp ? "-sctp" : ""),
   53                     server => {
   54                         "MinProtocol" => $protocol,
   55                         "MaxProtocol" => $protocol
   56                     },
   57                     client => {
   58                         "MinProtocol" => $protocol,
   59                         "MaxProtocol" => $protocol
   60                     },
   61                     test   => {
   62                         "ExpectedResult" => "Success",
   63                         "Method" => $method,
   64                     },
   65                 };
   66                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
   67 
   68                 # Handshake with client cert requested but not required or received.
   69                 push @tests, {
   70                     name => "client-auth-${protocol_name}-request"
   71                             .($sctp ? "-sctp" : ""),
   72                     server => {
   73                         "MinProtocol" => $protocol,
   74                         "MaxProtocol" => $protocol,
   75                         "VerifyMode" => "Request"
   76                     },
   77                     client => {
   78                         "MinProtocol" => $protocol,
   79                         "MaxProtocol" => $protocol
   80                     },
   81                     test   => {
   82                         "ExpectedResult" => "Success",
   83                         "Method" => $method,
   84                     },
   85                 };
   86                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
   87 
   88                 # Handshake with client cert required but not present.
   89                 push @tests, {
   90                     name => "client-auth-${protocol_name}-require-fail"
   91                             .($sctp ? "-sctp" : ""),
   92                     server => {
   93                         "MinProtocol" => $protocol,
   94                         "MaxProtocol" => $protocol,
   95                         "VerifyCAFile" => test_pem("root-cert.pem"),
   96                         "VerifyMode" => "Require",
   97                     },
   98                     client => {
   99                         "MinProtocol" => $protocol,
  100                         "MaxProtocol" => $protocol
  101                     },
  102                     test   => {
  103                         "ExpectedResult" => "ServerFail",
  104                         "ExpectedServerAlert" =>
  105                         ($protocol_name eq "flex" && !disabled("tls1_3"))
  106                         ? "CertificateRequired" : "HandshakeFailure",
  107                         "Method" => $method,
  108                     },
  109                 };
  110                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  111 
  112                 # Successful handshake with client authentication.
  113                 push @tests, {
  114                     name => "client-auth-${protocol_name}-require"
  115                              .($sctp ? "-sctp" : ""),
  116                     server => {
  117                         "MinProtocol" => $protocol,
  118                         "MaxProtocol" => $protocol,
  119                         "ClientSignatureAlgorithms" => $clisigalgs,
  120                         "VerifyCAFile" => test_pem("root-cert.pem"),
  121                         "VerifyMode" => "Request",
  122                     },
  123                     client => {
  124                         "MinProtocol" => $protocol,
  125                         "MaxProtocol" => $protocol,
  126                         "Certificate" => test_pem("ee-client-chain.pem"),
  127                         "PrivateKey"  => test_pem("ee-key.pem"),
  128                     },
  129                     test   => {
  130                         "ExpectedResult" => "Success",
  131                         "ExpectedClientCertType" => "RSA",
  132                         "ExpectedClientSignType" => $clisigtype,
  133                         "ExpectedClientSignHash" => $clihash,
  134                         "ExpectedClientCANames" => "empty",
  135                         "Method" => $method,
  136                     },
  137                 };
  138                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  139 
  140                 # Successful handshake with client authentication non-empty names
  141                 push @tests, {
  142                     name => "client-auth-${protocol_name}-require-non-empty-names"
  143                             .($sctp ? "-sctp" : ""),
  144                     server => {
  145                         "MinProtocol" => $protocol,
  146                         "MaxProtocol" => $protocol,
  147                         "ClientSignatureAlgorithms" => $clisigalgs,
  148                         "ClientCAFile" => test_pem("root-cert.pem"),
  149                         "VerifyCAFile" => test_pem("root-cert.pem"),
  150                         "VerifyMode" => "Request",
  151                     },
  152                     client => {
  153                         "MinProtocol" => $protocol,
  154                         "MaxProtocol" => $protocol,
  155                         "Certificate" => test_pem("ee-client-chain.pem"),
  156                         "PrivateKey"  => test_pem("ee-key.pem"),
  157                     },
  158                     test   => {
  159                         "ExpectedResult" => "Success",
  160                         "ExpectedClientCertType" => "RSA",
  161                         "ExpectedClientSignType" => $clisigtype,
  162                         "ExpectedClientSignHash" => $clihash,
  163                         "ExpectedClientCANames" => test_pem("root-cert.pem"),
  164                         "Method" => $method,
  165                     },
  166                 };
  167                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  168 
  169                 # Handshake with client authentication but without the root certificate.
  170                 push @tests, {
  171                     name => "client-auth-${protocol_name}-noroot"
  172                             .($sctp ? "-sctp" : ""),
  173                     server => {
  174                         "MinProtocol" => $protocol,
  175                         "MaxProtocol" => $protocol,
  176                         "VerifyMode" => "Require",
  177                     },
  178                     client => {
  179                         "MinProtocol" => $protocol,
  180                         "MaxProtocol" => $protocol,
  181                         "Certificate" => test_pem("ee-client-chain.pem"),
  182                         "PrivateKey"  => test_pem("ee-key.pem"),
  183                     },
  184                     test   => {
  185                         "ExpectedResult" => "ServerFail",
  186                         "ExpectedServerAlert" => $caalert,
  187                         "Method" => $method,
  188                     },
  189                 };
  190                 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
  191             }
  192         }
  193     }
  194 }
  195 
  196 generate_tests();