VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.7/test/ssl-tests/04-client_auth.cnf.in@ 98227

Last change on this file since 98227 was 94320, checked in by vboxsync, 3 years ago

libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
File size: 8.9 KB
Line 
1# -*- mode: perl; -*-
2
3## SSL test configurations
4
5package ssltests;
6
7use strict;
8use warnings;
9
10use OpenSSL::Test;
11use OpenSSL::Test::Utils qw(anydisabled disabled);
12setup("no_test_here");
13
14our $fips_mode;
15
16my @protocols;
17my @is_disabled = (0);
18
19# We test version-flexible negotiation (undef) and each protocol version.
20if ($fips_mode) {
21 @protocols = (undef, "TLSv1.2", "DTLSv1.2");
22 push @is_disabled, anydisabled("tls1_2", "dtls1_2");
23} else {
24 @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
25 push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
26}
27
28our @tests = ();
29
30sub generate_tests() {
31 foreach (0..$#protocols) {
32 my $protocol = $protocols[$_];
33 my $protocol_name = $protocol || "flex";
34 my $caalert;
35 my $method;
36 my $sctpenabled = 0;
37 if (!$is_disabled[$_]) {
38 if ($protocol_name eq "SSLv3") {
39 $caalert = "BadCertificate";
40 } else {
41 $caalert = "UnknownCA";
42 }
43 if ($protocol_name =~ m/^DTLS/) {
44 $method = "DTLS";
45 $sctpenabled = 1 if !disabled("sctp");
46 }
47 my $clihash;
48 my $clisigtype;
49 my $clisigalgs;
50 # TODO(TLS1.3) add TLSv1.3 versions
51 if ($protocol_name eq "TLSv1.2") {
52 $clihash = "SHA256";
53 $clisigtype = "RSA";
54 $clisigalgs = "SHA256+RSA";
55 }
56 for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) {
57 # Sanity-check simple handshake.
58 push @tests, {
59 name => "server-auth-${protocol_name}"
60 .($sctp ? "-sctp" : ""),
61 server => {
62 "CipherString" => "DEFAULT:\@SECLEVEL=0",
63 "MinProtocol" => $protocol,
64 "MaxProtocol" => $protocol
65 },
66 client => {
67 "CipherString" => "DEFAULT:\@SECLEVEL=0",
68 "MinProtocol" => $protocol,
69 "MaxProtocol" => $protocol
70 },
71 test => {
72 "ExpectedResult" => "Success",
73 "Method" => $method,
74 },
75 };
76 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
77
78 # Handshake with client cert requested but not required or received.
79 push @tests, {
80 name => "client-auth-${protocol_name}-request"
81 .($sctp ? "-sctp" : ""),
82 server => {
83 "CipherString" => "DEFAULT:\@SECLEVEL=0",
84 "MinProtocol" => $protocol,
85 "MaxProtocol" => $protocol,
86 "VerifyMode" => "Request"
87 },
88 client => {
89 "CipherString" => "DEFAULT:\@SECLEVEL=0",
90 "MinProtocol" => $protocol,
91 "MaxProtocol" => $protocol
92 },
93 test => {
94 "ExpectedResult" => "Success",
95 "Method" => $method,
96 },
97 };
98 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
99
100 # Handshake with client cert required but not present.
101 push @tests, {
102 name => "client-auth-${protocol_name}-require-fail"
103 .($sctp ? "-sctp" : ""),
104 server => {
105 "CipherString" => "DEFAULT:\@SECLEVEL=0",
106 "MinProtocol" => $protocol,
107 "MaxProtocol" => $protocol,
108 "VerifyCAFile" => test_pem("root-cert.pem"),
109 "VerifyMode" => "Require",
110 },
111 client => {
112 "CipherString" => "DEFAULT:\@SECLEVEL=0",
113 "MinProtocol" => $protocol,
114 "MaxProtocol" => $protocol
115 },
116 test => {
117 "ExpectedResult" => "ServerFail",
118 "ExpectedServerAlert" =>
119 ($protocol_name eq "flex"
120 && !disabled("tls1_3")
121 && (!disabled("ec") || !disabled("dh")))
122 ? "CertificateRequired" : "HandshakeFailure",
123 "Method" => $method,
124 },
125 };
126 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
127
128 # Successful handshake with client authentication.
129 push @tests, {
130 name => "client-auth-${protocol_name}-require"
131 .($sctp ? "-sctp" : ""),
132 server => {
133 "CipherString" => "DEFAULT:\@SECLEVEL=0",
134 "MinProtocol" => $protocol,
135 "MaxProtocol" => $protocol,
136 "ClientSignatureAlgorithms" => $clisigalgs,
137 "VerifyCAFile" => test_pem("root-cert.pem"),
138 "VerifyMode" => "Request",
139 },
140 client => {
141 "CipherString" => "DEFAULT:\@SECLEVEL=0",
142 "MinProtocol" => $protocol,
143 "MaxProtocol" => $protocol,
144 "Certificate" => test_pem("ee-client-chain.pem"),
145 "PrivateKey" => test_pem("ee-key.pem"),
146 },
147 test => {
148 "ExpectedResult" => "Success",
149 "ExpectedClientCertType" => "RSA",
150 "ExpectedClientSignType" => $clisigtype,
151 "ExpectedClientSignHash" => $clihash,
152 "ExpectedClientCANames" => "empty",
153 "Method" => $method,
154 },
155 };
156 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
157
158 # Successful handshake with client authentication non-empty names
159 push @tests, {
160 name => "client-auth-${protocol_name}-require-non-empty-names"
161 .($sctp ? "-sctp" : ""),
162 server => {
163 "CipherString" => "DEFAULT:\@SECLEVEL=0",
164 "MinProtocol" => $protocol,
165 "MaxProtocol" => $protocol,
166 "ClientSignatureAlgorithms" => $clisigalgs,
167 "ClientCAFile" => test_pem("root-cert.pem"),
168 "VerifyCAFile" => test_pem("root-cert.pem"),
169 "VerifyMode" => "Request",
170 },
171 client => {
172 "CipherString" => "DEFAULT:\@SECLEVEL=0",
173 "MinProtocol" => $protocol,
174 "MaxProtocol" => $protocol,
175 "Certificate" => test_pem("ee-client-chain.pem"),
176 "PrivateKey" => test_pem("ee-key.pem"),
177 },
178 test => {
179 "ExpectedResult" => "Success",
180 "ExpectedClientCertType" => "RSA",
181 "ExpectedClientSignType" => $clisigtype,
182 "ExpectedClientSignHash" => $clihash,
183 "ExpectedClientCANames" => test_pem("root-cert.pem"),
184 "Method" => $method,
185 },
186 };
187 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
188
189 # Handshake with client authentication but without the root certificate.
190 push @tests, {
191 name => "client-auth-${protocol_name}-noroot"
192 .($sctp ? "-sctp" : ""),
193 server => {
194 "CipherString" => "DEFAULT:\@SECLEVEL=0",
195 "MinProtocol" => $protocol,
196 "MaxProtocol" => $protocol,
197 "VerifyMode" => "Require",
198 },
199 client => {
200 "CipherString" => "DEFAULT:\@SECLEVEL=0",
201 "MinProtocol" => $protocol,
202 "MaxProtocol" => $protocol,
203 "Certificate" => test_pem("ee-client-chain.pem"),
204 "PrivateKey" => test_pem("ee-key.pem"),
205 },
206 test => {
207 "ExpectedResult" => "ServerFail",
208 "ExpectedServerAlert" => $caalert,
209 "Method" => $method,
210 },
211 };
212 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
213 }
214 }
215 }
216}
217
218generate_tests();
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette