12-ct.cnf.in 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test version negotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. our @tests = (
  13. {
  14. name => "ct-permissive-without-scts",
  15. server => { },
  16. client => {
  17. extra => {
  18. "CTValidation" => "Permissive",
  19. },
  20. },
  21. test => {
  22. "ExpectedResult" => "Success",
  23. },
  24. },
  25. {
  26. name => "ct-permissive-with-scts",
  27. server => {
  28. "Certificate" => test_pem("embeddedSCTs1.pem"),
  29. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  30. },
  31. client => {
  32. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  33. extra => {
  34. "CTValidation" => "Permissive",
  35. },
  36. },
  37. test => {
  38. "ExpectedResult" => "Success",
  39. },
  40. },
  41. {
  42. name => "ct-strict-without-scts",
  43. server => { },
  44. client => {
  45. extra => {
  46. "CTValidation" => "Strict",
  47. },
  48. },
  49. test => {
  50. "ExpectedResult" => "ClientFail",
  51. "ExpectedClientAlert" => "HandshakeFailure",
  52. },
  53. },
  54. {
  55. name => "ct-strict-with-scts",
  56. server => {
  57. "Certificate" => test_pem("embeddedSCTs1.pem"),
  58. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  59. },
  60. client => {
  61. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  62. extra => {
  63. "CTValidation" => "Strict",
  64. },
  65. },
  66. test => {
  67. "ExpectedResult" => "Success",
  68. },
  69. },
  70. {
  71. name => "ct-permissive-resumption",
  72. server => {
  73. "Certificate" => test_pem("embeddedSCTs1.pem"),
  74. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  75. },
  76. client => {
  77. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  78. extra => {
  79. "CTValidation" => "Permissive",
  80. },
  81. },
  82. test => {
  83. "HandshakeMode" => "Resume",
  84. "ResumptionExpected" => "Yes",
  85. "ExpectedResult" => "Success",
  86. },
  87. },
  88. {
  89. name => "ct-strict-resumption",
  90. server => {
  91. "Certificate" => test_pem("embeddedSCTs1.pem"),
  92. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  93. },
  94. client => {
  95. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  96. extra => {
  97. "CTValidation" => "Strict",
  98. },
  99. },
  100. # SCTs are not present during resumption, so the resumption
  101. # should succeed.
  102. resume_client => {
  103. extra => {
  104. "CTValidation" => "Strict",
  105. },
  106. },
  107. test => {
  108. "HandshakeMode" => "Resume",
  109. "ResumptionExpected" => "Yes",
  110. "ExpectedResult" => "Success",
  111. },
  112. },
  113. );