03-custom_verify.conf.in 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## SSL test configurations
  9. package ssltests;
  10. our @tests = (
  11. # Sanity-check that verification indeed succeeds without the
  12. # restrictive callback.
  13. {
  14. name => "verify-success",
  15. server => { },
  16. client => { },
  17. test => { "ExpectedResult" => "Success" },
  18. },
  19. # Same test as above but with a custom callback that always fails.
  20. {
  21. name => "verify-custom-reject",
  22. server => { },
  23. client => {
  24. extra => {
  25. "VerifyCallback" => "RejectAll",
  26. },
  27. },
  28. test => {
  29. "ExpectedResult" => "ClientFail",
  30. "ExpectedClientAlert" => "HandshakeFailure",
  31. },
  32. },
  33. # Same test as above but with a custom callback that always succeeds.
  34. {
  35. name => "verify-custom-allow",
  36. server => { },
  37. client => {
  38. extra => {
  39. "VerifyCallback" => "AcceptAll",
  40. },
  41. },
  42. test => {
  43. "ExpectedResult" => "Success",
  44. },
  45. },
  46. # Sanity-check that verification indeed succeeds if peer verification
  47. # is not requested.
  48. {
  49. name => "noverify-success",
  50. server => { },
  51. client => {
  52. "VerifyMode" => undef,
  53. "VerifyCAFile" => undef,
  54. },
  55. test => { "ExpectedResult" => "Success" },
  56. },
  57. # Same test as above but with a custom callback that always fails.
  58. # The callback return has no impact on handshake success in this mode.
  59. {
  60. name => "noverify-ignore-custom-reject",
  61. server => { },
  62. client => {
  63. "VerifyMode" => undef,
  64. "VerifyCAFile" => undef,
  65. extra => {
  66. "VerifyCallback" => "RejectAll",
  67. },
  68. },
  69. test => {
  70. "ExpectedResult" => "Success",
  71. },
  72. },
  73. # Same test as above but with a custom callback that always succeeds.
  74. # The callback return has no impact on handshake success in this mode.
  75. {
  76. name => "noverify-accept-custom-allow",
  77. server => { },
  78. client => {
  79. "VerifyMode" => undef,
  80. "VerifyCAFile" => undef,
  81. extra => {
  82. "VerifyCallback" => "AcceptAll",
  83. },
  84. },
  85. test => {
  86. "ExpectedResult" => "Success",
  87. },
  88. },
  89. # Sanity-check that verification indeed fails without the
  90. # permissive callback.
  91. {
  92. name => "verify-fail-no-root",
  93. server => { },
  94. client => {
  95. # Don't set up the client root file.
  96. "VerifyCAFile" => undef,
  97. },
  98. test => {
  99. "ExpectedResult" => "ClientFail",
  100. "ExpectedClientAlert" => "UnknownCA",
  101. },
  102. },
  103. # Same test as above but with a custom callback that always succeeds.
  104. {
  105. name => "verify-custom-success-no-root",
  106. server => { },
  107. client => {
  108. "VerifyCAFile" => undef,
  109. extra => {
  110. "VerifyCallback" => "AcceptAll",
  111. },
  112. },
  113. test => {
  114. "ExpectedResult" => "Success"
  115. },
  116. },
  117. # Same test as above but with a custom callback that always fails.
  118. {
  119. name => "verify-custom-fail-no-root",
  120. server => { },
  121. client => {
  122. "VerifyCAFile" => undef,
  123. extra => {
  124. "VerifyCallback" => "RejectAll",
  125. },
  126. },
  127. test => {
  128. "ExpectedResult" => "ClientFail",
  129. "ExpectedClientAlert" => "HandshakeFailure",
  130. },
  131. },
  132. );