12-ct.cnf.in 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test version negotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. our @tests = (
  13. {
  14. name => "ct-permissive-without-scts",
  15. server => {
  16. },
  17. client => {
  18. extra => {
  19. "CTValidation" => "Permissive",
  20. },
  21. },
  22. test => {
  23. "ExpectedResult" => "Success",
  24. },
  25. },
  26. {
  27. name => "ct-permissive-with-scts",
  28. server => {
  29. "Certificate" => test_pem("embeddedSCTs1.pem"),
  30. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  31. },
  32. client => {
  33. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  34. extra => {
  35. "CTValidation" => "Permissive",
  36. },
  37. },
  38. test => {
  39. "ExpectedResult" => "Success",
  40. },
  41. },
  42. {
  43. name => "ct-strict-without-scts",
  44. server => {
  45. },
  46. client => {
  47. extra => {
  48. "CTValidation" => "Strict",
  49. },
  50. },
  51. test => {
  52. "ExpectedResult" => "ClientFail",
  53. "ExpectedClientAlert" => "HandshakeFailure",
  54. },
  55. },
  56. {
  57. name => "ct-strict-with-scts",
  58. server => {
  59. "Certificate" => test_pem("embeddedSCTs1.pem"),
  60. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  61. },
  62. client => {
  63. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  64. extra => {
  65. "CTValidation" => "Strict",
  66. },
  67. },
  68. test => {
  69. "ExpectedResult" => "Success",
  70. },
  71. },
  72. {
  73. name => "ct-permissive-resumption",
  74. server => {
  75. "Certificate" => test_pem("embeddedSCTs1.pem"),
  76. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  77. },
  78. client => {
  79. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  80. extra => {
  81. "CTValidation" => "Permissive",
  82. },
  83. },
  84. test => {
  85. "HandshakeMode" => "Resume",
  86. "ResumptionExpected" => "Yes",
  87. "ExpectedResult" => "Success",
  88. },
  89. },
  90. {
  91. name => "ct-strict-resumption",
  92. server => {
  93. "Certificate" => test_pem("embeddedSCTs1.pem"),
  94. "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
  95. },
  96. client => {
  97. "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
  98. extra => {
  99. "CTValidation" => "Strict",
  100. },
  101. },
  102. # SCTs are not present during resumption, so the resumption
  103. # should succeed.
  104. resume_client => {
  105. extra => {
  106. "CTValidation" => "Strict",
  107. },
  108. },
  109. test => {
  110. "HandshakeMode" => "Resume",
  111. "ResumptionExpected" => "Yes",
  112. "ExpectedResult" => "Success",
  113. },
  114. },
  115. );