1# -*- mode: perl; -*- 2# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13 14our @tests = ( 15 16 # Sanity-check that verification indeed succeeds without the 17 # restrictive callback. 18 { 19 name => "verify-success", 20 server => { }, 21 client => { }, 22 test => { "ExpectedResult" => "Success" }, 23 }, 24 25 # Same test as above but with a custom callback that always fails. 26 { 27 name => "verify-custom-reject", 28 server => { }, 29 client => { 30 extra => { 31 "VerifyCallback" => "RejectAll", 32 }, 33 }, 34 test => { 35 "ExpectedResult" => "ClientFail", 36 "ExpectedClientAlert" => "HandshakeFailure", 37 }, 38 }, 39 40 # Same test as above but with a custom callback that always succeeds. 41 { 42 name => "verify-custom-allow", 43 server => { }, 44 client => { 45 extra => { 46 "VerifyCallback" => "AcceptAll", 47 }, 48 }, 49 test => { 50 "ExpectedResult" => "Success", 51 }, 52 }, 53 54 # Sanity-check that verification indeed succeeds if peer verification 55 # is not requested. 56 { 57 name => "noverify-success", 58 server => { }, 59 client => { 60 "VerifyMode" => undef, 61 "VerifyCAFile" => undef, 62 }, 63 test => { "ExpectedResult" => "Success" }, 64 }, 65 66 # Same test as above but with a custom callback that always fails. 67 # The callback return has no impact on handshake success in this mode. 68 { 69 name => "noverify-ignore-custom-reject", 70 server => { }, 71 client => { 72 "VerifyMode" => undef, 73 "VerifyCAFile" => undef, 74 extra => { 75 "VerifyCallback" => "RejectAll", 76 }, 77 }, 78 test => { 79 "ExpectedResult" => "Success", 80 }, 81 }, 82 83 # Same test as above but with a custom callback that always succeeds. 84 # The callback return has no impact on handshake success in this mode. 85 { 86 name => "noverify-accept-custom-allow", 87 server => { }, 88 client => { 89 "VerifyMode" => undef, 90 "VerifyCAFile" => undef, 91 extra => { 92 "VerifyCallback" => "AcceptAll", 93 }, 94 }, 95 test => { 96 "ExpectedResult" => "Success", 97 }, 98 }, 99 100 # Sanity-check that verification indeed fails without the 101 # permissive callback. 102 { 103 name => "verify-fail-no-root", 104 server => { }, 105 client => { 106 # Don't set up the client root file. 107 "VerifyCAFile" => undef, 108 }, 109 test => { 110 "ExpectedResult" => "ClientFail", 111 "ExpectedClientAlert" => "UnknownCA", 112 }, 113 }, 114 115 # Same test as above but with a custom callback that always succeeds. 116 { 117 name => "verify-custom-success-no-root", 118 server => { }, 119 client => { 120 "VerifyCAFile" => undef, 121 extra => { 122 "VerifyCallback" => "AcceptAll", 123 }, 124 }, 125 test => { 126 "ExpectedResult" => "Success" 127 }, 128 }, 129 130 # Same test as above but with a custom callback that always fails. 131 { 132 name => "verify-custom-fail-no-root", 133 server => { }, 134 client => { 135 "VerifyCAFile" => undef, 136 extra => { 137 "VerifyCallback" => "RejectAll", 138 }, 139 }, 140 test => { 141 "ExpectedResult" => "ClientFail", 142 "ExpectedClientAlert" => "HandshakeFailure", 143 }, 144 }, 145); 146