1# -*- mode: perl; -*-
2# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test version negotiation
11
12use strict;
13use warnings;
14
15package ssltests;
16
17
18our @tests = (
19    {
20        name => "ct-permissive-without-scts",
21        server => { },
22        client => {
23            extra => {
24                "CTValidation" => "Permissive",
25            },
26        },
27        test => {
28            "ExpectedResult" => "Success",
29        },
30    },
31    {
32        name => "ct-permissive-with-scts",
33        server => {
34            "Certificate" => test_pem("embeddedSCTs1.pem"),
35            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
36        },
37        client => {
38            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
39            extra => {
40                "CTValidation" => "Permissive",
41            },
42        },
43        test => {
44            "ExpectedResult" => "Success",
45        },
46    },
47    {
48        name => "ct-strict-without-scts",
49        server => { },
50        client => {
51            extra => {
52                "CTValidation" => "Strict",
53            },
54        },
55        test => {
56            "ExpectedResult" => "ClientFail",
57            "ExpectedClientAlert" => "HandshakeFailure",
58        },
59    },
60    {
61        name => "ct-strict-with-scts",
62        server => {
63            "Certificate" => test_pem("embeddedSCTs1.pem"),
64            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
65        },
66        client => {
67            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
68            extra => {
69                "CTValidation" => "Strict",
70            },
71        },
72        test => {
73            "ExpectedResult" => "Success",
74        },
75    },
76    {
77        name => "ct-permissive-resumption",
78        server => {
79            "Certificate" => test_pem("embeddedSCTs1.pem"),
80            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
81        },
82        client => {
83            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
84            extra => {
85                "CTValidation" => "Permissive",
86            },
87        },
88        test => {
89            "HandshakeMode" => "Resume",
90            "ResumptionExpected" => "Yes",
91            "ExpectedResult" => "Success",
92        },
93    },
94    {
95        name => "ct-strict-resumption",
96        server => {
97            "Certificate" => test_pem("embeddedSCTs1.pem"),
98            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
99        },
100        client => {
101            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
102            extra => {
103                "CTValidation" => "Strict",
104            },
105        },
106        # SCTs are not present during resumption, so the resumption
107        # should succeed.
108        resume_client => {
109            extra => {
110                "CTValidation" => "Strict",
111            },
112        },
113        test => {
114            "HandshakeMode" => "Resume",
115            "ResumptionExpected" => "Yes",
116            "ExpectedResult" => "Success",
117        },
118    },
119);
120