1201468Srpaulo# -*- mode: perl; -*- 2201468Srpaulo# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3201468Srpaulo# 4201468Srpaulo# Licensed under the Apache License 2.0 (the "License"). You may not use 5201468Srpaulo# this file except in compliance with the License. You can obtain a copy 6201468Srpaulo# in the file LICENSE in the source distribution or at 7201468Srpaulo# https://www.openssl.org/source/license.html 8201468Srpaulo 9201468Srpaulo 10201468Srpaulo## Test version negotiation 11201468Srpaulo 12201468Srpaulouse strict; 13201468Srpaulouse warnings; 14201468Srpaulo 15201468Srpaulopackage ssltests; 16201468Srpaulo 17201468Srpaulo 18201468Srpauloour @tests = ( 19201468Srpaulo { 20201468Srpaulo name => "ct-permissive-without-scts", 21201468Srpaulo server => { 22201468Srpaulo }, 23201468Srpaulo client => { 24201468Srpaulo extra => { 25201468Srpaulo "CTValidation" => "Permissive", 26201468Srpaulo }, 27201468Srpaulo }, 28201468Srpaulo test => { 29201468Srpaulo "ExpectedResult" => "Success", 30201468Srpaulo }, 31201468Srpaulo }, 32201468Srpaulo { 33201468Srpaulo name => "ct-permissive-with-scts", 34201468Srpaulo server => { 35201468Srpaulo "Certificate" => test_pem("embeddedSCTs1.pem"), 36201468Srpaulo "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 37201468Srpaulo }, 38201468Srpaulo client => { 39201468Srpaulo "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 40201468Srpaulo extra => { 41201468Srpaulo "CTValidation" => "Permissive", 42201468Srpaulo }, 43201468Srpaulo }, 44201468Srpaulo test => { 45201468Srpaulo "ExpectedResult" => "Success", 46201468Srpaulo }, 47201468Srpaulo }, 48201468Srpaulo { 49201468Srpaulo name => "ct-strict-without-scts", 50201468Srpaulo server => { 51201468Srpaulo }, 52201468Srpaulo client => { 53 extra => { 54 "CTValidation" => "Strict", 55 }, 56 }, 57 test => { 58 "ExpectedResult" => "ClientFail", 59 "ExpectedClientAlert" => "HandshakeFailure", 60 }, 61 }, 62 { 63 name => "ct-strict-with-scts", 64 server => { 65 "Certificate" => test_pem("embeddedSCTs1.pem"), 66 "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 67 }, 68 client => { 69 "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 70 extra => { 71 "CTValidation" => "Strict", 72 }, 73 }, 74 test => { 75 "ExpectedResult" => "Success", 76 }, 77 }, 78 { 79 name => "ct-permissive-resumption", 80 server => { 81 "Certificate" => test_pem("embeddedSCTs1.pem"), 82 "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 83 }, 84 client => { 85 "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 86 extra => { 87 "CTValidation" => "Permissive", 88 }, 89 }, 90 test => { 91 "HandshakeMode" => "Resume", 92 "ResumptionExpected" => "Yes", 93 "ExpectedResult" => "Success", 94 }, 95 }, 96 { 97 name => "ct-strict-resumption", 98 server => { 99 "Certificate" => test_pem("embeddedSCTs1.pem"), 100 "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 101 }, 102 client => { 103 "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 104 extra => { 105 "CTValidation" => "Strict", 106 }, 107 }, 108 # SCTs are not present during resumption, so the resumption 109 # should succeed. 110 resume_client => { 111 extra => { 112 "CTValidation" => "Strict", 113 }, 114 }, 115 test => { 116 "HandshakeMode" => "Resume", 117 "ResumptionExpected" => "Yes", 118 "ExpectedResult" => "Success", 119 }, 120 }, 121); 122