Lines Matching +full:client +full:- +full:id
4 SSL testcases are configured in the `ssl-tests` directory.
12 However, for verification, we also include checked-in configuration outputs
14 `test/ssl-tests/*.cnf` files.
16 For more details, see `ssl-tests/01-simple.cnf.in` for an example.
19 --------------------
26 name => "test-default",
28 client => { "CipherString" => "DEFAULT" },
36 * Method - the method to test. One of DTLS or TLS.
38 * HandshakeMode - which handshake flavour to test:
39 - Simple - plain handshake (default)
40 - Resume - test resumption
41 - RenegotiateServer - test server initiated renegotiation
42 - RenegotiateClient - test client initiated renegotiation
48 * ApplicationData - amount of application data bytes to send (integer, defaults
49 to 256 bytes). Applies to both client and server. Application data is sent in
53 * MaxFragmentSize - maximum send fragment size (integer, defaults to 512 in
54 tests - see `SSL_CTX_set_max_send_fragment` for documentation). Applies to
55 both client and server. Lowering the fragment size will split handshake and
58 four times as large as the maximum fragment, interleaved multi-buffer crypto
63 * ExpectedResult - expected handshake outcome. One of
64 - Success - handshake success
65 - ServerFail - serverside handshake failure
66 - ClientFail - clientside handshake failure
67 - InternalError - some other error
69 * ExpectedClientAlert, ExpectedServerAlert - expected alert. See
76 * ExpectedProtocol - expected negotiated protocol. One of
79 * SessionTicketExpected - whether or not a session ticket is expected
80 - Ignore - do not check for a session ticket (default)
81 - Yes - a session ticket is expected
82 - No - a session ticket is not expected
84 * SessionIdExpected - whether or not a session id is expected
85 - Ignore - do not check for a session id (default)
86 - Yes - a session id is expected
87 - No - a session id is not expected
89 * ResumptionExpected - whether or not resumption is expected (Resume mode only)
90 - Yes - resumed handshake
91 - No - full handshake (default)
93 * ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations.
95 * ExpectedTmpKeyType - the expected algorithm or curve of server temp key
97 * ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
98 curve of server or client certificate
100 * ExpectedServerSignHash, ExpectedClientSignHash - the expected
101 signing hash used by server or client certificate
103 * ExpectedServerSignType, ExpectedClientSignType - the expected
104 signature type used by server or client when signing messages
106 * ExpectedClientCANames - for client auth list of CA names the server must
110 * ExpectedServerCANames - list of CA names the client must send, TLS 1.3 only.
114 Configuring the client and server
115 ---------------------------------
117 The client and server configurations can be any valid `SSL_CTX`
129 * server2 - this section configures a secondary context that is selected via the
133 * resume_server - this section configures the client to resume its session
137 * resume_client - this section configures the client to resume its session with
141 then the configuration matches client.
146 client and server:
148 client => {
155 #### Supported client-side options
157 * ClientVerifyCallback - the client's custom certificate verify callback.
159 - None - no custom callback (default)
160 - AcceptAll - accepts all certificates.
161 - RejectAll - rejects all certificates.
163 * ServerName - the server the client should attempt to connect to. One of
164 - None - do not use SNI (default)
165 - server1 - the initial context
166 - server2 - the secondary context
167 - invalid - an unknown context
169 * CTValidation - Certificate Transparency validation strategy. One of
170 - None - no validation (default)
171 - Permissive - SSL_CT_VALIDATION_PERMISSIVE
172 - Strict - SSL_CT_VALIDATION_STRICT
174 #### Supported server-side options
176 * ServerNameCallback - the SNI switching callback to use
177 - None - no callback (default)
178 - IgnoreMismatch - continue the handshake on SNI mismatch
179 - RejectMismatch - abort the handshake on SNI mismatch
181 * BrokenSessionTicket - a special test case where the session ticket callback
183 - No (default)
184 - Yes
188 * NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client
189 protocols can be specified as a comma-separated list, and a callback with the
192 * SRPUser, SRPPassword - SRP settings. For client, this is the SRP user to
195 ### Default server and client configurations
202 client => {
208 client => {
213 ---------------------------------
215 1. Add a new test configuration to `test/ssl-tests`, following the examples of
216 existing `*.cnf.in` files (for example, `01-simple.cnf.in`).
223 $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \
224 ssl-tests/my.cnf.in default > ssl-tests/my.cnf
227 For all the pre-generated test files you should use the default provider.
229 For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do
231 $ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl \
232 ssl-tests/01-simple.cnf.in default > ssl-tests/01-simple.cnf
238 in `test/recipes/80-test_ssl_new.t` and run
244 3. Update the number of tests planned in `test/recipes/80-test_ssl_new.t`. If
246 `test/recipes/80-test_ssl_new.t` for details).
249 ---------------------------------------
254 -----------------------
264 test/ssl-tests/01-simple.cnf default
269 util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf default
275 protocols: a build with `enable-ssl3` has different test expectations than a
276 build with `no-ssl3`.
282 of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with