1# -*- mode: perl; -*- 2# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13 14srand(1); 15sub randcase { 16 my ($names) = @_; 17 my @ret; 18 foreach my $name (split(/:/, $names)) { 19 my ($alg, $rest) = split(/(?=[+])/, $name, 2); 20 $alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg; 21 push @ret, $alg . ($rest // ""); 22 } 23 return join(":", @ret); 24} 25 26our @tests = ( 27 { 28 name => "default", 29 server => { }, 30 client => { }, 31 test => { "ExpectedResult" => "Success" }, 32 }, 33 34 { 35 name => "Server signature algorithms bug", 36 # Should have no effect as we aren't doing client auth 37 server => { "ClientSignatureAlgorithms" => randcase("PSS+SHA512:RSA+SHA512") }, 38 client => { "SignatureAlgorithms" => randcase("PSS+SHA256:RSA+SHA256") }, 39 test => { "ExpectedResult" => "Success" }, 40 }, 41 42 { 43 name => "verify-cert", 44 server => { }, 45 client => { 46 # Don't set up the client root file. 47 "VerifyCAFile" => undef, 48 }, 49 test => { 50 "ExpectedResult" => "ClientFail", 51 "ExpectedClientAlert" => "UnknownCA", 52 }, 53 }, 54 55 { 56 name => "name-constraints-no-san-in-ee", 57 server => { 58 "Certificate" => test_pem("goodcn2-chain.pem"), 59 "PrivateKey" => test_pem("goodcn2-key.pem"), 60 }, 61 client => { 62 "VerifyCAFile" => test_pem("root-cert.pem"), 63 }, 64 test => { "ExpectedResult" => "Success" }, 65 }, 66); 67