xref: /freebsd/crypto/openssl/test/ssl-tests/03-custom_verify.cnf.in (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1# -*- mode: perl; -*-
2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## SSL test configurations
11
12package ssltests;
13
14our @tests = (
15
16    # Sanity-check that verification indeed succeeds without the
17    # restrictive callback.
18    {
19        name => "verify-success",
20        server => { },
21        client => { },
22        test   => { "ExpectedResult" => "Success" },
23    },
24
25    # Same test as above but with a custom callback that always fails.
26    {
27        name => "verify-custom-reject",
28        server => { },
29        client => {
30            extra => {
31                "VerifyCallback" => "RejectAll",
32            },
33        },
34        test   => {
35            "ExpectedResult" => "ClientFail",
36            "ExpectedClientAlert" => "HandshakeFailure",
37        },
38    },
39
40    # Same test as above but with a custom callback that always succeeds.
41    {
42        name => "verify-custom-allow",
43        server => { },
44        client => {
45            extra => {
46                "VerifyCallback" => "AcceptAll",
47            },
48        },
49        test   => {
50            "ExpectedResult" => "Success",
51        },
52    },
53
54    # Same test as above but with a custom callback that requests retry once.
55    {
56        name => "verify-custom-retry",
57        server => { },
58        client => {
59            extra => {
60                "VerifyCallback" => "RetryOnce",
61            },
62        },
63        test   => {
64            "ExpectedResult" => "Success",
65        },
66    },
67
68    # Sanity-check that verification indeed succeeds if peer verification
69    # is not requested.
70    {
71        name => "noverify-success",
72        server => { },
73        client => {
74            "VerifyMode" => undef,
75            "VerifyCAFile" => undef,
76        },
77        test   => { "ExpectedResult" => "Success" },
78    },
79
80    # Same test as above but with a custom callback that always fails.
81    # The callback return has no impact on handshake success in this mode.
82    {
83        name => "noverify-ignore-custom-reject",
84        server => { },
85        client => {
86            "VerifyMode" => undef,
87            "VerifyCAFile" => undef,
88            extra => {
89                "VerifyCallback" => "RejectAll",
90            },
91        },
92        test   => {
93            "ExpectedResult" => "Success",
94        },
95    },
96
97    # Same test as above but with a custom callback that always succeeds.
98    # The callback return has no impact on handshake success in this mode.
99    {
100        name => "noverify-accept-custom-allow",
101        server => { },
102        client => {
103            "VerifyMode" => undef,
104            "VerifyCAFile" => undef,
105            extra => {
106                "VerifyCallback" => "AcceptAll",
107            },
108        },
109        test   => {
110            "ExpectedResult" => "Success",
111        },
112    },
113
114    # Sanity-check that verification indeed fails without the
115    # permissive callback.
116    {
117        name => "verify-fail-no-root",
118        server => { },
119        client => {
120            # Don't set up the client root file.
121            "VerifyCAFile" => undef,
122        },
123        test   => {
124          "ExpectedResult" => "ClientFail",
125          "ExpectedClientAlert" => "UnknownCA",
126        },
127    },
128
129    # Same test as above but with a custom callback that always succeeds.
130    {
131        name => "verify-custom-success-no-root",
132        server => { },
133        client => {
134            "VerifyCAFile" => undef,
135            extra => {
136                "VerifyCallback" => "AcceptAll",
137            },
138        },
139        test   => {
140            "ExpectedResult" => "Success"
141        },
142    },
143
144    # Same test as above but with a custom callback that always fails.
145    {
146        name => "verify-custom-fail-no-root",
147        server => { },
148        client => {
149            "VerifyCAFile" => undef,
150            extra => {
151                "VerifyCallback" => "RejectAll",
152            },
153        },
154        test   => {
155            "ExpectedResult" => "ClientFail",
156            "ExpectedClientAlert" => "HandshakeFailure",
157        },
158    },
159);
160