1# -*- mode: perl; -*- 2# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13 14our @tests = ( 15 16 # Sanity-check that verification indeed succeeds without the 17 # restrictive callback. 18 { 19 name => "verify-success", 20 server => { }, 21 client => { }, 22 test => { "ExpectedResult" => "Success" }, 23 }, 24 25 # Same test as above but with a custom callback that always fails. 26 { 27 name => "verify-custom-reject", 28 server => { }, 29 client => { 30 extra => { 31 "VerifyCallback" => "RejectAll", 32 }, 33 }, 34 test => { 35 "ExpectedResult" => "ClientFail", 36 "ExpectedClientAlert" => "HandshakeFailure", 37 }, 38 }, 39 40 # Same test as above but with a custom callback that always succeeds. 41 { 42 name => "verify-custom-allow", 43 server => { }, 44 client => { 45 extra => { 46 "VerifyCallback" => "AcceptAll", 47 }, 48 }, 49 test => { 50 "ExpectedResult" => "Success", 51 }, 52 }, 53 54 # Same test as above but with a custom callback that requests retry once. 55 { 56 name => "verify-custom-retry", 57 server => { }, 58 client => { 59 extra => { 60 "VerifyCallback" => "RetryOnce", 61 }, 62 }, 63 test => { 64 "ExpectedResult" => "Success", 65 }, 66 }, 67 68 # Sanity-check that verification indeed succeeds if peer verification 69 # is not requested. 70 { 71 name => "noverify-success", 72 server => { }, 73 client => { 74 "VerifyMode" => undef, 75 "VerifyCAFile" => undef, 76 }, 77 test => { "ExpectedResult" => "Success" }, 78 }, 79 80 # Same test as above but with a custom callback that always fails. 81 # The callback return has no impact on handshake success in this mode. 82 { 83 name => "noverify-ignore-custom-reject", 84 server => { }, 85 client => { 86 "VerifyMode" => undef, 87 "VerifyCAFile" => undef, 88 extra => { 89 "VerifyCallback" => "RejectAll", 90 }, 91 }, 92 test => { 93 "ExpectedResult" => "Success", 94 }, 95 }, 96 97 # Same test as above but with a custom callback that always succeeds. 98 # The callback return has no impact on handshake success in this mode. 99 { 100 name => "noverify-accept-custom-allow", 101 server => { }, 102 client => { 103 "VerifyMode" => undef, 104 "VerifyCAFile" => undef, 105 extra => { 106 "VerifyCallback" => "AcceptAll", 107 }, 108 }, 109 test => { 110 "ExpectedResult" => "Success", 111 }, 112 }, 113 114 # Sanity-check that verification indeed fails without the 115 # permissive callback. 116 { 117 name => "verify-fail-no-root", 118 server => { }, 119 client => { 120 # Don't set up the client root file. 121 "VerifyCAFile" => undef, 122 }, 123 test => { 124 "ExpectedResult" => "ClientFail", 125 "ExpectedClientAlert" => "UnknownCA", 126 }, 127 }, 128 129 # Same test as above but with a custom callback that always succeeds. 130 { 131 name => "verify-custom-success-no-root", 132 server => { }, 133 client => { 134 "VerifyCAFile" => undef, 135 extra => { 136 "VerifyCallback" => "AcceptAll", 137 }, 138 }, 139 test => { 140 "ExpectedResult" => "Success" 141 }, 142 }, 143 144 # Same test as above but with a custom callback that always fails. 145 { 146 name => "verify-custom-fail-no-root", 147 server => { }, 148 client => { 149 "VerifyCAFile" => undef, 150 extra => { 151 "VerifyCallback" => "RejectAll", 152 }, 153 }, 154 test => { 155 "ExpectedResult" => "ClientFail", 156 "ExpectedClientAlert" => "HandshakeFailure", 157 }, 158 }, 159); 160