1*e0c4386eSCy Schubert# -*- mode: perl; -*- 2*e0c4386eSCy Schubert# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubert 10*e0c4386eSCy Schubert## Test version negotiation 11*e0c4386eSCy Schubert 12*e0c4386eSCy Schubertuse strict; 13*e0c4386eSCy Schubertuse warnings; 14*e0c4386eSCy Schubert 15*e0c4386eSCy Schubertpackage ssltests; 16*e0c4386eSCy Schubert 17*e0c4386eSCy Schubert 18*e0c4386eSCy Schubertour @tests = ( 19*e0c4386eSCy Schubert { 20*e0c4386eSCy Schubert name => "ct-permissive-without-scts", 21*e0c4386eSCy Schubert server => { 22*e0c4386eSCy Schubert }, 23*e0c4386eSCy Schubert client => { 24*e0c4386eSCy Schubert extra => { 25*e0c4386eSCy Schubert "CTValidation" => "Permissive", 26*e0c4386eSCy Schubert }, 27*e0c4386eSCy Schubert }, 28*e0c4386eSCy Schubert test => { 29*e0c4386eSCy Schubert "ExpectedResult" => "Success", 30*e0c4386eSCy Schubert }, 31*e0c4386eSCy Schubert }, 32*e0c4386eSCy Schubert { 33*e0c4386eSCy Schubert name => "ct-permissive-with-scts", 34*e0c4386eSCy Schubert server => { 35*e0c4386eSCy Schubert "Certificate" => test_pem("embeddedSCTs1.pem"), 36*e0c4386eSCy Schubert "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 37*e0c4386eSCy Schubert }, 38*e0c4386eSCy Schubert client => { 39*e0c4386eSCy Schubert "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 40*e0c4386eSCy Schubert extra => { 41*e0c4386eSCy Schubert "CTValidation" => "Permissive", 42*e0c4386eSCy Schubert }, 43*e0c4386eSCy Schubert }, 44*e0c4386eSCy Schubert test => { 45*e0c4386eSCy Schubert "ExpectedResult" => "Success", 46*e0c4386eSCy Schubert }, 47*e0c4386eSCy Schubert }, 48*e0c4386eSCy Schubert { 49*e0c4386eSCy Schubert name => "ct-strict-without-scts", 50*e0c4386eSCy Schubert server => { 51*e0c4386eSCy Schubert }, 52*e0c4386eSCy Schubert client => { 53*e0c4386eSCy Schubert extra => { 54*e0c4386eSCy Schubert "CTValidation" => "Strict", 55*e0c4386eSCy Schubert }, 56*e0c4386eSCy Schubert }, 57*e0c4386eSCy Schubert test => { 58*e0c4386eSCy Schubert "ExpectedResult" => "ClientFail", 59*e0c4386eSCy Schubert "ExpectedClientAlert" => "HandshakeFailure", 60*e0c4386eSCy Schubert }, 61*e0c4386eSCy Schubert }, 62*e0c4386eSCy Schubert { 63*e0c4386eSCy Schubert name => "ct-strict-with-scts", 64*e0c4386eSCy Schubert server => { 65*e0c4386eSCy Schubert "Certificate" => test_pem("embeddedSCTs1.pem"), 66*e0c4386eSCy Schubert "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 67*e0c4386eSCy Schubert }, 68*e0c4386eSCy Schubert client => { 69*e0c4386eSCy Schubert "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 70*e0c4386eSCy Schubert extra => { 71*e0c4386eSCy Schubert "CTValidation" => "Strict", 72*e0c4386eSCy Schubert }, 73*e0c4386eSCy Schubert }, 74*e0c4386eSCy Schubert test => { 75*e0c4386eSCy Schubert "ExpectedResult" => "Success", 76*e0c4386eSCy Schubert }, 77*e0c4386eSCy Schubert }, 78*e0c4386eSCy Schubert { 79*e0c4386eSCy Schubert name => "ct-permissive-resumption", 80*e0c4386eSCy Schubert server => { 81*e0c4386eSCy Schubert "Certificate" => test_pem("embeddedSCTs1.pem"), 82*e0c4386eSCy Schubert "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 83*e0c4386eSCy Schubert }, 84*e0c4386eSCy Schubert client => { 85*e0c4386eSCy Schubert "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 86*e0c4386eSCy Schubert extra => { 87*e0c4386eSCy Schubert "CTValidation" => "Permissive", 88*e0c4386eSCy Schubert }, 89*e0c4386eSCy Schubert }, 90*e0c4386eSCy Schubert test => { 91*e0c4386eSCy Schubert "HandshakeMode" => "Resume", 92*e0c4386eSCy Schubert "ResumptionExpected" => "Yes", 93*e0c4386eSCy Schubert "ExpectedResult" => "Success", 94*e0c4386eSCy Schubert }, 95*e0c4386eSCy Schubert }, 96*e0c4386eSCy Schubert { 97*e0c4386eSCy Schubert name => "ct-strict-resumption", 98*e0c4386eSCy Schubert server => { 99*e0c4386eSCy Schubert "Certificate" => test_pem("embeddedSCTs1.pem"), 100*e0c4386eSCy Schubert "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), 101*e0c4386eSCy Schubert }, 102*e0c4386eSCy Schubert client => { 103*e0c4386eSCy Schubert "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), 104*e0c4386eSCy Schubert extra => { 105*e0c4386eSCy Schubert "CTValidation" => "Strict", 106*e0c4386eSCy Schubert }, 107*e0c4386eSCy Schubert }, 108*e0c4386eSCy Schubert # SCTs are not present during resumption, so the resumption 109*e0c4386eSCy Schubert # should succeed. 110*e0c4386eSCy Schubert resume_client => { 111*e0c4386eSCy Schubert extra => { 112*e0c4386eSCy Schubert "CTValidation" => "Strict", 113*e0c4386eSCy Schubert }, 114*e0c4386eSCy Schubert }, 115*e0c4386eSCy Schubert test => { 116*e0c4386eSCy Schubert "HandshakeMode" => "Resume", 117*e0c4386eSCy Schubert "ResumptionExpected" => "Yes", 118*e0c4386eSCy Schubert "ExpectedResult" => "Success", 119*e0c4386eSCy Schubert }, 120*e0c4386eSCy Schubert }, 121*e0c4386eSCy Schubert); 122