1e1051a39Sopenharmony_ci# -*- mode: perl; -*- 2e1051a39Sopenharmony_ci# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci## SSL test configurations 11e1051a39Sopenharmony_ci 12e1051a39Sopenharmony_cipackage ssltests; 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ciour @tests = ( 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ci # Sanity-check that verification indeed succeeds without the 17e1051a39Sopenharmony_ci # restrictive callback. 18e1051a39Sopenharmony_ci { 19e1051a39Sopenharmony_ci name => "verify-success", 20e1051a39Sopenharmony_ci server => { }, 21e1051a39Sopenharmony_ci client => { }, 22e1051a39Sopenharmony_ci test => { "ExpectedResult" => "Success" }, 23e1051a39Sopenharmony_ci }, 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always fails. 26e1051a39Sopenharmony_ci { 27e1051a39Sopenharmony_ci name => "verify-custom-reject", 28e1051a39Sopenharmony_ci server => { }, 29e1051a39Sopenharmony_ci client => { 30e1051a39Sopenharmony_ci extra => { 31e1051a39Sopenharmony_ci "VerifyCallback" => "RejectAll", 32e1051a39Sopenharmony_ci }, 33e1051a39Sopenharmony_ci }, 34e1051a39Sopenharmony_ci test => { 35e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail", 36e1051a39Sopenharmony_ci "ExpectedClientAlert" => "HandshakeFailure", 37e1051a39Sopenharmony_ci }, 38e1051a39Sopenharmony_ci }, 39e1051a39Sopenharmony_ci 40e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always succeeds. 41e1051a39Sopenharmony_ci { 42e1051a39Sopenharmony_ci name => "verify-custom-allow", 43e1051a39Sopenharmony_ci server => { }, 44e1051a39Sopenharmony_ci client => { 45e1051a39Sopenharmony_ci extra => { 46e1051a39Sopenharmony_ci "VerifyCallback" => "AcceptAll", 47e1051a39Sopenharmony_ci }, 48e1051a39Sopenharmony_ci }, 49e1051a39Sopenharmony_ci test => { 50e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 51e1051a39Sopenharmony_ci }, 52e1051a39Sopenharmony_ci }, 53e1051a39Sopenharmony_ci 54e1051a39Sopenharmony_ci # Same test as above but with a custom callback that requests retry once. 55e1051a39Sopenharmony_ci { 56e1051a39Sopenharmony_ci name => "verify-custom-retry", 57e1051a39Sopenharmony_ci server => { }, 58e1051a39Sopenharmony_ci client => { 59e1051a39Sopenharmony_ci extra => { 60e1051a39Sopenharmony_ci "VerifyCallback" => "RetryOnce", 61e1051a39Sopenharmony_ci }, 62e1051a39Sopenharmony_ci }, 63e1051a39Sopenharmony_ci test => { 64e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 65e1051a39Sopenharmony_ci }, 66e1051a39Sopenharmony_ci }, 67e1051a39Sopenharmony_ci 68e1051a39Sopenharmony_ci # Sanity-check that verification indeed succeeds if peer verification 69e1051a39Sopenharmony_ci # is not requested. 70e1051a39Sopenharmony_ci { 71e1051a39Sopenharmony_ci name => "noverify-success", 72e1051a39Sopenharmony_ci server => { }, 73e1051a39Sopenharmony_ci client => { 74e1051a39Sopenharmony_ci "VerifyMode" => undef, 75e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 76e1051a39Sopenharmony_ci }, 77e1051a39Sopenharmony_ci test => { "ExpectedResult" => "Success" }, 78e1051a39Sopenharmony_ci }, 79e1051a39Sopenharmony_ci 80e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always fails. 81e1051a39Sopenharmony_ci # The callback return has no impact on handshake success in this mode. 82e1051a39Sopenharmony_ci { 83e1051a39Sopenharmony_ci name => "noverify-ignore-custom-reject", 84e1051a39Sopenharmony_ci server => { }, 85e1051a39Sopenharmony_ci client => { 86e1051a39Sopenharmony_ci "VerifyMode" => undef, 87e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 88e1051a39Sopenharmony_ci extra => { 89e1051a39Sopenharmony_ci "VerifyCallback" => "RejectAll", 90e1051a39Sopenharmony_ci }, 91e1051a39Sopenharmony_ci }, 92e1051a39Sopenharmony_ci test => { 93e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 94e1051a39Sopenharmony_ci }, 95e1051a39Sopenharmony_ci }, 96e1051a39Sopenharmony_ci 97e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always succeeds. 98e1051a39Sopenharmony_ci # The callback return has no impact on handshake success in this mode. 99e1051a39Sopenharmony_ci { 100e1051a39Sopenharmony_ci name => "noverify-accept-custom-allow", 101e1051a39Sopenharmony_ci server => { }, 102e1051a39Sopenharmony_ci client => { 103e1051a39Sopenharmony_ci "VerifyMode" => undef, 104e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 105e1051a39Sopenharmony_ci extra => { 106e1051a39Sopenharmony_ci "VerifyCallback" => "AcceptAll", 107e1051a39Sopenharmony_ci }, 108e1051a39Sopenharmony_ci }, 109e1051a39Sopenharmony_ci test => { 110e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 111e1051a39Sopenharmony_ci }, 112e1051a39Sopenharmony_ci }, 113e1051a39Sopenharmony_ci 114e1051a39Sopenharmony_ci # Sanity-check that verification indeed fails without the 115e1051a39Sopenharmony_ci # permissive callback. 116e1051a39Sopenharmony_ci { 117e1051a39Sopenharmony_ci name => "verify-fail-no-root", 118e1051a39Sopenharmony_ci server => { }, 119e1051a39Sopenharmony_ci client => { 120e1051a39Sopenharmony_ci # Don't set up the client root file. 121e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 122e1051a39Sopenharmony_ci }, 123e1051a39Sopenharmony_ci test => { 124e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail", 125e1051a39Sopenharmony_ci "ExpectedClientAlert" => "UnknownCA", 126e1051a39Sopenharmony_ci }, 127e1051a39Sopenharmony_ci }, 128e1051a39Sopenharmony_ci 129e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always succeeds. 130e1051a39Sopenharmony_ci { 131e1051a39Sopenharmony_ci name => "verify-custom-success-no-root", 132e1051a39Sopenharmony_ci server => { }, 133e1051a39Sopenharmony_ci client => { 134e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 135e1051a39Sopenharmony_ci extra => { 136e1051a39Sopenharmony_ci "VerifyCallback" => "AcceptAll", 137e1051a39Sopenharmony_ci }, 138e1051a39Sopenharmony_ci }, 139e1051a39Sopenharmony_ci test => { 140e1051a39Sopenharmony_ci "ExpectedResult" => "Success" 141e1051a39Sopenharmony_ci }, 142e1051a39Sopenharmony_ci }, 143e1051a39Sopenharmony_ci 144e1051a39Sopenharmony_ci # Same test as above but with a custom callback that always fails. 145e1051a39Sopenharmony_ci { 146e1051a39Sopenharmony_ci name => "verify-custom-fail-no-root", 147e1051a39Sopenharmony_ci server => { }, 148e1051a39Sopenharmony_ci client => { 149e1051a39Sopenharmony_ci "VerifyCAFile" => undef, 150e1051a39Sopenharmony_ci extra => { 151e1051a39Sopenharmony_ci "VerifyCallback" => "RejectAll", 152e1051a39Sopenharmony_ci }, 153e1051a39Sopenharmony_ci }, 154e1051a39Sopenharmony_ci test => { 155e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail", 156e1051a39Sopenharmony_ci "ExpectedClientAlert" => "HandshakeFailure", 157e1051a39Sopenharmony_ci }, 158e1051a39Sopenharmony_ci }, 159e1051a39Sopenharmony_ci); 160