Extend the test_ssl_new renegotiation tests to include client auth (dff70a2b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

test/ssl-tests/17-renegotiate.conf

+67 −1

Original line number	Diff line number	Diff line
		# Generated with generate_ssl_tests.pl

		num_tests = 4
		num_tests = 6

		test-0 = 0-renegotiate-client-no-resume
		test-1 = 1-renegotiate-client-resume
		test-2 = 2-renegotiate-server-no-resume
		test-3 = 3-renegotiate-server-resume
		test-4 = 4-renegotiate-client-auth-require
		test-5 = 5-renegotiate-client-auth-once
		# ===========================================================

		[0-renegotiate-client-no-resume]
		@@ -116,3 +118,67 @@ Method = TLS
		ResumptionExpected = Yes


		# ===========================================================

		[4-renegotiate-client-auth-require]
		ssl_conf = 4-renegotiate-client-auth-require-ssl

		[4-renegotiate-client-auth-require-ssl]
		server = 4-renegotiate-client-auth-require-server
		client = 4-renegotiate-client-auth-require-client

		[4-renegotiate-client-auth-require-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		MaxProtocol = TLSv1.2
		Options = NoResumptionOnRenegotiation
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
		VerifyMode = Require

		[4-renegotiate-client-auth-require-client]
		Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-4]
		ExpectedResult = Success
		HandshakeMode = RenegotiateServer
		Method = TLS
		ResumptionExpected = No


		# ===========================================================

		[5-renegotiate-client-auth-once]
		ssl_conf = 5-renegotiate-client-auth-once-ssl

		[5-renegotiate-client-auth-once-ssl]
		server = 5-renegotiate-client-auth-once-server
		client = 5-renegotiate-client-auth-once-client

		[5-renegotiate-client-auth-once-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		MaxProtocol = TLSv1.2
		Options = NoResumptionOnRenegotiation
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
		VerifyMode = Once

		[5-renegotiate-client-auth-once-client]
		Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-5]
		ExpectedResult = Success
		HandshakeMode = RenegotiateServer
		Method = TLS
		ResumptionExpected = No

test/ssl-tests/17-renegotiate.conf.in

+39 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@ use warnings;

		package ssltests;

		my $dir_sep = $^O ne "VMS" ? "/" : "";

		our @tests = (
		{
		@@ -70,4 +71,42 @@ our @tests = (
		"ExpectedResult" => "Success"
		}
		},
		{
		name => "renegotiate-client-auth-require",
		server => {
		"Options" => "NoResumptionOnRenegotiation",
		"MaxProtocol" => "TLSv1.2",
		"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
		"VerifyMode" => "Require",
		},
		client => {
		"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
		"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
		},
		test => {
		"Method" => "TLS",
		"HandshakeMode" => "RenegotiateServer",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		},
		{
		name => "renegotiate-client-auth-once",
		server => {
		"Options" => "NoResumptionOnRenegotiation",
		"MaxProtocol" => "TLSv1.2",
		"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
		"VerifyMode" => "Once",
		},
		client => {
		"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
		"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
		},
		test => {
		"Method" => "TLS",
		"HandshakeMode" => "RenegotiateServer",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		}
		);

test/ssl-tests/18-dtls-renegotiate.conf

+63 −1

Original line number	Diff line number	Diff line
		# Generated with generate_ssl_tests.pl

		num_tests = 3
		num_tests = 5

		test-0 = 0-renegotiate-client-no-resume
		test-1 = 1-renegotiate-client-resume
		test-2 = 2-renegotiate-server-resume
		test-3 = 3-renegotiate-client-auth-require
		test-4 = 4-renegotiate-client-auth-once
		# ===========================================================

		[0-renegotiate-client-no-resume]
		@@ -84,3 +86,63 @@ Method = DTLS
		ResumptionExpected = No


		# ===========================================================

		[3-renegotiate-client-auth-require]
		ssl_conf = 3-renegotiate-client-auth-require-ssl

		[3-renegotiate-client-auth-require-ssl]
		server = 3-renegotiate-client-auth-require-server
		client = 3-renegotiate-client-auth-require-client

		[3-renegotiate-client-auth-require-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
		VerifyMode = Require

		[3-renegotiate-client-auth-require-client]
		Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-3]
		ExpectedResult = Success
		HandshakeMode = RenegotiateServer
		Method = DTLS
		ResumptionExpected = No


		# ===========================================================

		[4-renegotiate-client-auth-once]
		ssl_conf = 4-renegotiate-client-auth-once-ssl

		[4-renegotiate-client-auth-once-ssl]
		server = 4-renegotiate-client-auth-once-server
		client = 4-renegotiate-client-auth-once-client

		[4-renegotiate-client-auth-once-server]
		Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
		VerifyMode = Once

		[4-renegotiate-client-auth-once-client]
		Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
		CipherString = DEFAULT
		PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
		VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
		VerifyMode = Peer

		[test-4]
		ExpectedResult = Success
		HandshakeMode = RenegotiateServer
		Method = DTLS
		ResumptionExpected = No

test/ssl-tests/18-dtls-renegotiate.conf.in

+35 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@ use warnings;

		package ssltests;

		my $dir_sep = $^O ne "VMS" ? "/" : "";

		our @tests = (
		{
		@@ -60,4 +61,38 @@ our @tests = (
		"ExpectedResult" => "Success"
		}
		},
		{
		name => "renegotiate-client-auth-require",
		server => {
		"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
		"VerifyMode" => "Require",
		},
		client => {
		"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
		"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
		},
		test => {
		"Method" => "DTLS",
		"HandshakeMode" => "RenegotiateServer",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		},
		{
		name => "renegotiate-client-auth-once",
		server => {
		"VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
		"VerifyMode" => "Once",
		},
		client => {
		"Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",
		"PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem"
		},
		test => {
		"Method" => "DTLS",
		"HandshakeMode" => "RenegotiateServer",
		"ResumptionExpected" => "No",
		"ExpectedResult" => "Success"
		}
		}
		);