Commit 0f5df0f1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add SCTP testing for 04-client_auth.conf 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3286)
parent cf156009

test/recipes/80-test_ssl_new.t

+2 −1
Original line number Diff line number Diff line
@@ -55,7 +55,8 @@ my $no_ocsp = disabled("ocsp"); 
# expectations dynamically based on the OpenSSL compile-time config.

my %conf_dependent_tests = (

  "02-protocol-version.conf" => !$is_default_tls,

  "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls,

  "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls

                           || !disabled("sctp"),

  "05-sni.conf" => disabled("tls1_1"),

  "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),

  "10-resumption.conf" => !$is_default_tls,

test/ssl-tests/04-client_auth.conf.in

+140 −124
Original line number Diff line number Diff line
@@ -8,7 +8,7 @@ use strict; 
use warnings;



use OpenSSL::Test;

use OpenSSL::Test::Utils qw(anydisabled);

use OpenSSL::Test::Utils qw(anydisabled disabled);

setup("no_test_here");



# We test version-flexible negotiation (undef) and each protocol version.
@@ -25,6 +25,7 @@ sub generate_tests() { 
        my $protocol_name = $protocol || "flex";

        my $caalert;

        my $method;

        my $sctpenabled = 0;

        if (!$is_disabled[$_]) {

            if ($protocol_name eq "SSLv3") {

                $caalert = "BadCertificate";
@@ -33,6 +34,7 @@ sub generate_tests() { 
            }

            if ($protocol_name =~ m/^DTLS/) {

                $method = "DTLS";

                $sctpenabled = 1 if !disabled("sctp");

            }

            my $clihash;

            my $clisigtype;
@@ -43,9 +45,11 @@ sub generate_tests() { 
                $clisigtype = "RSA";

                $clisigalgs = "SHA256+RSA";

            }

            for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) {

                # Sanity-check simple handshake.

                push @tests, {

                name => "server-auth-${protocol_name}",

                    name => "server-auth-${protocol_name}"

                            .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol
@@ -59,10 +63,12 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;



                # Handshake with client cert requested but not required or received.

                push @tests, {

                name => "client-auth-${protocol_name}-request",

                    name => "client-auth-${protocol_name}-request"

                            .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol,
@@ -77,10 +83,12 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;



                # Handshake with client cert required but not present.

                push @tests, {

                name => "client-auth-${protocol_name}-require-fail",

                    name => "client-auth-${protocol_name}-require-fail"

                            .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol,
@@ -97,10 +105,12 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;



                # Successful handshake with client authentication.

                push @tests, {

                name => "client-auth-${protocol_name}-require",

                    name => "client-auth-${protocol_name}-require"

                             .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol,
@@ -123,10 +133,12 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;



                # Successful handshake with client authentication non-empty names

                push @tests, {

                name => "client-auth-${protocol_name}-require-non-empty-names",

                    name => "client-auth-${protocol_name}-require-non-empty-names"

                            .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol,
@@ -150,10 +162,12 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;



                # Handshake with client authentication but without the root certificate.

                push @tests, {

                name => "client-auth-${protocol_name}-noroot",

                    name => "client-auth-${protocol_name}-noroot"

                            .($sctp ? "-sctp" : ""),

                    server => {

                        "MinProtocol" => $protocol,

                        "MaxProtocol" => $protocol,
@@ -171,6 +185,8 @@ sub generate_tests() { 
                        "Method" => $method,

                    },

                };

                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;

            }

        }

    }

}