Commit 78cbe94f authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix Client Auth tests 



The Client Auth tests were not correctly setting the Protocol, so that this
aspect had no effect. It was testing the same thing lots of times for
TLSv1.2 every time.

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
parent 05c4f1d5

test/ssl-tests/04-client_auth.conf

+60 −30
Original line number Diff line number Diff line
@@ -161,12 +161,14 @@ client = 5-server-auth-TLSv1-client 
[5-server-auth-TLSv1-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1



[5-server-auth-TLSv1-client]

CipherString = DEFAULT

Protocol = TLSv1

MaxProtocol = TLSv1

MinProtocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -186,13 +188,15 @@ client = 6-client-auth-TLSv1-request-client 
[6-client-auth-TLSv1-request-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1

VerifyMode = Request



[6-client-auth-TLSv1-request-client]

CipherString = DEFAULT

Protocol = TLSv1

MaxProtocol = TLSv1

MinProtocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -212,14 +216,16 @@ client = 7-client-auth-TLSv1-require-fail-client 
[7-client-auth-TLSv1-require-fail-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Require



[7-client-auth-TLSv1-require-fail-client]

CipherString = DEFAULT

Protocol = TLSv1

MaxProtocol = TLSv1

MinProtocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -240,16 +246,18 @@ client = 8-client-auth-TLSv1-require-client 
[8-client-auth-TLSv1-require-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Request



[8-client-auth-TLSv1-require-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -269,15 +277,17 @@ client = 9-client-auth-TLSv1-noroot-client 
[9-client-auth-TLSv1-noroot-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1

VerifyMode = Require



[9-client-auth-TLSv1-noroot-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1

MinProtocol = TLSv1

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -298,12 +308,14 @@ client = 10-server-auth-TLSv1.1-client 
[10-server-auth-TLSv1.1-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.1



[10-server-auth-TLSv1.1-client]

CipherString = DEFAULT

Protocol = TLSv1.1

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -323,13 +335,15 @@ client = 11-client-auth-TLSv1.1-request-client 
[11-client-auth-TLSv1.1-request-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.1

VerifyMode = Request



[11-client-auth-TLSv1.1-request-client]

CipherString = DEFAULT

Protocol = TLSv1.1

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -349,14 +363,16 @@ client = 12-client-auth-TLSv1.1-require-fail-client 
[12-client-auth-TLSv1.1-require-fail-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Require



[12-client-auth-TLSv1.1-require-fail-client]

CipherString = DEFAULT

Protocol = TLSv1.1

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -377,16 +393,18 @@ client = 13-client-auth-TLSv1.1-require-client 
[13-client-auth-TLSv1.1-require-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Request



[13-client-auth-TLSv1.1-require-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -406,15 +424,17 @@ client = 14-client-auth-TLSv1.1-noroot-client 
[14-client-auth-TLSv1.1-noroot-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.1

VerifyMode = Require



[14-client-auth-TLSv1.1-noroot-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.1

MinProtocol = TLSv1.1

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1.1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -435,12 +455,14 @@ client = 15-server-auth-TLSv1.2-client 
[15-server-auth-TLSv1.2-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.2



[15-server-auth-TLSv1.2-client]

CipherString = DEFAULT

Protocol = TLSv1.2

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -460,13 +482,15 @@ client = 16-client-auth-TLSv1.2-request-client 
[16-client-auth-TLSv1.2-request-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.2

VerifyMode = Request



[16-client-auth-TLSv1.2-request-client]

CipherString = DEFAULT

Protocol = TLSv1.2

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -486,14 +510,16 @@ client = 17-client-auth-TLSv1.2-require-fail-client 
[17-client-auth-TLSv1.2-require-fail-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Require



[17-client-auth-TLSv1.2-require-fail-client]

CipherString = DEFAULT

Protocol = TLSv1.2

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -514,16 +540,18 @@ client = 18-client-auth-TLSv1.2-require-client 
[18-client-auth-TLSv1.2-require-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem

VerifyMode = Request



[18-client-auth-TLSv1.2-require-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer
@@ -543,15 +571,17 @@ client = 19-client-auth-TLSv1.2-noroot-client 
[19-client-auth-TLSv1.2-noroot-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

Protocol = TLSv1.2

VerifyMode = Require



[19-client-auth-TLSv1.2-noroot-client]

Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

Protocol = TLSv1.2

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer

test/ssl-tests/04-client_auth.conf.in

+21 −11
Original line number Diff line number Diff line
@@ -31,10 +31,12 @@ sub generate_tests() { 
            push @tests, {

                name => "server-auth-${protocol_name}",

                server => {

                    "Protocol" => $protocol

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol

                },

                client => {

                    "Protocol" => $protocol

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol

                },

                test   => { "ExpectedResult" => "Success" },

            };
@@ -43,11 +45,13 @@ sub generate_tests() { 
            push @tests, {

                name => "client-auth-${protocol_name}-request",

                server => {

                    "Protocol" => $protocol,

                    "VerifyMode" => "Request",

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "VerifyMode" => "Request"

                },

                client => {

                    "Protocol" => $protocol

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol

                },

                test   => { "ExpectedResult" => "Success" },

            };
@@ -56,12 +60,14 @@ sub generate_tests() { 
            push @tests, {

                name => "client-auth-${protocol_name}-require-fail",

                server => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",

                    "VerifyMode" => "Require",

                },

                client => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol

                },

                test   => {

                    "ExpectedResult" => "ServerFail",
@@ -73,12 +79,14 @@ sub generate_tests() { 
            push @tests, {

                name => "client-auth-${protocol_name}-require",

                server => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",

                    "VerifyMode" => "Request",

                },

                client => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",

                    "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",

                },
@@ -89,11 +97,13 @@ sub generate_tests() { 
            push @tests, {

                name => "client-auth-${protocol_name}-noroot",

                server => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "VerifyMode" => "Require",

                },

                client => {

                    "Protocol" => $protocol,

                    "MinProtocol" => $protocol,

                    "MaxProtocol" => $protocol,

                    "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem",

                    "PrivateKey"  => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem",

                },