openssl/test/ssl-tests/03-custom_verify.conf.in

# -*- mode: perl; -*-
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


## SSL test configurations

package ssltests;

our @tests = (

    # Sanity-check that verification indeed succeeds without the
    # restrictive callback.
    {
        name => "verify-success",
        server => { },
        client => { },
        test   => { "ExpectedResult" => "Success" },
    },

    # Same test as above but with a custom callback that always fails.
    {
        name => "verify-custom-reject",
        server => { },
        client => {
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "ClientFail",
            "ExpectedClientAlert" => "HandshakeFailure",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    {
        name => "verify-custom-allow",
        server => { },
        client => {
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Sanity-check that verification indeed succeeds if peer verification
    # is not requested.
    {
        name => "noverify-success",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
        },
        test   => { "ExpectedResult" => "Success" },
    },

    # Same test as above but with a custom callback that always fails.
    # The callback return has no impact on handshake success in this mode.
    {
        name => "noverify-ignore-custom-reject",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    # The callback return has no impact on handshake success in this mode.
    {
        name => "noverify-accept-custom-allow",
        server => { },
        client => {
            "VerifyMode" => undef,
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success",
        },
    },

    # Sanity-check that verification indeed fails without the
    # permissive callback.
    {
        name => "verify-fail-no-root",
        server => { },
        client => {
            # Don't set up the client root file.
            "VerifyCAFile" => undef,
        },
        test   => {
          "ExpectedResult" => "ClientFail",
          "ExpectedClientAlert" => "UnknownCA",
        },
    },

    # Same test as above but with a custom callback that always succeeds.
    {
        name => "verify-custom-success-no-root",
        server => { },
        client => {
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "AcceptAll",
            },
        },
        test   => {
            "ExpectedResult" => "Success"
        },
    },

    # Same test as above but with a custom callback that always fails.
    {
        name => "verify-custom-fail-no-root",
        server => { },
        client => {
            "VerifyCAFile" => undef,
            extra => {
                "VerifyCallback" => "RejectAll",
            },
        },
        test   => {
            "ExpectedResult" => "ClientFail",
            "ExpectedClientAlert" => "HandshakeFailure",
        },
    },
);
v1.1.1t 2023-05-09 22:08:48 +00:00			`# -- mode: perl; --`
			`# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.`
			`#`
			`# Licensed under the OpenSSL license (the "License"). You may not use`
			`# this file except in compliance with the License. You can obtain a copy`
			`# in the file LICENSE in the source distribution or at`
			`# https://www.openssl.org/source/license.html`


			`## SSL test configurations`

			`package ssltests;`

			`our @tests = (`

			`# Sanity-check that verification indeed succeeds without the`
			`# restrictive callback.`
			`{`
			`name => "verify-success",`
			`server => { },`
			`client => { },`
			`test => { "ExpectedResult" => "Success" },`
			`},`

			`# Same test as above but with a custom callback that always fails.`
			`{`
			`name => "verify-custom-reject",`
			`server => { },`
			`client => {`
			`extra => {`
			`"VerifyCallback" => "RejectAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "ClientFail",`
			`"ExpectedClientAlert" => "HandshakeFailure",`
			`},`
			`},`

			`# Same test as above but with a custom callback that always succeeds.`
			`{`
			`name => "verify-custom-allow",`
			`server => { },`
			`client => {`
			`extra => {`
			`"VerifyCallback" => "AcceptAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "Success",`
			`},`
			`},`

			`# Sanity-check that verification indeed succeeds if peer verification`
			`# is not requested.`
			`{`
			`name => "noverify-success",`
			`server => { },`
			`client => {`
			`"VerifyMode" => undef,`
			`"VerifyCAFile" => undef,`
			`},`
			`test => { "ExpectedResult" => "Success" },`
			`},`

			`# Same test as above but with a custom callback that always fails.`
			`# The callback return has no impact on handshake success in this mode.`
			`{`
			`name => "noverify-ignore-custom-reject",`
			`server => { },`
			`client => {`
			`"VerifyMode" => undef,`
			`"VerifyCAFile" => undef,`
			`extra => {`
			`"VerifyCallback" => "RejectAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "Success",`
			`},`
			`},`

			`# Same test as above but with a custom callback that always succeeds.`
			`# The callback return has no impact on handshake success in this mode.`
			`{`
			`name => "noverify-accept-custom-allow",`
			`server => { },`
			`client => {`
			`"VerifyMode" => undef,`
			`"VerifyCAFile" => undef,`
			`extra => {`
			`"VerifyCallback" => "AcceptAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "Success",`
			`},`
			`},`

			`# Sanity-check that verification indeed fails without the`
			`# permissive callback.`
			`{`
			`name => "verify-fail-no-root",`
			`server => { },`
			`client => {`
			`# Don't set up the client root file.`
			`"VerifyCAFile" => undef,`
			`},`
			`test => {`
			`"ExpectedResult" => "ClientFail",`
			`"ExpectedClientAlert" => "UnknownCA",`
			`},`
			`},`

			`# Same test as above but with a custom callback that always succeeds.`
			`{`
			`name => "verify-custom-success-no-root",`
			`server => { },`
			`client => {`
			`"VerifyCAFile" => undef,`
			`extra => {`
			`"VerifyCallback" => "AcceptAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "Success"`
			`},`
			`},`

			`# Same test as above but with a custom callback that always fails.`
			`{`
			`name => "verify-custom-fail-no-root",`
			`server => { },`
			`client => {`
			`"VerifyCAFile" => undef,`
			`extra => {`
			`"VerifyCallback" => "RejectAll",`
			`},`
			`},`
			`test => {`
			`"ExpectedResult" => "ClientFail",`
			`"ExpectedClientAlert" => "HandshakeFailure",`
			`},`
			`},`
			`);`