diff options
author | Matt Caswell <matt@openssl.org> | 2016-06-22 19:41:03 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-07-18 14:30:14 +0100 |
commit | 10e6d235494f69365914f959f83b448b0b21dca2 (patch) | |
tree | 059be3bc428a215275ab224d73c60fa7df3ae475 /test/ssl-tests | |
parent | 78cbe94f89417150d5d334f6c02ed697f62029fe (diff) |
Fix SSLv3 ClientAuth alert checking
In TLS during ClientAuth if the CA is not recognised you should get an
UnknownCA alert. In SSLv3 this does not exist and you should get a
BadCertificate alert.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'test/ssl-tests')
-rw-r--r-- | test/ssl-tests/04-client_auth.conf.in | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index e1044f9ebc..495db02c5f 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -26,7 +26,13 @@ sub generate_tests() { foreach (0..$#protocols) { my $protocol = $protocols[$_]; my $protocol_name = $protocol || "flex"; + my $caalert; if (!$is_disabled[$_]) { + if ($protocol_name eq "SSLv3") { + $caalert = "BadCertificate"; + } else { + $caalert = "UnknownCA"; + } # Sanity-check simple handshake. push @tests, { name => "server-auth-${protocol_name}", @@ -109,7 +115,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "ServerFail", - "ServerAlert" => "UnknownCA", + "ServerAlert" => $caalert, }, }; } |