diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-06-03 17:49:04 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-06-13 16:13:13 +0200 |
| commit | 74726750ef041ba5fdf0516cbd060a202f7092c1 (patch) | |
| tree | b136ba0cdd4e05abf40716a372fcdc03faaacebc /test | |
| parent | 81fc33c951b645f31727dc811e02200bde4a0982 (diff) | |
Port DTLS version negotiation tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/README.ssltest.md | 2 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_new.t | 34 | ||||
| -rw-r--r-- | test/recipes/80-test_ssl_old.t | 51 | ||||
| -rw-r--r-- | test/ssl-tests/02-protocol-version.conf.in | 113 | ||||
| -rw-r--r-- | test/ssl-tests/07-dtls-protocol-version.conf | 2476 | ||||
| -rw-r--r-- | test/ssl-tests/07-dtls-protocol-version.conf.in | 19 | ||||
| -rw-r--r-- | test/ssl-tests/protocol_version.pm | 166 | ||||
| -rw-r--r-- | test/ssl_test.c | 23 | ||||
| -rw-r--r-- | test/ssl_test_ctx.c | 28 | ||||
| -rw-r--r-- | test/ssl_test_ctx.h | 8 | ||||
| -rw-r--r-- | test/ssl_test_ctx_test.c | 2 | ||||
| -rw-r--r-- | test/ssl_test_ctx_test.conf | 5 |
12 files changed, 2756 insertions, 171 deletions
diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 03b9f93979..5797cf6c7d 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -64,6 +64,8 @@ The test section supports the following options: - AcceptAll - accepts all certificates. - RejectAll - rejects all certificates. +* Method - the method to test. One of DTLS or TLS. + * ServerName - the server the client should attempt to connect to. One of - None - do not use SNI (default) - server1 - the initial context diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index b7ab408d14..a024753614 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -26,28 +26,43 @@ map { s/;.*// } @conf_srcs if $^O eq "VMS"; my @conf_files = map { basename($_) } @conf_srcs; map { s/\.in// } @conf_files; -# 02-protocol-version.conf test results depend on the configuration of enabled -# protocols. We only verify generated sources in the default configuration. -my $is_default = (disabled("ssl3") && !disabled("tls1") && - !disabled("tls1_1") && !disabled("tls1_2")); +# 02-protocol-version.conf test and 05-dtls-protocol-version.conf results +# depend on the configuration of enabled protocols. We only verify generated +# sources in the default configuration. +my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && + !disabled("tls1_1") && !disabled("tls1_2")); -my %conf_dependent_tests = ("02-protocol-version.conf" => 1); +my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); + +my $no_tls = alldisabled(available_protocols("tls")); +my $no_dtls = alldisabled(available_protocols("dtls")); + +my %conf_dependent_tests = ( + "02-protocol-version.conf" => !$is_default_tls, + "05-dtls-protocol-version.conf" => !$is_default_dtls, +); + +# Default is $no_tls but some tests have different skip conditions. +my %skip = ( + "05-dtls-protocol-version.conf" => $no_dtls, +); foreach my $conf (@conf_files) { subtest "Test configuration $conf" => sub { test_conf($conf, - $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1); + $conf_dependent_tests{$conf} || $^O eq "VMS" ? 0 : 1, + $skip{$conf} || $no_tls); } } # We hard-code the number of tests to double-check that the globbing above # finds all files as expected. -plan tests => 6; # = scalar @conf_srcs +plan tests => 7; # = scalar @conf_srcs sub test_conf { plan tests => 3; - my ($conf, $check_source) = @_; + my ($conf, $check_source, $skip) = @_; my $conf_file = srctop_file("test", "ssl-tests", $conf); my $tmp_file = "${conf}.$$.tmp"; @@ -73,8 +88,7 @@ sub test_conf { } # Test 3. Run the test. - my $no_tls = alldisabled(available_protocols("tls")); - skip "No TLS tests available; skipping tests", 1 if $no_tls; + skip "No tests available; skipping tests", 1 if $skip; skip "Stale sources; skipping tests", 1 if !$run_test; ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf"); diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 4b932fd0c6..716f23b38f 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -79,7 +79,7 @@ my $client_sess="client.ss"; # new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead. plan tests => 1 # For testss - + 14 # For the first testssl + + 13 # For the first testssl ; subtest 'test_ss' => sub { @@ -331,7 +331,7 @@ sub testssl { subtest 'standard SSL tests' => sub { ###################################################################### - plan tests => 21; + plan tests => 21; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 @@ -683,53 +683,6 @@ sub testssl { } }; - subtest 'DTLS Version min/max tests' => sub { - my @protos; - push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls); - push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls); - my @minprotos = (undef, @protos); - my @maxprotos = (@protos, undef); - my @shdprotos = (@protos, $protos[$#protos]); - my $n = ((@protos+2) * (@protos+3))/2 - 2; - my $ntests = $n * $n; - plan tests => $ntests; - SKIP: { - skip "DTLS disabled", 1 if $ntests == 1; - - my $should; - for (my $smin = 0; $smin < @minprotos; ++$smin) { - for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) { - for (my $cmin = 0; $cmin < @minprotos; ++$cmin) { - for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) { - if ($cmax < $smin-1) { - $should = "fail-server"; - } elsif ($smax < $cmin-1) { - $should = "fail-client"; - } elsif ($cmax > $smax) { - $should = $shdprotos[$smax]; - } else { - $should = $shdprotos[$cmax]; - } - - my @args = (@ssltest, "-dtls"); - push(@args, "-should_negotiate", $should); - push(@args, "-server_min_proto", $minprotos[$smin]) - if (defined($minprotos[$smin])); - push(@args, "-server_max_proto", $maxprotos[$smax]) - if (defined($maxprotos[$smax])); - push(@args, "-client_min_proto", $minprotos[$cmin]) - if (defined($minprotos[$cmin])); - push(@args, "-client_max_proto", $maxprotos[$cmax]) - if (defined($maxprotos[$cmax])); - my $ok = run(test[@args]); - if (! $ok) { - print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n"; - print STDERR "\nFailed: @args\n"; - } - ok($ok); - }}}}} - }; - subtest 'TLS session reuse' => sub { plan tests => 12; diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in index 22e1f360e9..46851c94fb 100644 --- a/test/ssl-tests/02-protocol-version.conf.in +++ b/test/ssl-tests/02-protocol-version.conf.in @@ -7,116 +7,13 @@ # https://www.openssl.org/source/license.html -## Test version negotiation +## Test TLS version negotiation package ssltests; -use List::Util qw/max min/; +use strict; +use warnings; -use OpenSSL::Test; -use OpenSSL::Test::Utils qw/anydisabled alldisabled/; -setup("no_test_here"); +use protocol_version; -my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -# undef stands for "no limit". -my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); - -my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); - -my $min_enabled; my $max_enabled; - -# Protocol configuration works in cascades, i.e., -# $no_tls1_1 disables TLSv1.1 and below. -# -# $min_enabled and $max_enabled will be correct if there is at least one -# protocol enabled. -foreach my $i (0..$#protocols) { - if (!$is_disabled[$i]) { - $min_enabled = $i; - last; - } -} - -foreach my $i (0..$#protocols) { - if (!$is_disabled[$i]) { - $max_enabled = $i; - } -} - -our @tests = (); - -sub generate_tests() { - foreach my $c_min (0..$#min_protocols) { - my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; - foreach my $c_max ($c_max_min..$#max_protocols) { - foreach my $s_min (0..$#min_protocols) { - my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; - foreach my $s_max ($s_max_min..$#max_protocols) { - my ($result, $protocol) = - expected_result($c_min, $c_max, $s_min, $s_max); - push @tests, { - "name" => "version-negotiation", - "client" => { - "MinProtocol" => $min_protocols[$c_min], - "MaxProtocol" => $max_protocols[$c_max], - }, - "server" => { - "MinProtocol" => $min_protocols[$s_min], - "MaxProtocol" => $max_protocols[$s_max], - }, - "test" => { - "ExpectedResult" => $result, - "Protocol" => $protocol - } - }; - } - } - } - } -} - -sub expected_result { - my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); - if ($no_tls) { - return ("InternalError", undef); - } - - my ($c_min, $c_max, $s_min, $s_max) = @_; - - # Adjust for "undef" (no limit). - $c_min = $c_min == 0 ? 0 : $c_min - 1; - $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max; - $s_min = $s_min == 0 ? 0 : $s_min - 1; - $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max; - - # We now have at least one protocol enabled, so $min_enabled and - # $max_enabled are well-defined. - $c_min = max $c_min, $min_enabled; - $s_min = max $s_min, $min_enabled; - $c_max = min $c_max, $max_enabled; - $s_max = min $s_max, $max_enabled; - - if ($c_min > $c_max) { - # Client should fail to even send a hello. - # This results in an internal error since the server will be - # waiting for input that never arrives. - return ("InternalError", undef); - } elsif ($s_min > $s_max) { - # Server has no protocols, should always fail. - return ("ServerFail", undef); - } elsif ($s_min > $c_max) { - # Server doesn't support the client range. - return ("ServerFail", undef); - } elsif ($c_min > $s_max) { - # Server will try with a version that is lower than the lowest - # supported client version. - return ("ClientFail", undef); - } else { - # Server and client ranges overlap. - my $max_common = $s_max < $c_max ? $s_max : $c_max; - return ("Success", $protocols[$max_common]); - } -} - -generate_tests(); +our @tests = generate_tests("TLS"); diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf new file mode 100644 index 0000000000..0cb183aa59 --- /dev/null +++ b/test/ssl-tests/07-dtls-protocol-version.conf @@ -0,0 +1,2476 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 64 + +test-0 = 0-version-negotiation +test-1 = 1-version-negotiation +test-2 = 2-version-negotiation +test-3 = 3-version-negotiation +test-4 = 4-version-negotiation +test-5 = 5-version-negotiation +test-6 = 6-version-negotiation +test-7 = 7-version-negotiation +test-8 = 8-version-negotiation +test-9 = 9-version-negotiation +test-10 = 10-version-negotiation +test-11 = 11-version-negotiation +test-12 = 12-version-negotiation +test-13 = 13-version-negotiation +test-14 = 14-version-negotiation +test-15 = 15-version-negotiation +test-16 = 16-version-negotiation +test-17 = 17-version-negotiation +test-18 = 18-version-negotiation +test-19 = 19-version-negotiation +test-20 = 20-version-negotiation +test-21 = 21-version-negotiation +test-22 = 22-version-negotiation +test-23 = 23-version-negotiation +test-24 = 24-version-negotiation +test-25 = 25-version-negotiation +test-26 = 26-version-negotiation +test-27 = 27-version-negotiation +test-28 = 28-version-negotiation +test-29 = 29-version-negotiation +test-30 = 30-version-negotiation +test-31 = 31-version-negotiation +test-32 = 32-version-negotiation +test-33 = 33-version-negotiation +test-34 = 34-version-negotiation +test-35 = 35-version-negotiation +test-36 = 36-version-negotiation +test-37 = 37-version-negotiation +test-38 = 38-version-negotiation +test-39 = 39-version-negotiation +test-40 = 40-version-negotiation +test-41 = 41-version-negotiation +test-42 = 42-version-negotiation +test-43 = 43-version-negotiation +test-44 = 44-version-negotiation +test-45 = 45-version-negotiation +test-46 = 46-version-negotiation +test-47 = 47-version-negotiation +test-48 = 48-version-negotiation +test-49 = 49-version-negotiation +test-50 = 50-version-negotiation +test-51 = 51-version-negotiation +test-52 = 52-version-negotiation +test-53 = 53-version-negotiation +test-54 = 54-version-negotiation +test-55 = 55-version-negotiation +test-56 = 56-version-negotiation +test-57 = 57-version-negotiation +test-58 = 58-version-negotiation +test-59 = 59-version-negotiation +test-60 = 60-version-negotiation +test-61 = 61-version-negotiation +test-62 = 62-version-negotiation +test-63 = 63-version-negotiation +# =========================================================== + +[0-version-negotiation] +ssl_conf = 0-version-negotiation-ssl + +[0-version-negotiation-ssl] +server = 0-version-negotiation-server +server2 = 0-version-negotiation-server2 +client = 0-version-negotiation-client + +[0-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[0-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[0-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-0] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[1-version-negotiation] +ssl_conf = 1-version-negotiation-ssl + +[1-version-negotiation-ssl] +server = 1-version-negotiation-server +server2 = 1-version-negotiation-server2 +client = 1-version-negotiation-client + +[1-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[1-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[1-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-1] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[2-version-negotiation] +ssl_conf = 2-version-negotiation-ssl + +[2-version-negotiation-ssl] +server = 2-version-negotiation-server +server2 = 2-version-negotiation-server2 +client = 2-version-negotiation-client + +[2-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[2-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[2-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-2] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[3-version-negotiation] +ssl_conf = 3-version-negotiation-ssl + +[3-version-negotiation-ssl] +server = 3-version-negotiation-server +server2 = 3-version-negotiation-server2 +client = 3-version-negotiation-client + +[3-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[3-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[3-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-3] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[4-version-negotiation] +ssl_conf = 4-version-negotiation-ssl + +[4-version-negotiation-ssl] +server = 4-version-negotiation-server +server2 = 4-version-negotiation-server2 +client = 4-version-negotiation-client + +[4-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[4-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[4-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-4] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[5-version-negotiation] +ssl_conf = 5-version-negotiation-ssl + +[5-version-negotiation-ssl] +server = 5-version-negotiation-server +server2 = 5-version-negotiation-server2 +client = 5-version-negotiation-client + +[5-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[5-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[5-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-5] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[6-version-negotiation] +ssl_conf = 6-version-negotiation-ssl + +[6-version-negotiation-ssl] +server = 6-version-negotiation-server +server2 = 6-version-negotiation-server2 +client = 6-version-negotiation-client + +[6-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[6-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[6-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-6] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[7-version-negotiation] +ssl_conf = 7-version-negotiation-ssl + +[7-version-negotiation-ssl] +server = 7-version-negotiation-server +server2 = 7-version-negotiation-server2 +client = 7-version-negotiation-client + +[7-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[7-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[7-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-7] +ExpectedResult = ServerFail +Method = DTLS + + +# =========================================================== + +[8-version-negotiation] +ssl_conf = 8-version-negotiation-ssl + +[8-version-negotiation-ssl] +server = 8-version-negotiation-server +server2 = 8-version-negotiation-server2 +client = 8-version-negotiation-client + +[8-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[8-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[8-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-8] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[9-version-negotiation] +ssl_conf = 9-version-negotiation-ssl + +[9-version-negotiation-ssl] +server = 9-version-negotiation-server +server2 = 9-version-negotiation-server2 +client = 9-version-negotiation-client + +[9-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[9-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[9-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-9] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[10-version-negotiation] +ssl_conf = 10-version-negotiation-ssl + +[10-version-negotiation-ssl] +server = 10-version-negotiation-server +server2 = 10-version-negotiation-server2 +client = 10-version-negotiation-client + +[10-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[10-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[10-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-10] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[11-version-negotiation] +ssl_conf = 11-version-negotiation-ssl + +[11-version-negotiation-ssl] +server = 11-version-negotiation-server +server2 = 11-version-negotiation-server2 +client = 11-version-negotiation-client + +[11-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[11-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[11-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-11] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[12-version-negotiation] +ssl_conf = 12-version-negotiation-ssl + +[12-version-negotiation-ssl] +server = 12-version-negotiation-server +server2 = 12-version-negotiation-server2 +client = 12-version-negotiation-client + +[12-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[12-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[12-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-12] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[13-version-negotiation] +ssl_conf = 13-version-negotiation-ssl + +[13-version-negotiation-ssl] +server = 13-version-negotiation-server +server2 = 13-version-negotiation-server2 +client = 13-version-negotiation-client + +[13-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[13-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[13-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-13] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[14-version-negotiation] +ssl_conf = 14-version-negotiation-ssl + +[14-version-negotiation-ssl] +server = 14-version-negotiation-server +server2 = 14-version-negotiation-server2 +client = 14-version-negotiation-client + +[14-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[14-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[14-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-14] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[15-version-negotiation] +ssl_conf = 15-version-negotiation-ssl + +[15-version-negotiation-ssl] +server = 15-version-negotiation-server +server2 = 15-version-negotiation-server2 +client = 15-version-negotiation-client + +[15-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[15-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[15-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-15] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== + +[16-version-negotiation] +ssl_conf = 16-version-negotiation-ssl + +[16-version-negotiation-ssl] +server = 16-version-negotiation-server +server2 = 16-version-negotiation-server2 +client = 16-version-negotiation-client + +[16-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[16-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[16-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-16] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1 + + +# =========================================================== + +[17-version-negotiation] +ssl_conf = 17-version-negotiation-ssl + +[17-version-negotiation-ssl] +server = 17-version-negotiation-server +server2 = 17-version-negotiation-server2 +client = 17-version-negotiation-client + +[17-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[17-version-negotiation-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = DTLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + +[17-version-negotiation-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + + +[test-17] +ExpectedResult = Success +Method = DTLS +Protocol = DTLSv1.2 + + +# =========================================================== |