diff options
| author | Matt Caswell <matt@openssl.org> | 2016-06-22 16:34:26 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-07-18 14:30:14 +0100 |
| commit | 78cbe94f89417150d5d334f6c02ed697f62029fe (patch) | |
| tree | 10dec9db06032e5bb3a48820f94dcae1dc91a41b /test | |
| parent | 05c4f1d563bf7978543e3b5bdb292cbf11688886 (diff) | |
Fix Client Auth tests
The Client Auth tests were not correctly setting the Protocol, so that this
aspect had no effect. It was testing the same thing lots of times for
TLSv1.2 every time.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/ssl-tests/04-client_auth.conf | 90 | ||||
| -rw-r--r-- | test/ssl-tests/04-client_auth.conf.in | 32 |
2 files changed, 81 insertions, 41 deletions
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 02cba53d5a..04bb2345b9 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -161,12 +161,14 @@ client = 5-server-auth-TLSv1-client [5-server-auth-TLSv1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 [5-server-auth-TLSv1-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -186,13 +188,15 @@ client = 6-client-auth-TLSv1-request-client [6-client-auth-TLSv1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Request [6-client-auth-TLSv1-request-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -212,14 +216,16 @@ client = 7-client-auth-TLSv1-require-fail-client [7-client-auth-TLSv1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [7-client-auth-TLSv1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -240,16 +246,18 @@ client = 8-client-auth-TLSv1-require-client [8-client-auth-TLSv1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [8-client-auth-TLSv1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -269,15 +277,17 @@ client = 9-client-auth-TLSv1-noroot-client [9-client-auth-TLSv1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1 VerifyMode = Require [9-client-auth-TLSv1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -298,12 +308,14 @@ client = 10-server-auth-TLSv1.1-client [10-server-auth-TLSv1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 [10-server-auth-TLSv1.1-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -323,13 +335,15 @@ client = 11-client-auth-TLSv1.1-request-client [11-client-auth-TLSv1.1-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Request [11-client-auth-TLSv1.1-request-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -349,14 +363,16 @@ client = 12-client-auth-TLSv1.1-require-fail-client [12-client-auth-TLSv1.1-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [12-client-auth-TLSv1.1-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -377,16 +393,18 @@ client = 13-client-auth-TLSv1.1-require-client [13-client-auth-TLSv1.1-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [13-client-auth-TLSv1.1-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -406,15 +424,17 @@ client = 14-client-auth-TLSv1.1-noroot-client [14-client-auth-TLSv1.1-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.1 VerifyMode = Require [14-client-auth-TLSv1.1-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -435,12 +455,14 @@ client = 15-server-auth-TLSv1.2-client [15-server-auth-TLSv1.2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 [15-server-auth-TLSv1.2-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -460,13 +482,15 @@ client = 16-client-auth-TLSv1.2-request-client [16-client-auth-TLSv1.2-request-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Request [16-client-auth-TLSv1.2-request-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -486,14 +510,16 @@ client = 17-client-auth-TLSv1.2-require-fail-client [17-client-auth-TLSv1.2-require-fail-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [17-client-auth-TLSv1.2-require-fail-client] CipherString = DEFAULT -Protocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -514,16 +540,18 @@ client = 18-client-auth-TLSv1.2-require-client [18-client-auth-TLSv1.2-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Request [18-client-auth-TLSv1.2-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -543,15 +571,17 @@ client = 19-client-auth-TLSv1.2-noroot-client [19-client-auth-TLSv1.2-noroot-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -Protocol = TLSv1.2 VerifyMode = Require [19-client-auth-TLSv1.2-noroot-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem -Protocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index 36d13df04d..e1044f9ebc 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -31,10 +31,12 @@ sub generate_tests() { push @tests, { name => "server-auth-${protocol_name}", server => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -43,11 +45,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-request", server => { - "Protocol" => $protocol, - "VerifyMode" => "Request", + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, + "VerifyMode" => "Request" }, client => { - "Protocol" => $protocol + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "Success" }, }; @@ -56,12 +60,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require-fail", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol }, test => { "ExpectedResult" => "ServerFail", @@ -73,12 +79,14 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-require", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem", "VerifyMode" => "Request", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", }, @@ -89,11 +97,13 @@ sub generate_tests() { push @tests, { name => "client-auth-${protocol_name}-noroot", server => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "VerifyMode" => "Require", }, client => { - "Protocol" => $protocol, + "MinProtocol" => $protocol, + "MaxProtocol" => $protocol, "Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-client-chain.pem", "PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}ee-key.pem", }, |