diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-07-21 16:29:48 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-08-08 12:06:26 +0200 |
| commit | 9f48bbacd8cac8d08dff146db438ab3e19908a7a (patch) | |
| tree | 7650dbd3d696d895c53b153a3d2b8c3881bade88 /test | |
| parent | a4a18b2f891c59fd78ad520da79146af13063892 (diff) | |
Reorganize SSL test structures
Move custom server and client options from the test dictionary to an
"extra" section of each server/client. Rename test expectations to say
"Expected".
This is a big but straightforward change. Primarily, this allows us to
specify multiple server and client contexts without redefining the
custom options for each of them. For example, instead of
"ServerNPNProtocols", "Server2NPNProtocols", "ResumeServerNPNProtocols",
we now have, "NPNProtocols".
This simplifies writing resumption and SNI tests. The first application
will be resumption tests for NPN and ALPN.
Regrouping the options also makes it clearer which options apply to the
server, which apply to the client, which configure the test, and which
are test expectations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'test')
28 files changed, 1698 insertions, 913 deletions
diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 445fda997c..53ee0b433c 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -45,7 +45,22 @@ An example test input looks like this: } ``` -The test section supports the following options: +The test section supports the following options + +### Test mode + +* Method - the method to test. One of DTLS or TLS. + +* HandshakeMode - which handshake flavour to test: + - Simple - plain handshake (default) + - Resume - test resumption + - (Renegotiate - test renegotiation, not yet implemented) + +When HandshakeMode is Resume or Renegotiate, the original handshake is expected +to succeed. All configured test expectations are verified against the second +handshake. + +### Test expectations * ExpectedResult - expected handshake outcome. One of - Success - handshake success @@ -53,54 +68,22 @@ The test section supports the following options: - ClientFail - clientside handshake failure - InternalError - some other error -* ClientAlert, ServerAlert - expected alert. See `ssl_test_ctx.c` for known - values. +* ExpectedClientAlert, ExpectedServerAlert - expected alert. See + `ssl_test_ctx.c` for known values. -* Protocol - expected negotiated protocol. One of +* ExpectedProtocol - expected negotiated protocol. One of SSLv3, TLSv1, TLSv1.1, TLSv1.2. -* ClientVerifyCallback - the client's custom certificate verify callback. - Used to test callback behaviour. One of - - None - no custom callback (default) - - AcceptAll - accepts all certificates. - - RejectAll - rejects all certificates. - -* Method - the method to test. One of DTLS or TLS. - -* ServerName - the server the client should attempt to connect to. One of - - None - do not use SNI (default) - - server1 - the initial context - - server2 - the secondary context - - invalid - an unknown context - -* ServerNameCallback - the SNI switching callback to use - - None - no callback (default) - - IgnoreMismatch - continue the handshake on SNI mismatch - - RejectMismatch - abort the handshake on SNI mismatch - * SessionTicketExpected - whether or not a session ticket is expected - Ignore - do not check for a session ticket (default) - Yes - a session ticket is expected - No - a session ticket is not expected - - Broken - a special test case where the session ticket callback does not - initialize crypto - -* HandshakeMode - which handshake flavour to test: - - Simple - plain handshake (default) - - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) * ResumptionExpected - whether or not resumption is expected (Resume mode only) - Yes - resumed handshake - No - full handshake (default) -When HandshakeMode is Resume or Renegotiate, the original handshake is expected -to succeed. All configured test expectations are verified against the second handshake. - -* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol, - ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol - - NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list, - and a callback with the recommended behaviour will be installed automatically. +* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations. ## Configuring the client and server @@ -132,6 +115,52 @@ The following sections may optionally be defined: whenever HandshakeMode is Resume. If the resume_client section is not present, then the configuration matches client. +### Configuring callbacks and additional options + +Additional handshake settings can be configured in the `extra` section of each +client and server: + +``` +client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } +} +``` + +#### Supported client-side options + +* ClientVerifyCallback - the client's custom certificate verify callback. + Used to test callback behaviour. One of + - None - no custom callback (default) + - AcceptAll - accepts all certificates. + - RejectAll - rejects all certificates. + +* ServerName - the server the client should attempt to connect to. One of + - None - do not use SNI (default) + - server1 - the initial context + - server2 - the secondary context + - invalid - an unknown context + +#### Supported server-side options + +* ServerNameCallback - the SNI switching callback to use + - None - no callback (default) + - IgnoreMismatch - continue the handshake on SNI mismatch + - RejectMismatch - abort the handshake on SNI mismatch + +* BrokenSessionTicket - a special test case where the session ticket callback + does not initialize crypto. + - No (default) + - Yes + +#### Mutually supported options + +* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client + protocols can be specified as a comma-separated list, and a callback with the + recommended behaviour will be installed automatically. + ### Default server and client configurations The default server certificate and CA files are added to the configurations diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index f103e8efb5..fd785b7bc6 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -46,7 +46,8 @@ sub print_templates { if (defined $test->{"server2"}) { $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; } else { - if (defined $test->{"test"}->{"ServerNameCallback"}) { + if ($test->{"server"}->{"extra"} && + defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) { # Default is the same as server. $test->{"reuse_server2"} = 1; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index c7023fe0f2..0da8c544ea 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -269,7 +269,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, */ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, + const SSL_TEST_EXTRA_CONF *extra, CTX_DATA *server_ctx_data, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data) @@ -277,7 +277,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, unsigned char *ticket_keys; size_t ticket_key_len; - switch (test_ctx->client_verify_callback) { + switch (extra->client.verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL); @@ -291,7 +291,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } /* link the two contexts for SNI purposes */ - switch (test_ctx->servername_callback) { + switch (extra->server.servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); @@ -313,49 +313,49 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_cb); - if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { + if (extra->server.broken_session_ticket) { SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); } #ifndef OPENSSL_NO_NEXTPROTONEG - if (test_ctx->server_npn_protocols != NULL) { - parse_protos(test_ctx->server_npn_protocols, + if (extra->server.npn_protocols != NULL) { + parse_protos(extra->server.npn_protocols, &server_ctx_data->npn_protocols, &server_ctx_data->npn_protocols_len); SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, server_ctx_data); } - if (test_ctx->server2_npn_protocols != NULL) { - parse_protos(test_ctx->server2_npn_protocols, + if (extra->server2.npn_protocols != NULL) { + parse_protos(extra->server2.npn_protocols, &server2_ctx_data->npn_protocols, &server2_ctx_data->npn_protocols_len); OPENSSL_assert(server2_ctx != NULL); SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, server2_ctx_data); } - if (test_ctx->client_npn_protocols != NULL) { - parse_protos(test_ctx->client_npn_protocols, + if (extra->client.npn_protocols != NULL) { + parse_protos(extra->client.npn_protocols, &client_ctx_data->npn_protocols, &client_ctx_data->npn_protocols_len); SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, client_ctx_data); } - if (test_ctx->server_alpn_protocols != NULL) { - parse_protos(test_ctx->server_alpn_protocols, + if (extra->server.alpn_protocols != NULL) { + parse_protos(extra->server.alpn_protocols, &server_ctx_data->alpn_protocols, &server_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } - if (test_ctx->server2_alpn_protocols != NULL) { + if (extra->server2.alpn_protocols != NULL) { OPENSSL_assert(server2_ctx != NULL); - parse_protos(test_ctx->server2_alpn_protocols, + parse_protos(extra->server2.alpn_protocols, &server2_ctx_data->alpn_protocols, &server2_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); } - if (test_ctx->client_alpn_protocols != NULL) { + if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len; - parse_protos(test_ctx->client_alpn_protocols, + parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len); /* Reversed return value convention... */ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, @@ -377,11 +377,11 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* Configure per-SSL callbacks and other properties. */ static void configure_handshake_ssl(SSL *server, SSL *client, - const SSL_TEST_CTX *test_ctx) + const SSL_TEST_EXTRA_CONF *extra) { - if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE) + if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) SSL_set_tlsext_host_name(client, - ssl_servername_name(test_ctx->servername)); + ssl_servername_name(extra->client.servername)); } @@ -518,7 +518,7 @@ static char *dup_str(const unsigned char *in, size_t len) static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in, + const SSL_TEST_EXTRA_CONF *extra, SSL_SESSION *session_in, SSL_SESSION **session_out) { SSL *server, *client; @@ -542,14 +542,14 @@ static HANDSHAKE_RESULT *do_handshake_internal( memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); memset(&client_ctx_data, 0, sizeof(client_ctx_data)); - configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, + configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, extra, &server_ctx_data, &server2_ctx_data, &client_ctx_data); server = SSL_new(server_ctx); client = SSL_new(client_ctx); OPENSSL_assert(server != NULL && client != NULL); - configure_handshake_ssl(server, client, test_ctx); + configure_handshake_ssl(server, client, extra); if (session_in != NULL) { /* In case we're testing resumption without tickets. */ OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in)); @@ -689,7 +689,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_SESSION *session = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, - test_ctx, NULL, &session); + &test_ctx->extra, NULL, &session); if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE) goto end; @@ -703,7 +703,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, - test_ctx, session, NULL); + &test_ctx->resume_extra, session, NULL); end: SSL_SESSION_free(session); return result; diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index ab34e01378..6f2f6c4893 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -46,7 +46,7 @@ CipherString = DEFAULT VerifyMode = Peer [test-1] -ClientAlert = UnknownCA +ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in index e3a6330bde..45ddd61921 100644 --- a/test/ssl-tests/01-simple.conf.in +++ b/test/ssl-tests/01-simple.conf.in @@ -28,7 +28,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ClientFail", - "ClientAlert" => "UnknownCA", + "ExpectedClientAlert" => "UnknownCA", }, }, ); diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index 1b9a41b43f..cb89dbc10a 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -894,8 +894,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -920,8 +920,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -946,8 +946,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -971,8 +971,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1024,8 +1024,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1051,8 +1051,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1078,8 +1078,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1104,8 +1104,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1131,8 +1131,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1158,8 +1158,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1185,8 +1185,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1211,8 +1211,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1390,8 +1390,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-39] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1416,8 +1416,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1442,8 +1442,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1467,8 +1467,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1520,8 +1520,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1547,8 +1547,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1574,8 +1574,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1600,8 +1600,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1627,8 +1627,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1654,8 +1654,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1681,8 +1681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1707,8 +1707,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1734,8 +1734,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1761,8 +1761,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1787,8 +1787,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-54] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1889,8 +1889,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1915,8 +1915,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1941,8 +1941,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -1966,8 +1966,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2019,8 +2019,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2046,8 +2046,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2073,8 +2073,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2099,8 +2099,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2126,8 +2126,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2153,8 +2153,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-68] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2180,8 +2180,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2206,8 +2206,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2233,8 +2233,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-71] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2260,8 +2260,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2286,8 +2286,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2313,8 +2313,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2339,8 +2339,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2388,8 +2388,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2413,8 +2413,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2438,8 +2438,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2462,8 +2462,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2513,8 +2513,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [te |