summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--test/certs/embeddedSCTs1-key.pem15
-rw-r--r--test/ssl-tests/12-ct.conf176
-rw-r--r--test/ssl-tests/12-ct.conf.in55
3 files changed, 178 insertions, 68 deletions
diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
new file mode 100644
index 0000000000..e3e66d55c5
--- /dev/null
+++ b/test/certs/embeddedSCTs1-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
+WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
+EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
+AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
+PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
+flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
+X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
+pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
+b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
+9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
+83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
+n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
+1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+-----END RSA PRIVATE KEY-----
diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf
index 22fa18dd45..2e6e9dea67 100644
--- a/test/ssl-tests/12-ct.conf
+++ b/test/ssl-tests/12-ct.conf
@@ -1,135 +1,191 @@
# Generated with generate_ssl_tests.pl
-num_tests = 4
-
-test-0 = 0-ct-permissive
-test-1 = 1-ct-strict
-test-2 = 2-ct-permissive-resumption
-test-3 = 3-ct-strict-resumption
+num_tests = 6
+
+test-0 = 0-ct-permissive-without-scts
+test-1 = 1-ct-permissive-with-scts
+test-2 = 2-ct-strict-without-scts
+test-3 = 3-ct-strict-with-scts
+test-4 = 4-ct-permissive-resumption
+test-5 = 5-ct-strict-resumption
# ===========================================================
-[0-ct-permissive]
-ssl_conf = 0-ct-permissive-ssl
+[0-ct-permissive-without-scts]
+ssl_conf = 0-ct-permissive-without-scts-ssl
-[0-ct-permissive-ssl]
-server = 0-ct-permissive-server
-client = 0-ct-permissive-client
+[0-ct-permissive-without-scts-ssl]
+server = 0-ct-permissive-without-scts-server
+client = 0-ct-permissive-without-scts-client
-[0-ct-permissive-server]
+[0-ct-permissive-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-ct-permissive-client]
+[0-ct-permissive-without-scts-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
ExpectedResult = Success
-client = 0-ct-permissive-client-extra
+client = 0-ct-permissive-without-scts-client-extra
+
+[0-ct-permissive-without-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[1-ct-permissive-with-scts]
+ssl_conf = 1-ct-permissive-with-scts-ssl
+
+[1-ct-permissive-with-scts-ssl]
+server = 1-ct-permissive-with-scts-server
+client = 1-ct-permissive-with-scts-client
+
+[1-ct-permissive-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[1-ct-permissive-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+client = 1-ct-permissive-with-scts-client-extra
-[0-ct-permissive-client-extra]
+[1-ct-permissive-with-scts-client-extra]
CTValidation = Permissive
# ===========================================================
-[1-ct-strict]
-ssl_conf = 1-ct-strict-ssl
+[2-ct-strict-without-scts]
+ssl_conf = 2-ct-strict-without-scts-ssl
-[1-ct-strict-ssl]
-server = 1-ct-strict-server
-client = 1-ct-strict-client
+[2-ct-strict-without-scts-ssl]
+server = 2-ct-strict-without-scts-server
+client = 2-ct-strict-without-scts-client
-[1-ct-strict-server]
+[2-ct-strict-without-scts-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-ct-strict-client]
+[2-ct-strict-without-scts-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-1]
+[test-2]
ExpectedClientAlert = HandshakeFailure
ExpectedResult = ClientFail
-client = 1-ct-strict-client-extra
+client = 2-ct-strict-without-scts-client-extra
-[1-ct-strict-client-extra]
+[2-ct-strict-without-scts-client-extra]
CTValidation = Strict
# ===========================================================
-[2-ct-permissive-resumption]
-ssl_conf = 2-ct-permissive-resumption-ssl
+[3-ct-strict-with-scts]
+ssl_conf = 3-ct-strict-with-scts-ssl
-[2-ct-permissive-resumption-ssl]
-server = 2-ct-permissive-resumption-server
-client = 2-ct-permissive-resumption-client
-resume-server = 2-ct-permissive-resumption-server
-resume-client = 2-ct-permissive-resumption-client
+[3-ct-strict-with-scts-ssl]
+server = 3-ct-strict-with-scts-server
+client = 3-ct-strict-with-scts-client
-[2-ct-permissive-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+[3-ct-strict-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-[2-ct-permissive-resumption-client]
+[3-ct-strict-with-scts-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
-[test-2]
+[test-3]
+ExpectedResult = Success
+client = 3-ct-strict-with-scts-client-extra
+
+[3-ct-strict-with-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[4-ct-permissive-resumption]
+ssl_conf = 4-ct-permissive-resumption-ssl
+
+[4-ct-permissive-resumption-ssl]
+server = 4-ct-permissive-resumption-server
+client = 4-ct-permissive-resumption-client
+resume-server = 4-ct-permissive-resumption-server
+resume-client = 4-ct-permissive-resumption-client
+
+[4-ct-permissive-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[4-ct-permissive-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-4]
ExpectedResult = Success
HandshakeMode = Resume
ResumptionExpected = Yes
-client = 2-ct-permissive-resumption-client-extra
-resume-client = 2-ct-permissive-resumption-client-extra
+client = 4-ct-permissive-resumption-client-extra
+resume-client = 4-ct-permissive-resumption-client-extra
-[2-ct-permissive-resumption-client-extra]
+[4-ct-permissive-resumption-client-extra]
CTValidation = Permissive
# ===========================================================
-[3-ct-strict-resumption]
-ssl_conf = 3-ct-strict-resumption-ssl
+[5-ct-strict-resumption]
+ssl_conf = 5-ct-strict-resumption-ssl
-[3-ct-strict-resumption-ssl]
-server = 3-ct-strict-resumption-server
-client = 3-ct-strict-resumption-client
-resume-server = 3-ct-strict-resumption-server
-resume-client = 3-ct-strict-resumption-resume-client
+[5-ct-strict-resumption-ssl]
+server = 5-ct-strict-resumption-server
+client = 5-ct-strict-resumption-client
+resume-server = 5-ct-strict-resumption-server
+resume-client = 5-ct-strict-resumption-resume-client
-[3-ct-strict-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+[5-ct-strict-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-[3-ct-strict-resumption-client]
+[5-ct-strict-resumption-client]
CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
VerifyMode = Peer
-[3-ct-strict-resumption-resume-client]
+[5-ct-strict-resumption-resume-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-3]
+[test-5]
ExpectedResult = Success
HandshakeMode = Resume
ResumptionExpected = Yes
-client = 3-ct-strict-resumption-client-extra
-resume-client = 3-ct-strict-resumption-resume-client-extra
+client = 5-ct-strict-resumption-client-extra
+resume-client = 5-ct-strict-resumption-resume-client-extra
-[3-ct-strict-resumption-client-extra]
-CTValidation = Permissive
+[5-ct-strict-resumption-client-extra]
+CTValidation = Strict
-[3-ct-strict-resumption-resume-client-extra]
+[5-ct-strict-resumption-resume-client-extra]
CTValidation = Strict
diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in
index c27e0911ff..7c0304995f 100644
--- a/test/ssl-tests/12-ct.conf.in
+++ b/test/ssl-tests/12-ct.conf.in
@@ -16,9 +16,8 @@ package ssltests;
our @tests = (
- # Currently only have tests for certs without SCTs.
{
- name => "ct-permissive",
+ name => "ct-permissive-without-scts",
server => { },
client => {
extra => {
@@ -28,9 +27,25 @@ our @tests = (
test => {
"ExpectedResult" => "Success",
},
- },
+ },
{
- name => "ct-strict",
+ name => "ct-permissive-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Permissive",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
+ name => "ct-strict-without-scts",
server => { },
client => {
extra => {
@@ -43,9 +58,29 @@ our @tests = (
},
},
{
+ name => "ct-strict-with-scts",
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
+ client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+ extra => {
+ "CTValidation" => "Strict",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success",
+ },
+ },
+ {
name => "ct-permissive-resumption",
- server => { },
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
"CTValidation" => "Permissive",
},
@@ -55,13 +90,17 @@ our @tests = (
"ResumptionExpected" => "Yes",
"ExpectedResult" => "Success",
},
- },
+ },
{
name => "ct-strict-resumption",
- server => { },
+ server => {
+ "Certificate" => test_pem("embeddedSCTs1.pem"),
+ "PrivateKey" => test_pem("embeddedSCTs1-key.pem"),
+ },
client => {
+ "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
extra => {
- "CTValidation" => "Permissive",
+ "CTValidation" => "Strict",
},
},
# SCTs are not present during resumption, so the resumption
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 03:28:17 +0000