diff options
28 files changed, 1698 insertions, 913 deletions
diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 445fda997c..53ee0b433c 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -45,7 +45,22 @@ An example test input looks like this: } ``` -The test section supports the following options: +The test section supports the following options + +### Test mode + +* Method - the method to test. One of DTLS or TLS. + +* HandshakeMode - which handshake flavour to test: + - Simple - plain handshake (default) + - Resume - test resumption + - (Renegotiate - test renegotiation, not yet implemented) + +When HandshakeMode is Resume or Renegotiate, the original handshake is expected +to succeed. All configured test expectations are verified against the second +handshake. + +### Test expectations * ExpectedResult - expected handshake outcome. One of - Success - handshake success @@ -53,54 +68,22 @@ The test section supports the following options: - ClientFail - clientside handshake failure - InternalError - some other error -* ClientAlert, ServerAlert - expected alert. See `ssl_test_ctx.c` for known - values. +* ExpectedClientAlert, ExpectedServerAlert - expected alert. See + `ssl_test_ctx.c` for known values. -* Protocol - expected negotiated protocol. One of +* ExpectedProtocol - expected negotiated protocol. One of SSLv3, TLSv1, TLSv1.1, TLSv1.2. -* ClientVerifyCallback - the client's custom certificate verify callback. - Used to test callback behaviour. One of - - None - no custom callback (default) - - AcceptAll - accepts all certificates. - - RejectAll - rejects all certificates. - -* Method - the method to test. One of DTLS or TLS. - -* ServerName - the server the client should attempt to connect to. One of - - None - do not use SNI (default) - - server1 - the initial context - - server2 - the secondary context - - invalid - an unknown context - -* ServerNameCallback - the SNI switching callback to use - - None - no callback (default) - - IgnoreMismatch - continue the handshake on SNI mismatch - - RejectMismatch - abort the handshake on SNI mismatch - * SessionTicketExpected - whether or not a session ticket is expected - Ignore - do not check for a session ticket (default) - Yes - a session ticket is expected - No - a session ticket is not expected - - Broken - a special test case where the session ticket callback does not - initialize crypto - -* HandshakeMode - which handshake flavour to test: - - Simple - plain handshake (default) - - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) * ResumptionExpected - whether or not resumption is expected (Resume mode only) - Yes - resumed handshake - No - full handshake (default) -When HandshakeMode is Resume or Renegotiate, the original handshake is expected -to succeed. All configured test expectations are verified against the second handshake. - -* ServerNPNProtocols, Server2NPNProtocols, ClientNPNProtocols, ExpectedNPNProtocol, - ServerALPNProtocols, Server2ALPNProtocols, ClientALPNProtocols, ExpectedALPNProtocol - - NPN and ALPN settings. Server and client protocols can be specified as a comma-separated list, - and a callback with the recommended behaviour will be installed automatically. +* ExpectedNPNProtocol, ExpectedALPNProtocol - NPN and ALPN expectations. ## Configuring the client and server @@ -132,6 +115,52 @@ The following sections may optionally be defined: whenever HandshakeMode is Resume. If the resume_client section is not present, then the configuration matches client. +### Configuring callbacks and additional options + +Additional handshake settings can be configured in the `extra` section of each +client and server: + +``` +client => { + "CipherString" => "DEFAULT", + extra => { + "ServerName" => "server2", + } +} +``` + +#### Supported client-side options + +* ClientVerifyCallback - the client's custom certificate verify callback. + Used to test callback behaviour. One of + - None - no custom callback (default) + - AcceptAll - accepts all certificates. + - RejectAll - rejects all certificates. + +* ServerName - the server the client should attempt to connect to. One of + - None - do not use SNI (default) + - server1 - the initial context + - server2 - the secondary context + - invalid - an unknown context + +#### Supported server-side options + +* ServerNameCallback - the SNI switching callback to use + - None - no callback (default) + - IgnoreMismatch - continue the handshake on SNI mismatch + - RejectMismatch - abort the handshake on SNI mismatch + +* BrokenSessionTicket - a special test case where the session ticket callback + does not initialize crypto. + - No (default) + - Yes + +#### Mutually supported options + +* NPNProtocols, ALPNProtocols - NPN and ALPN settings. Server and client + protocols can be specified as a comma-separated list, and a callback with the + recommended behaviour will be installed automatically. + ### Default server and client configurations The default server certificate and CA files are added to the configurations diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index f103e8efb5..fd785b7bc6 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -46,7 +46,8 @@ sub print_templates { if (defined $test->{"server2"}) { $test->{"server2"} = { (%ssltests::base_server, %{$test->{"server2"}}) }; } else { - if (defined $test->{"test"}->{"ServerNameCallback"}) { + if ($test->{"server"}->{"extra"} && + defined $test->{"server"}->{"extra"}->{"ServerNameCallback"}) { # Default is the same as server. $test->{"reuse_server2"} = 1; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index c7023fe0f2..0da8c544ea 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -269,7 +269,7 @@ static int server_alpn_cb(SSL *s, const unsigned char **out, */ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, + const SSL_TEST_EXTRA_CONF *extra, CTX_DATA *server_ctx_data, CTX_DATA *server2_ctx_data, CTX_DATA *client_ctx_data) @@ -277,7 +277,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, unsigned char *ticket_keys; size_t ticket_key_len; - switch (test_ctx->client_verify_callback) { + switch (extra->client.verify_callback) { case SSL_TEST_VERIFY_ACCEPT_ALL: SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL); @@ -291,7 +291,7 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } /* link the two contexts for SNI purposes */ - switch (test_ctx->servername_callback) { + switch (extra->server.servername_callback) { case SSL_TEST_SERVERNAME_IGNORE_MISMATCH: SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb); SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx); @@ -313,49 +313,49 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_cb); - if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) { + if (extra->server.broken_session_ticket) { SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb); } #ifndef OPENSSL_NO_NEXTPROTONEG - if (test_ctx->server_npn_protocols != NULL) { - parse_protos(test_ctx->server_npn_protocols, + if (extra->server.npn_protocols != NULL) { + parse_protos(extra->server.npn_protocols, &server_ctx_data->npn_protocols, &server_ctx_data->npn_protocols_len); SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb, server_ctx_data); } - if (test_ctx->server2_npn_protocols != NULL) { - parse_protos(test_ctx->server2_npn_protocols, + if (extra->server2.npn_protocols != NULL) { + parse_protos(extra->server2.npn_protocols, &server2_ctx_data->npn_protocols, &server2_ctx_data->npn_protocols_len); OPENSSL_assert(server2_ctx != NULL); SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb, server2_ctx_data); } - if (test_ctx->client_npn_protocols != NULL) { - parse_protos(test_ctx->client_npn_protocols, + if (extra->client.npn_protocols != NULL) { + parse_protos(extra->client.npn_protocols, &client_ctx_data->npn_protocols, &client_ctx_data->npn_protocols_len); SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb, client_ctx_data); } - if (test_ctx->server_alpn_protocols != NULL) { - parse_protos(test_ctx->server_alpn_protocols, + if (extra->server.alpn_protocols != NULL) { + parse_protos(extra->server.alpn_protocols, &server_ctx_data->alpn_protocols, &server_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data); } - if (test_ctx->server2_alpn_protocols != NULL) { + if (extra->server2.alpn_protocols != NULL) { OPENSSL_assert(server2_ctx != NULL); - parse_protos(test_ctx->server2_alpn_protocols, + parse_protos(extra->server2.alpn_protocols, &server2_ctx_data->alpn_protocols, &server2_ctx_data->alpn_protocols_len); SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb, server2_ctx_data); } - if (test_ctx->client_alpn_protocols != NULL) { + if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; size_t alpn_protos_len; - parse_protos(test_ctx->client_alpn_protocols, + parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len); /* Reversed return value convention... */ OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos, @@ -377,11 +377,11 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* Configure per-SSL callbacks and other properties. */ static void configure_handshake_ssl(SSL *server, SSL *client, - const SSL_TEST_CTX *test_ctx) + const SSL_TEST_EXTRA_CONF *extra) { - if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE) + if (extra->client.servername != SSL_TEST_SERVERNAME_NONE) SSL_set_tlsext_host_name(client, - ssl_servername_name(test_ctx->servername)); + ssl_servername_name(extra->client.servername)); } @@ -518,7 +518,7 @@ static char *dup_str(const unsigned char *in, size_t len) static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, - const SSL_TEST_CTX *test_ctx, SSL_SESSION *session_in, + const SSL_TEST_EXTRA_CONF *extra, SSL_SESSION *session_in, SSL_SESSION **session_out) { SSL *server, *client; @@ -542,14 +542,14 @@ static HANDSHAKE_RESULT *do_handshake_internal( memset(&server2_ctx_data, 0, sizeof(server2_ctx_data)); memset(&client_ctx_data, 0, sizeof(client_ctx_data)); - configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, test_ctx, + configure_handshake_ctx(server_ctx, server2_ctx, client_ctx, extra, &server_ctx_data, &server2_ctx_data, &client_ctx_data); server = SSL_new(server_ctx); client = SSL_new(client_ctx); OPENSSL_assert(server != NULL && client != NULL); - configure_handshake_ssl(server, client, test_ctx); + configure_handshake_ssl(server, client, extra); if (session_in != NULL) { /* In case we're testing resumption without tickets. */ OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in)); @@ -689,7 +689,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_SESSION *session = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, - test_ctx, NULL, &session); + &test_ctx->extra, NULL, &session); if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE) goto end; @@ -703,7 +703,7 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, HANDSHAKE_RESULT_free(result); /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, - test_ctx, session, NULL); + &test_ctx->resume_extra, session, NULL); end: SSL_SESSION_free(session); return result; diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf index ab34e01378..6f2f6c4893 100644 --- a/test/ssl-tests/01-simple.conf +++ b/test/ssl-tests/01-simple.conf @@ -46,7 +46,7 @@ CipherString = DEFAULT VerifyMode = Peer [test-1] -ClientAlert = UnknownCA +ExpectedClientAlert = UnknownCA ExpectedResult = ClientFail diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in index e3a6330bde..45ddd61921 100644 --- a/test/ssl-tests/01-simple.conf.in +++ b/test/ssl-tests/01-simple.conf.in @@ -28,7 +28,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ClientFail", - "ClientAlert" => "UnknownCA", + "ExpectedClientAlert" => "UnknownCA", }, }, ); diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index 1b9a41b43f..cb89dbc10a 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -894,8 +894,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -920,8 +920,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -946,8 +946,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -971,8 +971,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1024,8 +1024,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1051,8 +1051,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1078,8 +1078,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1104,8 +1104,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1131,8 +1131,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1158,8 +1158,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1185,8 +1185,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1211,8 +1211,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1390,8 +1390,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-39] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1416,8 +1416,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1442,8 +1442,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1467,8 +1467,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1520,8 +1520,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1547,8 +1547,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1574,8 +1574,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1600,8 +1600,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1627,8 +1627,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1654,8 +1654,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1681,8 +1681,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1707,8 +1707,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1734,8 +1734,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1761,8 +1761,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1787,8 +1787,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-54] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1889,8 +1889,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -1915,8 +1915,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -1941,8 +1941,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -1966,8 +1966,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2019,8 +2019,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2046,8 +2046,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2073,8 +2073,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2099,8 +2099,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2126,8 +2126,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2153,8 +2153,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-68] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2180,8 +2180,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2206,8 +2206,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2233,8 +2233,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-71] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2260,8 +2260,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2286,8 +2286,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2313,8 +2313,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2339,8 +2339,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2388,8 +2388,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2413,8 +2413,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2438,8 +2438,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2462,8 +2462,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] +ExpectedProtocol = TLSv1.2 ExpectedResult = Success -Protocol = TLSv1.2 # =========================================================== @@ -2513,8 +2513,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] +ExpectedProtocol = TLSv1 ExpectedResult = Success -Protocol = TLSv1 # =========================================================== @@ -2539,8 +2539,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-83] +ExpectedProtocol = TLSv1.1 ExpectedResult = Success -Protocol = TLSv1.1 # =========================================================== @@ -2565,8 +2565,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] +ExpectedProtocol = TLSv1.2 ExpectedResult = Suc |