summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/recipes/70-test_sslmessages.t1
-rw-r--r--test/ssl-tests/02-protocol-version.conf32
-rw-r--r--test/ssl-tests/23-srp.conf4
-rw-r--r--test/ssl-tests/23-srp.conf.in154
-rw-r--r--test/ssl-tests/protocol_version.pm6
5 files changed, 105 insertions, 92 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index 790b3aeda2..a6278dc630 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -396,6 +396,7 @@ SKIP: {
skip "No EC support in this OpenSSL build", 1 if disabled("ec");
$proxy->clear();
$proxy->clientflags("-no_tls1_3");
+ $proxy->serverflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->start();
checkhandshake($proxy, checkhandshake::EC_HANDSHAKE,
diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
index d5e0779156..41fa8ca17a 100644
--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
@@ -700,7 +700,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -850,7 +850,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -1314,7 +1314,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-24]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -1339,7 +1339,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-25]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -4759,7 +4759,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-156]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -4915,7 +4915,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-162]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -5397,7 +5397,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-180]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -5423,7 +5423,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-181]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -17393,7 +17393,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-624]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -17549,7 +17549,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-630]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18031,7 +18031,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-648]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18057,7 +18057,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-649]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18082,7 +18082,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-650]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18232,7 +18232,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-656]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18696,7 +18696,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-674]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
# ===========================================================
@@ -18721,6 +18721,6 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-675]
-ExpectedResult = InternalError
+ExpectedResult = ClientFail
diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf
index 6ae49e6814..610a0bb08a 100644
--- a/test/ssl-tests/23-srp.conf
+++ b/test/ssl-tests/23-srp.conf
@@ -18,6 +18,7 @@ client = 0-srp-client
[0-srp-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-srp-client]
@@ -52,6 +53,7 @@ client = 1-srp-bad-password-client
[1-srp-bad-password-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-srp-bad-password-client]
@@ -86,6 +88,7 @@ client = 2-srp-auth-client
[2-srp-auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = aSRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-srp-auth-client]
@@ -120,6 +123,7 @@ client = 3-srp-auth-bad-password-client
[3-srp-auth-bad-password-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = aSRP
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-srp-auth-bad-password-client]
diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in
index b7601fc3e5..dcbd9f4ff9 100644
--- a/test/ssl-tests/23-srp.conf.in
+++ b/test/ssl-tests/23-srp.conf.in
@@ -15,89 +15,93 @@ package ssltests;
our @tests = (
{
- name => "srp",
- server => {
- "CipherString" => "SRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp",
+ server => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success"
},
- client => {
- "CipherString" => "SRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
- },
- test => {
- "ExpectedResult" => "Success"
- },
},
{
- name => "srp-bad-password",
- server => {
- "CipherString" => "SRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-bad-password",
+ server => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "SRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "passw0rd",
+ },
+ },
+ test => {
+ # Server fails first with bad client Finished.
+ "ExpectedResult" => "ServerFail"
},
- client => {
- "CipherString" => "SRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "passw0rd",
- },
- },
- test => {
- # Server fails first with bad client Finished.
- "ExpectedResult" => "ServerFail"
- },
},
{
- name => "srp-auth",
- server => {
- "CipherString" => "aSRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-auth",
+ server => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ test => {
+ "ExpectedResult" => "Success"
},
- client => {
- "CipherString" => "aSRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
- },
- test => {
- "ExpectedResult" => "Success"
- },
},
{
- name => "srp-auth-bad-password",
- server => {
- "CipherString" => "aSRP",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "password",
- },
+ name => "srp-auth-bad-password",
+ server => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "password",
+ },
+ },
+ client => {
+ "CipherString" => "aSRP",
+ "MaxProtocol" => "TLSv1.2",
+ extra => {
+ "SRPUser" => "user",
+ "SRPPassword" => "passw0rd",
+ },
+ },
+ test => {
+ # Server fails first with bad client Finished.
+ "ExpectedResult" => "ServerFail"
},
- client => {
- "CipherString" => "aSRP",
- "MaxProtocol" => "TLSv1.2",
- extra => {
- "SRPUser" => "user",
- "SRPPassword" => "passw0rd",
- },
- },
- test => {
- # Server fails first with bad client Finished.
- "ExpectedResult" => "ServerFail"
- },
},
-); \ No newline at end of file
+);
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index 7c28bcf0f6..ef92275257 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -242,7 +242,11 @@ sub expected_result {
$c_max = min $c_max, $max_enabled;
$s_max = min $s_max, $max_enabled;
- if ($c_min > $c_max) {
+ if ($c_min > $c_max && $s_min > $s_max) {
+ # Client will fail to send a hello and server will fail to start. The
+ # client failed first so this is reported as ClientFail.
+ return ("ClientFail", undef);
+ } elsif ($c_min > $c_max) {
# Client should fail to even send a hello.
# This results in an internal error since the server will be
# waiting for input that never arrives.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 10:16:24 +0000