1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# -*- mode: perl; -*-
# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
## SSL test configurations
package ssltests;
srand(1);
sub randcase {
my ($names) = @_;
my @ret;
foreach my $name (split(/:/, $names)) {
my ($alg, $rest) = split(/(?=[+])/, $name, 2);
$alg =~ s{([a-zA-Z])}{chr(ord($1)^(int(rand(2.0)) * 32))}eg;
push @ret, $alg . ($rest // "");
}
return join(":", @ret);
}
our @tests = (
{
name => "default",
server => { },
client => { },
test => { "ExpectedResult" => "Success" },
},
{
name => "Server signature algorithms bug",
# Should have no effect as we aren't doing client auth
server => { "ClientSignatureAlgorithms" => randcase("PSS+SHA512:RSA+SHA512") },
client => { "SignatureAlgorithms" => randcase("PSS+SHA256:RSA+SHA256") },
test => { "ExpectedResult" => "Success" },
},
{
name => "verify-cert",
server => { },
client => {
# Don't set up the client root file.
"VerifyCAFile" => undef,
},
test => {
"ExpectedResult" => "ClientFail",
"ExpectedClientAlert" => "UnknownCA",
},
},
{
name => "name-constraints-no-san-in-ee",
server => {
"Certificate" => test_pem("goodcn2-chain.pem"),
"PrivateKey" => test_pem("goodcn2-key.pem"),
},
client => {
"VerifyCAFile" => test_pem("root-cert.pem"),
},
test => { "ExpectedResult" => "Success" },
},
);
|
