diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/ssl-tests/16-dtls-certstatus.cnf | 8 | ||||
-rw-r--r-- | test/ssl-tests/16-dtls-certstatus.cnf.in | 33 | ||||
-rw-r--r-- | test/ssl-tests/18-dtls-renegotiate.cnf | 20 | ||||
-rw-r--r-- | test/ssl-tests/18-dtls-renegotiate.cnf.in | 28 | ||||
-rw-r--r-- | test/ssl-tests/protocol_version.pm | 7 |
5 files changed, 68 insertions, 28 deletions
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf b/test/ssl-tests/16-dtls-certstatus.cnf index a561803a55..ee46be4d3b 100644 --- a/test/ssl-tests/16-dtls-certstatus.cnf +++ b/test/ssl-tests/16-dtls-certstatus.cnf @@ -15,11 +15,11 @@ client = 0-certstatus-good-client [0-certstatus-good-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-certstatus-good-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -43,11 +43,11 @@ client = 1-certstatus-bad-client [1-certstatus-bad-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-certstatus-bad-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/16-dtls-certstatus.cnf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in index c5545991d2..ebab3d7ca2 100644 --- a/test/ssl-tests/16-dtls-certstatus.cnf.in +++ b/test/ssl-tests/16-dtls-certstatus.cnf.in @@ -15,15 +15,22 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; -our @tests = ( +our $fips_mode; + +our @tests = (); + +our @tests_standard = ( { name => "certstatus-good", server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", extra => { - "CertStatus" => "GoodResponse", + "CertStatus" => "GoodResponse" }, }, - client => {}, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + }, test => { "Method" => "DTLS", "ExpectedResult" => "Success" @@ -32,11 +39,14 @@ our @tests = ( { name => "certstatus-bad", server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", extra => { "CertStatus" => "BadResponse", }, }, - client => {}, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + }, test => { "Method" => "DTLS", "ExpectedResult" => "ClientFail" @@ -48,11 +58,14 @@ our @tests_sctp = ( { name => "certstatus-good", server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", extra => { "CertStatus" => "GoodResponse", }, }, - client => {}, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + }, test => { "Method" => "DTLS", "UseSCTP" => "Yes", @@ -62,11 +75,14 @@ our @tests_sctp = ( { name => "certstatus-bad", server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", extra => { "CertStatus" => "BadResponse", }, }, - client => {}, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + }, test => { "Method" => "DTLS", "UseSCTP" => "Yes", @@ -75,4 +91,7 @@ our @tests_sctp = ( }, ); -push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); +if (!$fips_mode || !disabled("dtls1_2")) { + push @tests, @tests_standard; + push @tests, @tests_sctp unless disabled("sctp") || disabled("sock"); +} diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf index 9204dd2c5d..0f3d1eae23 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf +++ b/test/ssl-tests/18-dtls-renegotiate.cnf @@ -22,12 +22,12 @@ client = 0-renegotiate-client-no-resume-client [0-renegotiate-client-no-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 Options = NoResumptionOnRenegotiation PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-renegotiate-client-no-resume-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -50,11 +50,11 @@ client = 1-renegotiate-client-resume-client [1-renegotiate-client-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-renegotiate-client-resume-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -77,11 +77,11 @@ client = 2-renegotiate-server-resume-client [2-renegotiate-server-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-renegotiate-server-resume-client] -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -104,14 +104,14 @@ client = 3-renegotiate-client-auth-require-client [3-renegotiate-client-auth-require-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require [3-renegotiate-client-auth-require-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -135,14 +135,14 @@ client = 4-renegotiate-client-auth-once-client [4-renegotiate-client-auth-once-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Once [4-renegotiate-client-auth-once-client] Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem -CipherString = DEFAULT +CipherString = DEFAULT:@SECLEVEL=0 PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in index b8ec735eb2..400ec67d31 100644 --- a/test/ssl-tests/18-dtls-renegotiate.cnf.in +++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in @@ -15,20 +15,26 @@ use warnings; package ssltests; use OpenSSL::Test::Utils; +our $fips_mode; + our @tests = (); foreach my $sctp ("No", "Yes") { next if disabled("sctp") && $sctp eq "Yes"; + next if disabled("dtls1_2") && $fips_mode; my $suffix = ($sctp eq "No") ? "" : "-sctp"; our @tests_basic = ( { name => "renegotiate-client-no-resume".$suffix, server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0', "Options" => "NoResumptionOnRenegotiation" }, - client => {}, + client => { + "CipherString" => 'DEFAULT:@SECLEVEL=0' + }, test => { "Method" => "DTLS", "UseSCTP" => $sctp, @@ -39,8 +45,12 @@ foreach my $sctp ("No", "Yes") }, { name => "renegotiate-client-resume".$suffix, - server => {}, - client => {}, + server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0' + }, + client => { + "CipherString" => 'DEFAULT:@SECLEVEL=0' + }, test => { "Method" => "DTLS", "UseSCTP" => $sctp, @@ -60,8 +70,12 @@ foreach my $sctp ("No", "Yes") # and if so, what to? { name => "renegotiate-server-resume".$suffix, - server => {}, - client => {}, + server => { + "CipherString" => 'DEFAULT:@SECLEVEL=0' + }, + client => { + "CipherString" => 'DEFAULT:@SECLEVEL=0' + }, test => { "Method" => "DTLS", "UseSCTP" => $sctp, @@ -75,10 +89,12 @@ foreach my $sctp ("No", "Yes") server => { "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Require", + "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { "Certificate" => test_pem("ee-client-chain.pem"), "PrivateKey" => test_pem("ee-key.pem"), + "CipherString" => 'DEFAULT:@SECLEVEL=0' }, test => { "Method" => "DTLS", @@ -93,10 +109,12 @@ foreach my $sctp ("No", "Yes") server => { "VerifyCAFile" => test_pem("root-cert.pem"), "VerifyMode" => "Once", + "CipherString" => 'DEFAULT:@SECLEVEL=0' }, client => { "Certificate" => test_pem("ee-client-chain.pem"), "PrivateKey" => test_pem("ee-key.pem"), + "CipherString" => 'DEFAULT:@SECLEVEL=0' }, test => { "Method" => "DTLS", diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index 9e9b9a892d..4e4ce365d6 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -102,7 +102,10 @@ $min_dtls_enabled_fips = min_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disab $max_dtls_enabled_fips = max_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips); sub no_tests { - my ($dtls) = @_; + my ($dtls, $fips) = @_; + if ($dtls && $fips) { + return disabled("dtls1_2"); + } return $dtls ? alldisabled("dtls1", "dtls1_2") : alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); } @@ -134,7 +137,7 @@ sub generate_version_tests { $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; } - if (no_tests($dtls)) { + if (no_tests($dtls, $fips)) { return; } |