aboutsummaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/ssl-tests/16-dtls-certstatus.cnf8
-rw-r--r--test/ssl-tests/16-dtls-certstatus.cnf.in33
-rw-r--r--test/ssl-tests/18-dtls-renegotiate.cnf20
-rw-r--r--test/ssl-tests/18-dtls-renegotiate.cnf.in28
-rw-r--r--test/ssl-tests/protocol_version.pm7
5 files changed, 68 insertions, 28 deletions
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf b/test/ssl-tests/16-dtls-certstatus.cnf
index a561803a55..ee46be4d3b 100644
--- a/test/ssl-tests/16-dtls-certstatus.cnf
+++ b/test/ssl-tests/16-dtls-certstatus.cnf
@@ -15,11 +15,11 @@ client = 0-certstatus-good-client
[0-certstatus-good-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-certstatus-good-client]
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -43,11 +43,11 @@ client = 1-certstatus-bad-client
[1-certstatus-bad-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-certstatus-bad-client]
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in
index c5545991d2..ebab3d7ca2 100644
--- a/test/ssl-tests/16-dtls-certstatus.cnf.in
+++ b/test/ssl-tests/16-dtls-certstatus.cnf.in
@@ -15,15 +15,22 @@ use warnings;
package ssltests;
use OpenSSL::Test::Utils;
-our @tests = (
+our $fips_mode;
+
+our @tests = ();
+
+our @tests_standard = (
{
name => "certstatus-good",
server => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
- "CertStatus" => "GoodResponse",
+ "CertStatus" => "GoodResponse"
},
},
- client => {},
+ client => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
+ },
test => {
"Method" => "DTLS",
"ExpectedResult" => "Success"
@@ -32,11 +39,14 @@ our @tests = (
{
name => "certstatus-bad",
server => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
"CertStatus" => "BadResponse",
},
},
- client => {},
+ client => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
+ },
test => {
"Method" => "DTLS",
"ExpectedResult" => "ClientFail"
@@ -48,11 +58,14 @@ our @tests_sctp = (
{
name => "certstatus-good",
server => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
"CertStatus" => "GoodResponse",
},
},
- client => {},
+ client => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
+ },
test => {
"Method" => "DTLS",
"UseSCTP" => "Yes",
@@ -62,11 +75,14 @@ our @tests_sctp = (
{
name => "certstatus-bad",
server => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
"CertStatus" => "BadResponse",
},
},
- client => {},
+ client => {
+ "CipherString" => "DEFAULT:\@SECLEVEL=0",
+ },
test => {
"Method" => "DTLS",
"UseSCTP" => "Yes",
@@ -75,4 +91,7 @@ our @tests_sctp = (
},
);
-push @tests, @tests_sctp unless disabled("sctp") || disabled("sock");
+if (!$fips_mode || !disabled("dtls1_2")) {
+ push @tests, @tests_standard;
+ push @tests, @tests_sctp unless disabled("sctp") || disabled("sock");
+}
diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf
index 9204dd2c5d..0f3d1eae23 100644
--- a/test/ssl-tests/18-dtls-renegotiate.cnf
+++ b/test/ssl-tests/18-dtls-renegotiate.cnf
@@ -22,12 +22,12 @@ client = 0-renegotiate-client-no-resume-client
[0-renegotiate-client-no-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
Options = NoResumptionOnRenegotiation
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-renegotiate-client-no-resume-client]
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -50,11 +50,11 @@ client = 1-renegotiate-client-resume-client
[1-renegotiate-client-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-renegotiate-client-resume-client]
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -77,11 +77,11 @@ client = 2-renegotiate-server-resume-client
[2-renegotiate-server-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-renegotiate-server-resume-client]
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -104,14 +104,14 @@ client = 3-renegotiate-client-auth-require-client
[3-renegotiate-client-auth-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[3-renegotiate-client-auth-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@@ -135,14 +135,14 @@ client = 4-renegotiate-client-auth-once-client
[4-renegotiate-client-auth-once-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Once
[4-renegotiate-client-auth-once-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
+CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in
index b8ec735eb2..400ec67d31 100644
--- a/test/ssl-tests/18-dtls-renegotiate.cnf.in
+++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in
@@ -15,20 +15,26 @@ use warnings;
package ssltests;
use OpenSSL::Test::Utils;
+our $fips_mode;
+
our @tests = ();
foreach my $sctp ("No", "Yes")
{
next if disabled("sctp") && $sctp eq "Yes";
+ next if disabled("dtls1_2") && $fips_mode;
my $suffix = ($sctp eq "No") ? "" : "-sctp";
our @tests_basic = (
{
name => "renegotiate-client-no-resume".$suffix,
server => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0',
"Options" => "NoResumptionOnRenegotiation"
},
- client => {},
+ client => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
+ },
test => {
"Method" => "DTLS",
"UseSCTP" => $sctp,
@@ -39,8 +45,12 @@ foreach my $sctp ("No", "Yes")
},
{
name => "renegotiate-client-resume".$suffix,
- server => {},
- client => {},
+ server => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
+ },
+ client => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
+ },
test => {
"Method" => "DTLS",
"UseSCTP" => $sctp,
@@ -60,8 +70,12 @@ foreach my $sctp ("No", "Yes")
# and if so, what to?
{
name => "renegotiate-server-resume".$suffix,
- server => {},
- client => {},
+ server => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
+ },
+ client => {
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
+ },
test => {
"Method" => "DTLS",
"UseSCTP" => $sctp,
@@ -75,10 +89,12 @@ foreach my $sctp ("No", "Yes")
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
},
client => {
"Certificate" => test_pem("ee-client-chain.pem"),
"PrivateKey" => test_pem("ee-key.pem"),
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
},
test => {
"Method" => "DTLS",
@@ -93,10 +109,12 @@ foreach my $sctp ("No", "Yes")
server => {
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Once",
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
},
client => {
"Certificate" => test_pem("ee-client-chain.pem"),
"PrivateKey" => test_pem("ee-key.pem"),
+ "CipherString" => 'DEFAULT:@SECLEVEL=0'
},
test => {
"Method" => "DTLS",
diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index 9e9b9a892d..4e4ce365d6 100644
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -102,7 +102,10 @@ $min_dtls_enabled_fips = min_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disab
$max_dtls_enabled_fips = max_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips);
sub no_tests {
- my ($dtls) = @_;
+ my ($dtls, $fips) = @_;
+ if ($dtls && $fips) {
+ return disabled("dtls1_2");
+ }
return $dtls ? alldisabled("dtls1", "dtls1_2") :
alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
}
@@ -134,7 +137,7 @@ sub generate_version_tests {
$max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
}
- if (no_tests($dtls)) {
+ if (no_tests($dtls, $fips)) {
return;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-29 10:41:33 +0000