From ce2cdac2787da32bcde210c7d6acdcbe41b1cd40 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Mon, 4 Jul 2016 20:16:14 +0200 Subject: SSL test framework: port NPN and ALPN tests Reviewed-by: Rich Salz --- test/ssl-tests/08-npn.conf | 362 +++++++++++++++++++++++++++++++++++++++++ test/ssl-tests/08-npn.conf.in | 165 +++++++++++++++++++ test/ssl-tests/09-alpn.conf | 298 +++++++++++++++++++++++++++++++++ test/ssl-tests/09-alpn.conf.in | 136 ++++++++++++++++ 4 files changed, 961 insertions(+) create mode 100644 test/ssl-tests/08-npn.conf create mode 100644 test/ssl-tests/08-npn.conf.in create mode 100644 test/ssl-tests/09-alpn.conf create mode 100644 test/ssl-tests/09-alpn.conf.in (limited to 'test/ssl-tests') diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf new file mode 100644 index 0000000000..a76aa21c1e --- /dev/null +++ b/test/ssl-tests/08-npn.conf @@ -0,0 +1,362 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 12 + +test-0 = 0-npn-simple +test-1 = 1-npn-client-finds-match +test-2 = 2-npn-client-honours-server-pref +test-3 = 3-npn-client-first-pref-on-mismatch +test-4 = 4-npn-no-server-support +test-5 = 5-npn-no-client-support +test-6 = 6-npn-with-sni-no-context-switch +test-7 = 7-npn-with-sni-context-switch +test-8 = 8-npn-selected-sni-server-supports-npn +test-9 = 9-npn-selected-sni-server-does-not-support-npn +test-10 = 10-alpn-preferred-over-npn +test-11 = 11-sni-npn-preferred-over-alpn +# =========================================================== + +[0-npn-simple] +ssl_conf = 0-npn-simple-ssl + +[0-npn-simple-ssl] +server = 0-npn-simple-server +client = 0-npn-simple-client + +[0-npn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-npn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ClientNPNProtocols = foo +ExpectedNPNProtocol = foo +ServerNPNProtocols = foo + + +# =========================================================== + +[1-npn-client-finds-match] +ssl_conf = 1-npn-client-finds-match-ssl + +[1-npn-client-finds-match-ssl] +server = 1-npn-client-finds-match-server +client = 1-npn-client-finds-match-client + +[1-npn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-npn-client-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = bar +ServerNPNProtocols = baz,bar + + +# =========================================================== + +[2-npn-client-honours-server-pref] +ssl_conf = 2-npn-client-honours-server-pref-ssl + +[2-npn-client-honours-server-pref-ssl] +server = 2-npn-client-honours-server-pref-server +client = 2-npn-client-honours-server-pref-client + +[2-npn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-npn-client-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = bar +ServerNPNProtocols = bar,foo + + +# =========================================================== + +[3-npn-client-first-pref-on-mismatch] +ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl + +[3-npn-client-first-pref-on-mismatch-ssl] +server = 3-npn-client-first-pref-on-mismatch-server +client = 3-npn-client-first-pref-on-mismatch-client + +[3-npn-client-first-pref-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-npn-client-first-pref-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = foo +ServerNPNProtocols = baz + + +# =========================================================== + +[4-npn-no-server-support] +ssl_conf = 4-npn-no-server-support-ssl + +[4-npn-no-server-support-ssl] +server = 4-npn-no-server-support-server +client = 4-npn-no-server-support-client + +[4-npn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-npn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ClientNPNProtocols = foo + + +# =========================================================== + +[5-npn-no-client-support] +ssl_conf = 5-npn-no-client-support-ssl + +[5-npn-no-client-support-ssl] +server = 5-npn-no-client-support-server +client = 5-npn-no-client-support-client + +[5-npn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-npn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ServerNPNProtocols = foo + + +# =========================================================== + +[6-npn-with-sni-no-context-switch] +ssl_conf = 6-npn-with-sni-no-context-switch-ssl + +[6-npn-with-sni-no-context-switch-ssl] +server = 6-npn-with-sni-no-context-switch-server +server2 = 6-npn-with-sni-no-context-switch-server2 +client = 6-npn-with-sni-no-context-switch-client + +[6-npn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-npn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = foo +ExpectedServerName = server1 +Server2NPNProtocols = bar +ServerNPNProtocols = foo +ServerName = server1 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[7-npn-with-sni-context-switch] +ssl_conf = 7-npn-with-sni-context-switch-ssl + +[7-npn-with-sni-context-switch-ssl] +server = 7-npn-with-sni-context-switch-server +server2 = 7-npn-with-sni-context-switch-server2 +client = 7-npn-with-sni-context-switch-client + +[7-npn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-npn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +Server2NPNProtocols = bar +ServerNPNProtocols = foo +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[8-npn-selected-sni-server-supports-npn] +ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl + +[8-npn-selected-sni-server-supports-npn-ssl] +server = 8-npn-selected-sni-server-supports-npn-server +server2 = 8-npn-selected-sni-server-supports-npn-server2 +client = 8-npn-selected-sni-server-supports-npn-client + +[8-npn-selected-sni-server-supports-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-npn-selected-sni-server-supports-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ClientNPNProtocols = foo,bar +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +Server2NPNProtocols = bar +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[9-npn-selected-sni-server-does-not-support-npn] +ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl + +[9-npn-selected-sni-server-does-not-support-npn-ssl] +server = 9-npn-selected-sni-server-does-not-support-npn-server +server2 = 9-npn-selected-sni-server-does-not-support-npn-server2 +client = 9-npn-selected-sni-server-does-not-support-npn-client + +[9-npn-selected-sni-server-does-not-support-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-npn-selected-sni-server-does-not-support-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ClientNPNProtocols = foo,bar +ExpectedServerName = server2 +ServerNPNProtocols = foo +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[10-alpn-preferred-over-npn] +ssl_conf = 10-alpn-preferred-over-npn-ssl + +[10-alpn-preferred-over-npn-ssl] +server = 10-alpn-preferred-over-npn-server +client = 10-alpn-preferred-over-npn-client + +[10-alpn-preferred-over-npn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-alpn-preferred-over-npn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] +ClientALPNProtocols = foo +ClientNPNProtocols = bar +ExpectedALPNProtocol = foo +ServerALPNProtocols = foo +ServerNPNProtocols = bar + + +# =========================================================== + +[11-sni-npn-preferred-over-alpn] +ssl_conf = 11-sni-npn-preferred-over-alpn-ssl + +[11-sni-npn-preferred-over-alpn-ssl] +server = 11-sni-npn-preferred-over-alpn-server +server2 = 11-sni-npn-preferred-over-alpn-server2 +client = 11-sni-npn-preferred-over-alpn-client + +[11-sni-npn-preferred-over-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[11-sni-npn-preferred-over-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-11] +ClientALPNProtocols = foo +ClientNPNProtocols = bar +ExpectedNPNProtocol = bar +ExpectedServerName = server2 +Server2NPNProtocols = bar +ServerALPNProtocols = foo +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in new file mode 100644 index 0000000000..9b0dcba999 --- /dev/null +++ b/test/ssl-tests/08-npn.conf.in @@ -0,0 +1,165 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "npn-simple", + server => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo", + "ServerNPNProtocols" => "foo", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-client-finds-match", + server => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "baz,bar", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-honours-server-pref", + server => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "bar,foo", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-client-first-pref-on-mismatch", + server => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "baz", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-no-server-support", + server => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-no-client-support", + server => { }, + client => { }, + test => { + "ServerNPNProtocols" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "npn-with-sni-no-context-switch", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "foo", + "Server2NPNProtocols" => "bar", + "ServerName" => "server1", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server1", + "ExpectedNPNProtocol" => "foo", + }, + }, + { + name => "npn-with-sni-context-switch", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "foo", + "Server2NPNProtocols" => "bar", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-supports-npn", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "Server2NPNProtocols" => "bar", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => "bar", + }, + }, + { + name => "npn-selected-sni-server-does-not-support-npn", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientNPNProtocols" => "foo,bar", + "ServerNPNProtocols" => "foo", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "alpn-preferred-over-npn", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo", + "ClientNPNProtocols" => "bar", + "ServerALPNProtocols" => "foo", + "ServerNPNProtocols" => "bar", + "ExpectedALPNProtocol" => "foo", + "ExpectedNPNProtocol" => undef, + }, + }, + { + name => "sni-npn-preferred-over-alpn", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo", + "ClientNPNProtocols" => "bar", + "ServerALPNProtocols" => "foo", + "Server2NPNProtocols" => "bar", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + "ExpectedNPNProtocol" => "bar", + }, + }, +); diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf new file mode 100644 index 0000000000..73fee872c2 --- /dev/null +++ b/test/ssl-tests/09-alpn.conf @@ -0,0 +1,298 @@ +# Generated with generate_ssl_tests.pl + +num_tests = 10 + +test-0 = 0-alpn-simple +test-1 = 1-alpn-client-finds-match +test-2 = 2-alpn-client-honours-server-pref +test-3 = 3-alpn-alert-on-mismatch +test-4 = 4-alpn-no-server-support +test-5 = 5-alpn-no-client-support +test-6 = 6-alpn-with-sni-no-context-switch +test-7 = 7-alpn-with-sni-context-switch +test-8 = 8-alpn-selected-sni-server-supports-alpn +test-9 = 9-alpn-selected-sni-server-does-not-support-alpn +# =========================================================== + +[0-alpn-simple] +ssl_conf = 0-alpn-simple-ssl + +[0-alpn-simple-ssl] +server = 0-alpn-simple-server +client = 0-alpn-simple-client + +[0-alpn-simple-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[0-alpn-simple-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-0] +ClientALPNProtocols = foo +ExpectedALPNProtocol = foo +ServerALPNProtocols = foo + + +# =========================================================== + +[1-alpn-client-finds-match] +ssl_conf = 1-alpn-client-finds-match-ssl + +[1-alpn-client-finds-match-ssl] +server = 1-alpn-client-finds-match-server +client = 1-alpn-client-finds-match-client + +[1-alpn-client-finds-match-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[1-alpn-client-finds-match-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-1] +ClientALPNProtocols = foo,bar +ExpectedALPNProtocol = bar +ServerALPNProtocols = baz,bar + + +# =========================================================== + +[2-alpn-client-honours-server-pref] +ssl_conf = 2-alpn-client-honours-server-pref-ssl + +[2-alpn-client-honours-server-pref-ssl] +server = 2-alpn-client-honours-server-pref-server +client = 2-alpn-client-honours-server-pref-client + +[2-alpn-client-honours-server-pref-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-alpn-client-honours-server-pref-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ClientALPNProtocols = foo,bar +ExpectedALPNProtocol = bar +ServerALPNProtocols = bar,foo + + +# =========================================================== + +[3-alpn-alert-on-mismatch] +ssl_conf = 3-alpn-alert-on-mismatch-ssl + +[3-alpn-alert-on-mismatch-ssl] +server = 3-alpn-alert-on-mismatch-server +client = 3-alpn-alert-on-mismatch-client + +[3-alpn-alert-on-mismatch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-alpn-alert-on-mismatch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ClientALPNProtocols = foo,bar +ExpectedResult = ServerFail +ServerALPNProtocols = baz +ServerAlert = NoApplicationProtocol + + +# =========================================================== + +[4-alpn-no-server-support] +ssl_conf = 4-alpn-no-server-support-ssl + +[4-alpn-no-server-support-ssl] +server = 4-alpn-no-server-support-server +client = 4-alpn-no-server-support-client + +[4-alpn-no-server-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-alpn-no-server-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ClientALPNProtocols = foo + + +# =========================================================== + +[5-alpn-no-client-support] +ssl_conf = 5-alpn-no-client-support-ssl + +[5-alpn-no-client-support-ssl] +server = 5-alpn-no-client-support-server +client = 5-alpn-no-client-support-client + +[5-alpn-no-client-support-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-alpn-no-client-support-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ServerALPNProtocols = foo + + +# =========================================================== + +[6-alpn-with-sni-no-context-switch] +ssl_conf = 6-alpn-with-sni-no-context-switch-ssl + +[6-alpn-with-sni-no-context-switch-ssl] +server = 6-alpn-with-sni-no-context-switch-server +server2 = 6-alpn-with-sni-no-context-switch-server2 +client = 6-alpn-with-sni-no-context-switch-client + +[6-alpn-with-sni-no-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-alpn-with-sni-no-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ClientALPNProtocols = foo,bar +ExpectedALPNProtocol = foo +ExpectedServerName = server1 +Server2ALPNProtocols = bar +ServerALPNProtocols = foo +ServerName = server1 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[7-alpn-with-sni-context-switch] +ssl_conf = 7-alpn-with-sni-context-switch-ssl + +[7-alpn-with-sni-context-switch-ssl] +server = 7-alpn-with-sni-context-switch-server +server2 = 7-alpn-with-sni-context-switch-server2 +client = 7-alpn-with-sni-context-switch-client + +[7-alpn-with-sni-context-switch-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-alpn-with-sni-context-switch-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ClientALPNProtocols = foo,bar +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +Server2ALPNProtocols = bar +ServerALPNProtocols = foo +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[8-alpn-selected-sni-server-supports-alpn] +ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl + +[8-alpn-selected-sni-server-supports-alpn-ssl] +server = 8-alpn-selected-sni-server-supports-alpn-server +server2 = 8-alpn-selected-sni-server-supports-alpn-server2 +client = 8-alpn-selected-sni-server-supports-alpn-client + +[8-alpn-selected-sni-server-supports-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-alpn-selected-sni-server-supports-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-8] +ClientALPNProtocols = foo,bar +ExpectedALPNProtocol = bar +ExpectedServerName = server2 +Server2ALPNProtocols = bar +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + +# =========================================================== + +[9-alpn-selected-sni-server-does-not-support-alpn] +ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl + +[9-alpn-selected-sni-server-does-not-support-alpn-ssl] +server = 9-alpn-selected-sni-server-does-not-support-alpn-server +server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2 +client = 9-alpn-selected-sni-server-does-not-support-alpn-client + +[9-alpn-selected-sni-server-does-not-support-alpn-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-server2] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-alpn-selected-sni-server-does-not-support-alpn-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-9] +ClientALPNProtocols = foo,bar +ExpectedServerName = server2 +ServerALPNProtocols = foo +ServerName = server2 +ServerNameCallback = IgnoreMismatch + + diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in new file mode 100644 index 0000000000..2a7b1f97c2 --- /dev/null +++ b/test/ssl-tests/09-alpn.conf.in @@ -0,0 +1,136 @@ +# -*- mode: perl; -*- +# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +## Test version negotiation + +use strict; +use warnings; + +package ssltests; + + +our @tests = ( + { + name => "alpn-simple", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo", + "ServerALPNProtocols" => "foo", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-client-finds-match", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "baz,bar", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-client-honours-server-pref", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "bar,foo", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-alert-on-mismatch", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "baz", + "ExpectedResult" => "ServerFail", + "ServerAlert" => "NoApplicationProtocol", + }, + }, + { + name => "alpn-no-server-support", + server => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-no-client-support", + server => { }, + client => { }, + test => { + "ServerALPNProtocols" => "foo", + "ExpectedALPNProtocol" => undef, + }, + }, + { + name => "alpn-with-sni-no-context-switch", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "foo", + "Server2ALPNProtocols" => "bar", + "ServerName" => "server1", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server1", + "ExpectedALPNProtocol" => "foo", + }, + }, + { + name => "alpn-with-sni-context-switch", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "foo", + "Server2ALPNProtocols" => "bar", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-supports-alpn", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "Server2ALPNProtocols" => "bar", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => "bar", + }, + }, + { + name => "alpn-selected-sni-server-does-not-support-alpn", + server => { }, + server2 => { }, + client => { }, + test => { + "ClientALPNProtocols" => "foo,bar", + "ServerALPNProtocols" => "foo", + "ServerName" => "server2", + "ServerNameCallback" => "IgnoreMismatch", + "ExpectedServerName" => "server2", + "ExpectedALPNProtocol" => undef, + }, + }, +); -- cgit v1.2.3